In working to fix this we found that the spec was ambiguous: https://github.com/oasis-tcs/cti-stix2/issues/214. However, since consensus in the CTI TC hasn't been reached on this for STIX 2.1, we're interpreting the restriction on multiple qualifiers to only apply to qualifiers applied directly to an observation expression. This means the restriction can be bypassed by adding parentheses, but I think it's better in this case to allow patterns that should be valid than to prevent users from doing something nonsensical. Hopefully the situation will improve with STIX 2.2.
In working to fix this we found that the spec was ambiguous: https://github.com/oasis-tcs/cti-stix2/issues/214. However, since consensus in the CTI TC hasn't been reached on this for STIX 2.1, we're interpreting the restriction on multiple qualifiers to only apply to qualifiers applied directly to an observation expression. This means the restriction can be bypassed by adding parentheses, but I think it's better in this case to allow patterns that should be valid than to prevent users from doing something nonsensical. Hopefully the situation will improve with STIX 2.2.
Fixes #66.