CactuseSecurity · github-actions · Dec 12, 2025 · Dec 12, 2025 · Dec 12, 2025 · Dec 15, 2025
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1 @@
+repos: []
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -18,5 +18,9 @@
         "scripts/customizing/app_data_import",
         "-p",
         "test_*.py"
-    ]
+    ],
+    "sonarlint.connectedMode.project": {
+        "connectionId": "cactusesecurity",
+        "projectKey": "CactuseSecurity_firewall-orchestrator"
+    }
 }
diff --git a/documentation/installer/install-advanced.md b/documentation/installer/install-advanced.md
@@ -77,30 +77,40 @@ If you use authentication:
 
 Note that the following domains must be reachable through the proxy:
 
-    cactus.de (only for downloading test data, not needed if run with "--skip-tags test")
     ubuntu.com
     canonical.com
     github.com
+    api.github.com
     githubusercontent.com
     docker.com
     cloudflare.docker.com
     docker.io
+    auth.docker.io
     hasura.io
+    releases.hasura.io
     postgresql.org
     microsoft.com     
     nuget.org
+    api.nuget.org
     googlechromelabs.github.io
     storage.googleapis.com
     pypi.org
-    pythonhosted.org (and sub-domains)
+    pythonhosted.org
+    files.pythonhosted.org
     snapcraft.io
+    api.snapcraft.io
     snapcraftcontent.com (and sub-domains)
+    cactus.de (and sub-domains, only for downloading test data, not needed if run with "--skip-tags test")
 
-NB: for vscode-debugging, you also need access to
-
+#### For vscode-debugging only - most are needed for downloading extensions
     visualstudio.com
-
-
+    vsassets.io (and subdomains)
+    digicert.com (and subdomains)
+    dot.net (and subdomains) 
+    windows.net (and subdomains)
+    applicationinsights.azure.com (and subdomains)
+    exp-tas.com (and subdomains)
+
 #### Pyhton proxy config
 
 Remember if your server resides behind a proxy that you will have to set the proxy for pip as follows before installing ansible:

diff --git a/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj b/roles/lib/files/FWO.Api.Client/FWO.Api.Client.csproj
@@ -13,8 +13,8 @@
     <PackageReference Include="GraphQL.Client.Serializer.SystemTextJson" Version="6.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.Components" Version="8.0.22" />
     <PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
-    <PackageReference Include="RestSharp" Version="112.1.0" />
-    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="112.1.0" />
+    <PackageReference Include="RestSharp" Version="113.0.0" />
+    <PackageReference Include="RestSharp.Serializers.NewtonsoftJson" Version="113.0.0" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/roles/lib/files/FWO.Config.File/FWO.Config.File.csproj b/roles/lib/files/FWO.Config.File/FWO.Config.File.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.15.0" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/roles/lib/files/FWO.Mail/FWO.Mail.csproj b/roles/lib/files/FWO.Mail/FWO.Mail.csproj
@@ -10,7 +10,7 @@
     <PackageReference Include="MailKit" Version="4.14.1" />
     <PackageReference Include="MimeKit" Version="4.14.0" />
     <PackageReference Include="Microsoft.AspNetCore.Http" Version="2.3.0" />
-    <PackageReference Include="System.Text.Encodings.Web" Version="9.0.8" />
+    <PackageReference Include="System.Text.Encodings.Web" Version="10.0.1" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/roles/lib/files/FWO.Report/FWO.Report.csproj b/roles/lib/files/FWO.Report/FWO.Report.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
 	  <PackageReference Include="HtmlAgilityPack" Version="1.12.4" />
-	  <PackageReference Include="PuppeteerSharp" Version="20.2.2" />
+	  <PackageReference Include="PuppeteerSharp" Version="20.2.5" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/roles/lib/files/FWO.Services/AppServerHelper.cs b/roles/lib/files/FWO.Services/AppServerHelper.cs
@@ -22,7 +22,7 @@ public static async Task<string> ConstructAppServerNameFromDns(ModellingAppServe
                 {
                     if (logUnresolvable)
                     {
-                        Log.WriteWarning("Import App Server Data", $"Found empty (unresolvable) IP {appServer.Ip}");
+                        Log.WriteDebug("Import App Server Data", $"Found empty (unresolvable) IP {appServer.Ip}");
                     }
                 }
                 else

