v9.0.9 (CactuseSecurity#4329)

* add table and fks

* introducing flag for reason of mapping

* first deletion wave (DB)

* db: rule_owner update, import_control rework

* install problems test

* install bug test

* test

* test

* test

* test

* test

* add metadata and smal fixes

* rule_to_owner removed

* update version

* update version

* update: graphqls - rule and any_changesfound to changes_found and policy_changes_found

* Fix failed-test caused by removed field

* fix: failed import test(2) - update name in python for rule_changes_found and any_changes_found to changes_found and policy_changes_found

* fix: failed import test(3)

* fix: swapped names

* fix: swapped names(2)

* ruff fixes + rename graphQl mutation

* upgrade script

* feat(import):
- implement base structure for rule_owner imports
- add foundation for custom field imports

* feat(import):
- implement base structure for rule_owner imports
- add foundation for custom field imports

* merge dev into rule_owner relations

* fix test

* fix test

* fix test

* fix test/ sonar

* fix test

* fix test

* fix test

* fix test / format

* fix test / format

* small changes

* small fix

* Fix minor issues and apply same logic for Owner import on Reinitialize button

* add default recert active value

* consolidate alert handling

* create changelog_owner without permissions - first update from develop

* permissions: owner_responsibles permissions deletion investigated; duplication found
permissions: update changelog_owner

* warn if no recertifiable owners exist

* acknowledge all open alerts + iconify monitoring

* fixes after merge

* fixes

* enhance usability of edit policy, small fix replace_metadata

* merge dev to rule2owner

* update ruleOwner

* add owner filtering by one column

* some unit tests for last PR

* remove default language update in wrong sources

* add owner_lifecycle_state

* rollout removed app servers

* adding composite id field

* add truncation

* some unit tests

* adding deriving recert period from criticality

* feat: fill changelog_owner table while import owner

* update: permissions for changelog_owner table and import_control

* responsibles normalization

* update: track time_objects - add foreignkeys for changelog_owner

* sonar fixes

* fix: small mistake in fks and reduce complexity in ImportApps method

* sonar complexity

* sonar fix 3

* fix: move script updates from 9.0.5 to 9.0.7

* Fix: missing save for 9.0.5

* fix: small inconsistency in FK constraints

* upgrade file

* add missing foreign key in upgrade file

* drop all remaining import related DB elements

* fix upgrade

* remove comment

* API endpoint to filter rules by filters (CactuseSecurity#4304)

* AdoITRequest POC done

* IpAddressFeature

* KFW upload rdy

* United both endpoints

* Reenable authorization

* fix most code style concerns

* Update query to exclude removed rules

* Update loop from typo

* Set redundant nullability checks

* Additional null checks

* Fix graphql error

* update range loop error

* Fix typo

---------

Co-authored-by: Tim Purschke <tmp@cactus.de>

* feat: trigger rule-owner mapping after owner import (custom field based) (CactuseSecurity#4318)

* feat: owner import - rule_owner_mapping - custom_field

* fix: small graphql call mistakes

* add: global const for chars

* Enhance Modelling Monitoring (CactuseSecurity#4321)

* monitor modelling object usage + remove orphans

* remove overwritten services + service groups

* fix navbar loss

* fix simulated user config

* Submodules: Updated documentation + Automated submodule update (CactuseSecurity#4313)

* Submodules: Updated documentation + Automated submodule update

* pin actions to fixed commit

* updated git documentation

---------

Co-authored-by: Tim Purschke <tmp@cactus.de>

* renaming test install action (CactuseSecurity#4322)

* Disable submodule update workflow (CactuseSecurity#4323)

* Submodules: Updated documentation + Automated submodule update

* pin actions to fixed commit

* updated git documentation

* disable submodule update workflow

---------

Co-authored-by: Tim Purschke <tmp@cactus.de>

* Develop submodule docs (CactuseSecurity#4325)

* renaming test install action

* updatde submodule git docs

* feat: Pre-Commit Hook C# Formatter (CactuseSecurity#4206)

* feat: change settings

* fix: pre commit hook only for .cs files

* fix: spaces

* feat: pre-commit hook

* feat: added pyright to commit hook

* fix: make path relative

* feat: path absolut

* fix: fully commit to .githooks structure

* feat: implemented the suggestions

---------

Co-authored-by: Tim Purschke <tmp@cactus.de>
Co-authored-by: NilsPur <48684538+NilsPur@users.noreply.github.com>

* fix dotnet10 install in ubuntu 22.04 (CactuseSecurity#4324)

* wip

* fix py 3.10 compat

* ruff fix

* fix pyright

* cleanup

* revert

* cleanup import_mgm

* update sbom

* satisfy pyright

* fix ruff

* ruff format

* removing outdated docs

* main back to develop (CactuseSecurity#4330)

