Update software service type for revoke functionality

[adpare]

Update software service type so revoke works as expected for malware and tool. Related to PR on the front end.

[codecov]

Codecov Report

❌ Patch coverage is 25.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.85%. Comparing base (7df4fe3) to head (8907a86).

Files with missing lines	Patch %	Lines
app/services/meta-classes/base.service.js	0.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             next     #469      +/-   ##
==========================================
- Coverage   68.85%   68.85%   -0.01%     
==========================================
  Files         218      218              
  Lines       30061    30062       +1     
  Branches     2585     2586       +1     
==========================================
  Hits        20700    20700              
- Misses       9322     9323       +1     
  Partials       39       39              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[seansica]

This change is not actually doing anything in effect because of a special override that is in place for the SoftwareService to handle this very issue. In software-service.js, we override the create method then call the inherited BaseService.create after dynamically setting this.type:

  /**
   * Override create to handle type validation for multiple types (malware and tool).
   * SoftwareService handles both 'malware' and 'tool' types, so we need custom validation.
   * We temporarily set this.type to match the incoming data type so BaseService validation passes.
   */
  async create(data, options) {
    // Validate that the type is either malware or tool
    if (data?.stix?.type !== MalwareType && data?.stix?.type !== ToolType) {
      const { InvalidTypeError } = require('../../exceptions');
      throw new InvalidTypeError();
    }

    // Temporarily set this.type to the incoming type for BaseService validation
    const originalType = this.type;
    this.type = data.stix.type;

    try {
      // Call parent create which will trigger beforeCreate hook
      return await super.create(data, options);
    } finally {
      // Restore original type
      this.type = originalType;
    }
  }

This ensures that this.type is set correctly when BaseService.create actually executes — this is what you'd see if you post a malware under the debugger:

If we set the instance variable type to "software" then POST operations would immediately result in exception InvalidTypeError. The reason the tests are passing is because the override in software-service.js is overwriting "software" back to "malware" or "tool" in a JIT fashion, thereby masking the issue. I thus don't think we actually need this PR.