diff --git a/roles/lib/files/chrome/last-known-good-versions-with-downloads.json b/roles/lib/files/chrome/last-known-good-versions-with-downloads.json
@@ -0,0 +1,19 @@
+{
+  "timestamp": "2024-11-15T00:00:00Z",
+  "channels": {
+    "Stable": {
+      "channel": "Stable",
+      "version": "128.0.6613.137",
+      "revision": "1188749",
+      "downloads": {
+        "chrome": [
+          {
+            "platform": "linux64",
+            "url": "https://storage.googleapis.com/chrome-for-testing-public/128.0.6613.137/linux64/chrome-linux64.zip",
+            "revision": "1188749"
+          }
+        ]
+      }
+    }
+  }
+}
diff --git a/roles/lib/tasks/install_puppeteer.yml b/roles/lib/tasks/install_puppeteer.yml
@@ -85,23 +85,39 @@
   environment: "{{ proxy_env }}"
 
 # get google chrome for pdf generation
-- block:
-      - name: get last known good versions (primary)
-        uri:
-            url: https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json
-            return_content: true
-        register: chrome_versions
-        become: false
-
-  rescue:
-      - name: fallback - get last known good versions (raw.githubusercontent.com)
-        uri:
-            url: https://raw.githubusercontent.com/GoogleChromeLabs/chrome-for-testing/main/data/last-known-good-versions-with-downloads.json
-            return_content: true
-            headers:
-                Accept: application/json
-        register: chrome_versions
-        become: false
+- name: get last known good versions (primary)
+  uri:
+      url: https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json
+      return_content: true
+  register: chrome_versions_primary
+  failed_when: false
+  become: false
+  environment: "{{ proxy_env }}"
+
+- name: get last known good versions (github api raw)
+  uri:
+      url: https://api.github.com/repos/GoogleChromeLabs/chrome-for-testing/contents/data/last-known-good-versions-with-downloads.json?ref=main
+      headers:
+          Accept: application/vnd.github.v3.raw
+      return_content: true
+  register: chrome_versions_github_api
+  failed_when: false
+  become: false
+  environment: "{{ proxy_env }}"
+
+- name: pick chrome metadata source (primary -> github api)
+  set_fact:
+      chrome_versions: >-
+          {{
+            chrome_versions_primary
+            if (chrome_versions_primary.status | default(-1)) == 200 else
+            chrome_versions_github_api
+          }}
+
+- name: fail when no chrome metadata available
+  fail:
+      msg: "Could not fetch Chrome for Testing version metadata via primary URL or GitHub API."
+  when: chrome_versions.status | default(-1) != 200
 
 # Parse once, regardless of Content-Type
 - name: normalize/parse JSON response

diff --git a/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj b/roles/middleware/files/FWO.Middleware.Server/FWO.Middleware.Server.csproj
@@ -10,8 +10,8 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.22" />
     <PackageReference Include="Novell.Directory.Ldap.NETStandard" Version="4.0.0" />
-    <PackageReference Include="PuppeteerSharp" Version="20.2.2" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="8.1.1" />
+    <PackageReference Include="PuppeteerSharp" Version="20.2.5" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.0.1" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/roles/middleware/files/FWO.Middleware.Server/LdapBasic.cs b/roles/middleware/files/FWO.Middleware.Server/LdapBasic.cs
@@ -594,7 +594,7 @@ private static bool IsFullyQualifiedDn(string name)
         /// <returns>true if user added</returns>
         public async Task<bool> AddUserToEntry(string userDn, string entry)
         {
-            Log.WriteInfo("Add User to Entry", $"Trying to add User: \"{userDn}\" to Entry: \"{entry}\"");
+            Log.WriteDebug("Add User to Entry", $"Trying to add User: \"{userDn}\" to Entry: \"{entry}\"");
             return await ModifyUserInEntry(userDn, entry, LdapModification.Add);
         }
 

diff --git a/roles/middleware/files/FWO.Middleware.Server/Program.cs b/roles/middleware/files/FWO.Middleware.Server/Program.cs
@@ -5,7 +5,7 @@
 using FWO.Middleware.Server;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Tokens;
-using Microsoft.OpenApi.Models;
+using Microsoft.OpenApi;
 using System.Reflection;
 
