Bug: API query throws exception when marking definition is not permitted #696
Description
Description
When querying OpenCTI for tools using the api client, and the user's group is missing permission for the marking defintion Copyright 2015-2023, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation., the api client raises the following exception: ValueError: {'name': 'Cannot return null for non-nullable field Organization.standard_id.', 'error_message': 'Cannot return null for non-nullable field Organization.standard_id.'}.
Environment
- OS (where OpenCTI server runs): Ubuntu Server 22.04 LTS
- OpenCTI version: 6.2.2
- Other environment details: Tools from MITRE have been ingested
Reproducible Steps
Steps to create the smallest reproducible scenario:
- Create an user with membership of a group that does not have the marking definition in allowed marking definitions
- Use pycti to list tools using opencti.tools.list()
- Error is thrown
Expected Output
API result returned
Actual Output
ValueError: {'name': 'Cannot return null for non-nullable field Organization.standard_id.', 'error_message': 'Cannot return null for non-nullable field Organization.standard_id.'}
Additional information
Related discussion:
https://filigran-community.slack.com/archives/C06CF1N302W/p1720428864789609