From 47c9d0549ff7a0d4ecebc6cc9b732c0feb661898 Mon Sep 17 00:00:00 2001
From: Jeremy Cloarec <jeremy.cloarec@filigran.io>
Date: Wed, 8 Jan 2025 14:51:18 +0100
Subject: [PATCH 1/3] [client] field patch WIP

---
 pycti/utils/opencti_stix2.py | 37 ++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
index 07235ac71..7039a5d7b 100644
--- a/pycti/utils/opencti_stix2.py
+++ b/pycti/utils/opencti_stix2.py
@@ -2407,6 +2407,41 @@ def export_selected(
 
         return bundle
 
+    def build_patch_input(
+        self,
+        raw_field_patch
+    ):
+        parsed_patch = json.loads(raw_field_patch)
+        full_input = []
+        for key in parsed_patch:
+            value = parsed_patch[key]
+            if len(value['replacedValue']) > 0:
+                replace_input = {'key': key, 'value': value['replacedValue'], 'operation': 'replace'}
+                full_input.append(replace_input)
+            else:
+                if len(value['addedValue']) > 0:
+                    add_input = {'key': key, 'value': value['addedValue'], 'operation': 'add'}
+                    full_input.append(add_input)
+                if len(value['removedValue']) > 0:
+                    add_input = {'key': key, 'value': value['removedValue'], 'operation': 'remove'}
+                    full_input.append(add_input)
+
+        return full_input
+
+    def apply_patch(
+        self,
+        item
+    ):
+        input = self.build_patch_input(item["opencti_field_patch"])
+        if item["type"] == "relationship":
+            self.opencti.stix_core_relationship.update_field(id=item["id"], input=input)
+        elif item["type"] == "sighting":
+            self.opencti.stix_sighting_relationship.update_field(id=item["id"], input=input)
+        elif StixCyberObservableTypes.has_value(item["type"]):
+            self.opencti.stix_cyber_observable.update_field(id=item["id"], input=input)
+        else:
+            self.opencti.stix_domain_object.update_field(id=item["id"], input=input)
+
     def import_item(
         self,
         item,
@@ -2426,6 +2461,8 @@ def import_item(
                     target_id = item["merge_target_id"]
                     source_ids = item["merge_source_ids"]
                     self.opencti.stix.merge(id=target_id, object_ids=source_ids)
+                elif item["opencti_operation"] == "patch":
+                    self.apply_patch(item=item)
                 else:
                     raise ValueError("Not supported opencti_operation")
             elif item["type"] == "relationship":

From bf315135fde0b1f979d7e46ec0a828f05e4122ac Mon Sep 17 00:00:00 2001
From: Jeremy Cloarec <jeremy.cloarec@filigran.io>
Date: Thu, 9 Jan 2025 10:14:56 +0100
Subject: [PATCH 2/3] [client] handle field patch operation

---
 pycti/utils/opencti_stix2.py | 32 +++++++-------------------------
 1 file changed, 7 insertions(+), 25 deletions(-)

diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
index 7039a5d7b..8e1caacd8 100644
--- a/pycti/utils/opencti_stix2.py
+++ b/pycti/utils/opencti_stix2.py
@@ -2407,36 +2407,18 @@ def export_selected(
 
         return bundle
 
-    def build_patch_input(
-        self,
-        raw_field_patch
-    ):
+    def get_patch_input(self, raw_field_patch):
         parsed_patch = json.loads(raw_field_patch)
-        full_input = []
-        for key in parsed_patch:
-            value = parsed_patch[key]
-            if len(value['replacedValue']) > 0:
-                replace_input = {'key': key, 'value': value['replacedValue'], 'operation': 'replace'}
-                full_input.append(replace_input)
-            else:
-                if len(value['addedValue']) > 0:
-                    add_input = {'key': key, 'value': value['addedValue'], 'operation': 'add'}
-                    full_input.append(add_input)
-                if len(value['removedValue']) > 0:
-                    add_input = {'key': key, 'value': value['removedValue'], 'operation': 'remove'}
-                    full_input.append(add_input)
-
-        return full_input
+        return parsed_patch
 
-    def apply_patch(
-        self,
-        item
-    ):
-        input = self.build_patch_input(item["opencti_field_patch"])
+    def apply_patch(self, item):
+        input = self.get_patch_input(item["opencti_field_patch"])
         if item["type"] == "relationship":
             self.opencti.stix_core_relationship.update_field(id=item["id"], input=input)
         elif item["type"] == "sighting":
-            self.opencti.stix_sighting_relationship.update_field(id=item["id"], input=input)
+            self.opencti.stix_sighting_relationship.update_field(
+                id=item["id"], input=input
+            )
         elif StixCyberObservableTypes.has_value(item["type"]):
             self.opencti.stix_cyber_observable.update_field(id=item["id"], input=input)
         else:

From 1d4eecde923b98864c520bb5d72de7b00ee6e26b Mon Sep 17 00:00:00 2001
From: Jeremy Cloarec <jeremy.cloarec@filigran.io>
Date: Thu, 9 Jan 2025 16:27:26 +0100
Subject: [PATCH 3/3] [client] handle patch operation

---
 pycti/utils/opencti_stix2.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
index 8e1caacd8..252a6eb4c 100644
--- a/pycti/utils/opencti_stix2.py
+++ b/pycti/utils/opencti_stix2.py
@@ -2407,12 +2407,8 @@ def export_selected(
 
         return bundle
 
-    def get_patch_input(self, raw_field_patch):
-        parsed_patch = json.loads(raw_field_patch)
-        return parsed_patch
-
     def apply_patch(self, item):
-        input = self.get_patch_input(item["opencti_field_patch"])
+        input = item["opencti_field_patch"]
         if item["type"] == "relationship":
             self.opencti.stix_core_relationship.update_field(id=item["id"], input=input)
         elif item["type"] == "sighting":