 // Implicitly call static constructor so background lock process is started

diff --git a/roles/middleware/templates/fworch-middleware.service.j2 b/roles/middleware/templates/fworch-middleware.service.j2
@@ -12,6 +12,6 @@ ExecStart={{ middleware_server_start_dir }}/bin/{{ dotnet_mode }}/net{{ dotnet_v
 Restart=on-failure
 SyslogIdentifier={{ middleware_server_syslog_id }}
 User={{ fworch_user }}
-Environment=
+Environment="PYTHONPATH={{ fworch_home }}"
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/tests-unit/files/FWO.Test/FWO.Test.csproj b/roles/tests-unit/files/FWO.Test/FWO.Test.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Razor">
+<Project Sdk="Microsoft.NET.Sdk.Razor">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -8,12 +8,12 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="bunit" Version="1.40.0" />
-    <PackageReference Include="PuppeteerSharp" Version="20.2.2" />
+    <PackageReference Include="bunit" Version="2.2.2" />
+    <PackageReference Include="PuppeteerSharp" Version="20.2.5" />
     <PackageReference Include="NUnit" Version="4.4.0" />
-    <PackageReference Include="NUnit3TestAdapter" Version="5.1.0" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.14.0" />
+    <PackageReference Include="NUnit3TestAdapter" Version="5.2.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.15.0" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/roles/tests-unit/files/FWO.Test/UiRsbLinkTest.cs b/roles/tests-unit/files/FWO.Test/UiRsbLinkTest.cs
@@ -1,4 +1,3 @@
-
 using AngleSharp.Css.Dom;
 using AngleSharp.Dom;
 using Bunit;
@@ -12,13 +11,11 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.JSInterop;
 using NUnit.Framework;
-using System.Text.RegularExpressions;
-using System.Threading.Tasks;
 
 namespace FWO.Test
 {
     [FixtureLifeCycle(LifeCycle.InstancePerTestCase)]
-    public class UiRsbLinkTest : Bunit.TestContext
+    public class UiRsbLinkTest : BunitContext
     {
         static readonly UserConfig userConfig = new SimulatedUserConfig
         {
@@ -41,25 +38,25 @@ public async Task ObjShouldBeVisibleAfterNavigation()
             Services.AddScoped(_ => JSInterop.JSRuntime);
             Services.AddLocalization();
 
-            var objToFind = currentReport.ReportData.ManagementData[0].Objects[1];
-            var hrefValue = ReportDevicesBase.GetReportDevicesLinkAddress(OutputLocation.report, currentReport.ReportData.ManagementData[0].Id, ObjCatString.NwObj, 0, objToFind.Id, currentReport.ReportType);
-            var link = $"https://localhost/{hrefValue}";
+            Data.NetworkObject objToFind = currentReport.ReportData.ManagementData[0].Objects[1];
+            string hrefValue = ReportDevicesBase.GetReportDevicesLinkAddress(OutputLocation.report, currentReport.ReportData.ManagementData[0].Id, ObjCatString.NwObj, 0, objToFind.Id, currentReport.ReportType);
+            string link = $"https://localhost/{hrefValue}";
 
-            var navigationManager = Services.GetRequiredService<FakeNavigationManager>();
+            BunitNavigationManager navigationManager = Services.GetRequiredService<BunitNavigationManager>();
             navigationManager.NavigateTo(link);
 
