fix(csv-mapper): roles are not being assigned to Threat Actor (#10944)

[CelineSebe]

Proposed changes

• Pycti fix for resolving open vocabularies: selecting the correct category based on entity type, with case-insensitive comparison

Related issues

• resolves fix(csv-mapper): roles are not being assigned to Threat Actor #10944

How to test this PR

Checklist

• I consider the submitted work as finished
• I tested the code for its functionality
• I wrote test cases for the relevant use cases (coverage and e2e)
• I added/updated the relevant documentation (either on GitHub or on Notion)
• Where necessary, I refactored code to improve the overall quality

Further comments

[Filigran-Automation]

🤖 [AI-generated]

Hey @CelineSebe! 👋 Thanks a lot for opening PR #16748 — really appreciate you tackling the Threat Actor roles assignment in the CSV mapper! 🙏

I just had a quick look and I think the description could be enhanced a little to help reviewers get through it faster. I haven't changed anything in your description — just a gentle, optional suggestion:

Area	What could help	Suggestion
### Proposed changes	Currently just empty bullets (*)	Briefly describe what was wrong (roles not assigned to Threat Actor) and what your change does across the touched files (opencti_vocabulary.py, opencti_stix2.py)
### How to test this PR	Section is empty	Add a short repro/verification step so a reviewer can confirm roles now land correctly on a Threat Actor (e.g. the new test case in test_opencti_stix2.py)
### Related issues	* closes has no number	Complete it as * closes #10944 to keep the linked issue explicit in the body

💡 If helpful, the contribution conventions / PR template walk through what to include.

No rush at all — thanks again for contributing to OpenCTI! 🚀

[codecov]

Codecov Report

❌ Patch coverage is 57.14286% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 24.09%. Comparing base (4e88982) to head (ae44075).
⚠️ Report is 37 commits behind head on master.

Files with missing lines	Patch %	Lines
client-python/pycti/entities/opencti_vocabulary.py	0.00%	5 Missing ⚠️
client-python/pycti/utils/opencti_stix2.py	88.88%	1 Missing ⚠️

❌ Your patch check has failed because the patch coverage (57.14%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #16748      +/-   ##
==========================================
+ Coverage   23.99%   24.09%   +0.10%     
==========================================
  Files        3268     3271       +3     
  Lines      173116   174449    +1333     
  Branches    42909    43702     +793     
==========================================
+ Hits        41541    42038     +497     
- Misses     131575   132411     +836     

Flag	Coverage Δ
opencti-client-python	46.38% <57.14%> (+0.07%)	⬆️
opencti-front	5.59% <ø> (+0.06%)	⬆️
opencti-graphql	66.73% <ø> (+0.15%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR fixes a PyCTI open-vocabulary resolution issue that prevented roles from being assigned for Threat Actors during STIX2 ingestion (e.g., via CSV Mapper), by selecting the correct vocabulary category based on the object’s entity type (case-insensitive).

Changes:

• Extend the vocabularyCategories query to include entity_types and field multiple, and filter vocabulary resolution by the current object entity type.
• Include category/entity_types metadata in cached vocabulary field definitions so resolution is deterministic when the same field key exists across multiple entity types (e.g., roles).
• Add unit tests covering correct category selection and case-insensitive entity type matching.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
client-python/pycti/utils/opencti_stix2.py	Resolves open vocabularies by matching the STIX object’s entity type to the vocabulary category’s entity_types (case-insensitive).
client-python/pycti/entities/opencti_vocabulary.py	Updates vocabulary cache keying to include category (avoids cross-category collisions).
client-python/tests/01-unit/utils/test_opencti_stix2.py	Adds unit tests ensuring open vocab roles resolve to the correct category and handle lowercase entity types.