Fix code review issues in Nmap, sqlmap, and dependencies#14
Fix code review issues in Nmap, sqlmap, and dependencies#14cyberviser merged 10 commits intocyberviser:mainfrom
Conversation
…ef, semicolons, get_json silent, k8s annotation, deps Agent-Logs-Url: https://github.com/0ai-Cyberviser/Hancock/sessions/b8a89df3-1eb3-4848-a39e-8c5cad791df8 Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
…lling loops Agent-Logs-Url: https://github.com/0ai-Cyberviser/Hancock/sessions/4d708d66-94e6-42a4-8281-94e3aebd976d Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
…urations Fix code review issues: nmap, sqlmap, fuzz target, OSINT endpoints, k8s, deps
Signed-off-by: 0ai <0ai@cyberviserai.com>
There was a problem hiding this comment.
Pull request overview
This PR addresses prior review feedback across collectors and the Flask API by improving error handling/logging, making certain OSINT endpoints more resilient to malformed input, and improving fuzz-test isolation from real LLM backends.
Changes:
- Added polling timeouts to SQLMap task status checks to prevent infinite waits.
- Refactored OSINT API endpoints’ metrics/error handling and adjusted JSON parsing behavior.
- Updated Nmap collector logging/error propagation and added
python-nmapdependency; improved fuzz client mocking to avoid real backend calls.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
requirements.txt |
Adds python-nmap dependency for the Nmap collector. |
hancock_agent.py |
Refactors OSINT endpoints’ metrics/error handling; changes JSON parsing behavior (silent=True). |
fuzz/fuzz_api_inputs.py |
Uses build_app() with a no-op mock client/model to allow fuzzing without real LLM backends. |
collectors/sqlmap_exploit.py |
Adds poll loop sleep + max poll count to avoid infinite waiting; introduces timeout handling. |
collectors/nmap_recon.py |
Switches to module logger and raises exceptions instead of sys.exit(1) for better testability. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: 0ai <0ai@cyberviserai.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
collectors/sqlmap_exploit.py:55
- In
main(), the loop breaks on bothterminatedandfailed, but the code always proceeds to fetch and print results afterward. That means a failed task is treated like a success path. Consider handling thefailedstatus explicitly (e.g., print an error and exit non-zero) before fetching results.
# Fetch results
results = api.get_results(task_id)
print('Results:', results)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: 0ai <0ai@cyberviserai.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: 0ai <0ai@cyberviserai.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: 0ai <0ai@cyberviserai.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: 0ai <0ai@cyberviserai.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: 0ai <0ai@cyberviserai.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This pull request introduces several improvements and fixes across the codebase, focusing on more robust error handling, improved logging practices, and better testability. Key changes include enhanced logging and error handling in the
nmap_recon.pyandsqlmap_exploit.pycollectors, more resilient API endpoint input parsing and metrics tracking inhancock_agent.py, and improved mocking for API fuzzing tests. Additionally, a minor configuration enhancement is made to the Kubernetes service manifest.Collectors: Logging and Error Handling Improvements
loggerinnmap_recon.py, improved logging messages, and replacedsys.exit(1)with raisingRuntimeErrorfor better error propagation and testability. [1] [2] [3]sqlmap_exploit.py, added a timeout mechanism (10 minutes) for polling task status, preventing infinite loops if the SQLMap API hangs, and improved error reporting on timeout. [1] [2] [3]API Endpoints: Input Parsing and Metrics
hancock_agent.py, refactored OSINT endpoint handlers to:silent=Trueand default to empty dict, making endpoints more robust to malformed or missing input.Testing and Fuzzing
fuzz_api_inputs.pyto use a mock client and model, allowing request parsing tests without requiring a real LLM backend.Configuration
prometheus.io/pathannotation.## DescriptionType of Change
Related Issue
Closes #
Changes Made
Testing
/v1/chat,/v1/triage, etc.)Checklist
.envor any API keys