             // Mock JS interop
             JSInterop.Setup<string>("getCurrentUrl").SetResult(link);
-            var scrollIntoRSBViewInvocation = JSInterop.Setup<bool>("scrollIntoRSBView", _ => true).SetResult(true);
-            var removeUrlFragmentInvocation = JSInterop.SetupVoid("removeUrlFragment");
+            JSRuntimeInvocationHandler<bool> scrollIntoRSBViewInvocation = JSInterop.Setup<bool>("scrollIntoRSBView", _ => true).SetResult(true);
+            JSRuntimeInvocationHandler removeUrlFragmentInvocation = JSInterop.SetupVoid("removeUrlFragment");
 
             // Act
-            var cut = RenderComponent<RightSidebar>(parameters => parameters
+            IRenderedComponent<RightSidebar> cut = Render<RightSidebar>(parameters => parameters
                 .Add(p => p.CurrentReport, currentReport)
                 .Add(p => p.SelectedRules, [currentReport.ReportData.ManagementData[0].Devices[0].Rules![0]]));
 
             // manually trigger 
-            var anchorNavToRSB = cut.FindComponent<AnchorNavToRSB>();
+            IRenderedComponent<AnchorNavToRSB> anchorNavToRSB = cut.FindComponent<AnchorNavToRSB>();
             Task timeout = Task.Delay(2000);
             Task scrollTask = anchorNavToRSB.InvokeAsync(() => anchorNavToRSB.Instance.ScrollToFragment());
             Task completedTask = await Task.WhenAny(scrollTask, timeout);
@@ -69,21 +66,21 @@ public async Task ObjShouldBeVisibleAfterNavigation()
             }
             // Assert
             Assert.That(scrollIntoRSBViewInvocation.Invocations, Is.Not.Empty, "scrollIntoRSBView should have been called");
-            var invocation = scrollIntoRSBViewInvocation.Invocations.First();
-            var parameter = invocation.Arguments[0];
+            JSRuntimeInvocation invocation = scrollIntoRSBViewInvocation.Invocations.First();
+            object? parameter = invocation.Arguments[0];
             Assert.That(parameter, Is.Not.Null, "scrollIntoRSBView was called with a null parameter");
             Assert.That(parameter, Is.InstanceOf<string>(), "scrollIntoRSBView was called with a non-string parameter");
             Assert.That((string)parameter!, Is.Not.Empty, "scrollIntoRSBView was called with an empty string");
-            var element = cut.Find($"#{parameter}");
+            IElement element = cut.Find($"#{parameter}");
             Assert.That(IsElementVisible(element), Is.True, "Element is not visible (might be incorrect tab or collapsed)");
         }
 
         private bool IsElementVisible(IElement? element)
         {
             while (element != null)
             {
-                var computedStyle = element.Owner?.DefaultView?.GetComputedStyle(element);
-                var display = computedStyle?.GetPropertyValue("display");
+                ICssStyleDeclaration? computedStyle = element.Owner?.DefaultView?.GetComputedStyle(element);
+                string? display = computedStyle?.GetPropertyValue("display");
                 if (display == "none")
                 {
                     Log.WriteError("Test UI RSB", $"Element {element.TagName} is not visible");

diff --git a/roles/ui/files/FWO.UI/FWO.Ui.csproj b/roles/ui/files/FWO.UI/FWO.Ui.csproj
@@ -8,7 +8,7 @@
 	<ItemGroup>
 		<PackageReference Include="IPAddressRange" Version="6.3.0" />
 		<PackageReference Include="BlazorTable" Version="1.17.0" />
-		<PackageReference Include="PuppeteerSharp" Version="20.2.2" />
+		<PackageReference Include="PuppeteerSharp" Version="20.2.5" />
 	</ItemGroup>
 
 	<ItemGroup>
-Original file line number
+Diff line change
@@ Expand Up @@
                     {
                         if (logUnresolvable)
                         {
-                            Log.WriteWarning("Import App Server Data", $"Found empty (unresolvable) IP {appServer.Ip}");
+                            Log.WriteDebug("Import App Server Data", $"Found empty (unresolvable) IP {appServer.Ip}");
                         }
                     }
                     else
@@ Expand Down @@