Support "content_ref" for StixFile to Artifact (obs_content ?) relation

[ckane]

Description

Uncertain if this is a limitation in client-python or in opencti, however I encounter it when trying to use a connector. Trying to import a StixFile and Artifact and want to use the STIX 2.1 content_ref field to store the STIX id of the uploaded Artifact, per https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_99bl2dibcztv.

When the upload for the STIX File is attempted (and the Artifact already does exist at this point in OpenCTI), the following error is displayed in the connector log:

{
 'name': 'FunctionalError',
 'message': 'The relationship type obs_content is not allowed between StixFile and Artifact'
}

The following is an example bundle that's displayed as the culprit:

{
 "type": "bundle", "id": "bundle--60253cd4-7a53-4439-b09d-8a49b8e941c3",
 "spec_version": "2.1",
 "x_opencti_seq": 2,
 "objects": [
  {"type": "file", "spec_version": "2.1",
   "id": "file--25385ffb-7bee-5a0c-b1f8-48515e825f07",
   "hashes": {
    "MD5": "cb27d5dbd1436fc6c1437796f382fbc9",
    "SHA-1": "bea963277b02e7ef1a2cd416941368ef2bab222c",
    "SHA-256": "4c271ef3bc86883ef9bd6623acd58096995700b87b0fe85642631a126d478417",
    "SSDEEP": "3145728:rZ5328HmwbvbhYrjzEtTPhsvOdtj8rwoZohd+:ra6bmrj4QOnQ"
   },
   "size": 110218280, "name": "NavigationUpdaterInstaller.exe",
   "mime_type": "application/x-dosexec",
   "content_ref": "artifact--bf260558-4f2d-5de2-8f9f-7b2e93eb2f27",
   "object_marking_refs": ["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],
   "created_by_ref": "identity--357fe322-3803-5f92-80d5-5da802b8b7d6",
   "description": "Navigation Update Installer",
   "labels": ["phasmo"], "x_opencti_score": 75, "nb_deps": 2
  }
 ]
}

If I use the STIX File contains_refs field instead, with the same Artifact id, the nested relationship is formed correctly in every case I've tested so far.

For an example derived from above, the following bundle doesn't cause the error, and the observables get related:

{
 "type": "bundle", "id": "bundle--60253cd4-7a53-4439-b09d-8a49b8e941c3",
 "spec_version": "2.1",
 "x_opencti_seq": 2,
 "objects": [
  {"type": "file", "spec_version": "2.1",
   "id": "file--25385ffb-7bee-5a0c-b1f8-48515e825f07",
   "hashes": {
    "MD5": "cb27d5dbd1436fc6c1437796f382fbc9",
    "SHA-1": "bea963277b02e7ef1a2cd416941368ef2bab222c",
    "SHA-256": "4c271ef3bc86883ef9bd6623acd58096995700b87b0fe85642631a126d478417",
    "SSDEEP": "3145728:rZ5328HmwbvbhYrjzEtTPhsvOdtj8rwoZohd+:ra6bmrj4QOnQ"
   },
   "size": 110218280, "name": "NavigationUpdaterInstaller.exe",
   "mime_type": "application/x-dosexec",
   "contains_refs": ["artifact--bf260558-4f2d-5de2-8f9f-7b2e93eb2f27"],
   "object_marking_refs": ["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"],
   "created_by_ref": "identity--357fe322-3803-5f92-80d5-5da802b8b7d6",
   "description": "Navigation Update Installer",
   "labels": ["phasmo"], "x_opencti_score": 75, "nb_deps": 2
  }
 ]
}

Reproducible Steps

See description above, not easily reproducible via UI. See the following commit for an explanation of what's missing and the workaround I'm using instead:

• ckane/connectors@0695efd

Expected Output

When the STIX File is uploaded, it will be linked to the Artifact object that I referenced somehow. My preference would be a link being present on the main Details section of the Observable's overview. It should also still show up as a nested relationship in the Knowledge section, but with some UI marker highlighting it as the "File contents" relationship. The "contains_refs" relationships should continue to only show up on the Knowledge page, as today.

Actual Output

Error with no relationship being created at all:

{
 'name': 'FunctionalError',
 'message': 'The relationship type obs_content is not allowed between StixFile and Artifact'
}