* sbom update 8.8.8

* renaming test install action

* updatde submodule git docs

---------

Co-authored-by: cd <cd@cactus.de>
Co-authored-by: abarz722 <achim.barz@gmx.de>
Co-authored-by: abarz722 <61355649+abarz722@users.noreply.github.com>
Co-authored-by: Elias Kolbenschlag <ekolbenschlag@online.de>
Co-authored-by: NilsPur <48684538+NilsPur@users.noreply.github.com>
Co-authored-by: ErikPre <60036402+ErikPre@users.noreply.github.com>

Author: 6 people

.githooks/pre-commit

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ -d ".venv/Scripts" ]; then
+    VENV_BIN=".venv/Scripts/"
+elif [ -d ".venv/bin" ]; then
+    VENV_BIN=".venv/bin/"
+else
+    VENV_BIN=""
+fi
+
+RUFF_PATH=$VENV_BIN"ruff"
+PYRIGHT_PATH=$VENV_BIN"pyright"
+
+# Assure ruff, pyright and dotnet are available -> otherwise inform user about it
+UNAVAILABLE_DEPENDENCIES=false
+for cmd in "$RUFF_PATH" "$PYRIGHT_PATH" "dotnet"; do
+    command -v "$cmd" >/dev/null 2>&1 || 
+    { 
+     echo "Error: '$cmd' not found. Please install it or activate your environment.";
+     UNAVAILABLE_DEPENDENCIES=true;
+    }
+done
+
+if $UNAVAILABLE_DEPENDENCIES; then
+    exit 1;
+fi
+
+# Checks
+$RUFF_PATH check --fix
+$RUFF_PATH format
+
+$PYRIGHT_PATH
+
+dotnet format roles

…elop-to-importer-rework.yml.yml.disabled …-develop-to-importer-rework.yml.disabled.github/workflows/auto-sync-develop-to-importer-rework.yml.yml.disabled renamed to .github/workflows/auto-sync-develop-to-importer-rework.yml.disabled .github/workflows/auto-sync-develop-to-importer-rework.yml.yml.disabled renamed to .github/workflows/auto-sync-develop-to-importer-rework.yml.disabled

@@ -1,4 +1,4 @@
-name: Checks
+name: FWO Test Install
 
 on:
   push:

.github/workflows/test-install.yml

@@ -0,0 +1,71 @@
+name: Update agents submodule pointer
+
+on:
+  schedule:
+    - cron: "*/5 * * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: update-agents-submodule-pointer
+  cancel-in-progress: true
+
+jobs:
+  update-submodule:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98
+        with:
+          fetch-depth: 0 # get full repo history
+          submodules: recursive
+          token: ${{ secrets.SUBMODULE_READ_TOKEN }} # read-only token for submodules / main repo
+          persist-credentials: true
+
+      - name: Advance agents submodule to configured upstream branch
+        id: submodule
+        run: |
+          set -euo pipefail
+
+          before_sha="$(git ls-tree HEAD agents | awk '{print $3}')"
+          source_branch="$(git config -f .gitmodules --get submodule.agents.branch)"
+          source_url="$(git config -f .gitmodules --get submodule.agents.url)"
+
+          git -C agents fetch origin "$source_branch" --quiet
+          git -C agents checkout --quiet --detach "origin/$source_branch"
+          after_sha="$(git -C agents rev-parse HEAD)"
+
+          echo "before_sha=$before_sha" >> "$GITHUB_OUTPUT"
+          echo "after_sha=$after_sha" >> "$GITHUB_OUTPUT"
+          echo "source_branch=$source_branch" >> "$GITHUB_OUTPUT"
+          echo "source_url=$source_url" >> "$GITHUB_OUTPUT"
+
+          if [ "$before_sha" = "$after_sha" ]; then
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          git add agents
+          echo "changed=true" >> "$GITHUB_OUTPUT"
+
+      - name: Create or update pull request
+        if: steps.submodule.outputs.changed == 'true'
+        uses: peter-evans/create-pull-request@3f3b473b8c148f5a7520efb4d1f9a70eea3d9d1f
+        with:
+          base: develop # target
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: bot/update-agents-submodule # source
+          delete-branch: true # delete branch after merge
+          commit-message: "Chore(submodule): Update agents to ${{ steps.submodule.outputs.after_sha }}"
+          title: "Chore(submodule): Update agents to ${{ steps.submodule.outputs.after_sha }}"
+          body: |
+            Automated submodule pointer update for `agents`.
+
+            - Previous pointer: `${{ steps.submodule.outputs.before_sha }}`
+            - New pointer: `${{ steps.submodule.outputs.after_sha }}`
+            - Source repository: `${{ steps.submodule.outputs.source_url }}`
+            - Source branch: `${{ steps.submodule.outputs.source_branch }}`