I don't know that it should be an error, but maybe the pattern validator should throw a warning if an observable object is referenced that doesn't actually exist in the spec. E.g., the following is showing as valid:

Input:

from stix2patterns.validator import run_validator

pattern = "[domain:value = 'abc.123']"
errors = run_validator(pattern)

print(errors)

Output:
[]

Thanks, @johnwunder. The pattern validator currently has no knowledge of the STIX or Cyber Observable data model, and it might be best to keep it that way. I believe the cti-stix-validator would flag a warning on that pattern though.

I confirmed that cti-stix-validator will flag this (by using the pattern inspector from this library and knowing the list of observable types), so I'm going to close this issue, but feel free to re-open and discuss if you think it makes sense to have the pattern-validator do this.

cc: @johnwunder @clenk