Ensure the valid_until date on Indicators is set to a greater value than valid_from when empty (compliance with STIX 2.1

[Jipegien]

Use case

From community : I observe that when a “revoked” indicator is published with an empty “valid_until” date, it is modified by OpenCTI to define a “valid_until” date equal to the “valid_from” date according to this code: https://github.com/OpenCTI-Platform/opencti/blob/b1257ec8e4a4e7f185943fbf541ab297a34b4022/opencti-platform/opencti-graphql/src/modules/indicator/indicator-utils.ts#L82 However, according to the STIX 2.1 specification, it seems that the 'valid_until' date MUST be greater than the 'valid_from' property: https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_wfiae74706sw Setting 'valid_until' to the date of 'valid_from' causes compatibility problems with the STIX2 python library, which generates an error such as “Exception: indicator--7a7b3cb1-8e39-57ee-b80d-698fcea8c9f0 ‘valid_until’ must be greater than ‘valid_from’” and prevent to consume TAXII feed with the usage of standard TAXII/STIX python library. https://filigran-community.slack.com/archives/C06CF1N302W/p1714386968202249

[Jipegien]

just ensure that the valid_until date is one second greater than valid_from attribute when empty

[SarahBocognano]

Update: After discussing with the product team, we noticed that there was another issue on this topic. Currently, in the platform, we can set a valid_from equal to valid_until, which is not standard in the STIX format. Therefore, we have decided to add a validation check and an error message to enforce that valid_until must be greater than valid_from to comply with the STIX standard.