Skip to content

Fix code review issues in Nmap, sqlmap, and dependencies#14

Merged
cyberviser merged 10 commits intocyberviser:mainfrom
0ai-Cyberviser:main
Apr 5, 2026
Merged

Fix code review issues in Nmap, sqlmap, and dependencies#14
cyberviser merged 10 commits intocyberviser:mainfrom
0ai-Cyberviser:main

Conversation

@0ai-Cyberviser
Copy link
Copy Markdown
Contributor

@0ai-Cyberviser 0ai-Cyberviser commented Apr 5, 2026

This pull request introduces several improvements and fixes across the codebase, focusing on more robust error handling, improved logging practices, and better testability. Key changes include enhanced logging and error handling in the nmap_recon.py and sqlmap_exploit.py collectors, more resilient API endpoint input parsing and metrics tracking in hancock_agent.py, and improved mocking for API fuzzing tests. Additionally, a minor configuration enhancement is made to the Kubernetes service manifest.

Collectors: Logging and Error Handling Improvements

  • Replaced direct use of the root logger with a module-specific logger in nmap_recon.py, improved logging messages, and replaced sys.exit(1) with raising RuntimeError for better error propagation and testability. [1] [2] [3]
  • In sqlmap_exploit.py, added a timeout mechanism (10 minutes) for polling task status, preventing infinite loops if the SQLMap API hangs, and improved error reporting on timeout. [1] [2] [3]

API Endpoints: Input Parsing and Metrics

  • In hancock_agent.py, refactored OSINT endpoint handlers to:
    • Use more readable, multi-line metrics increment and error handling.
    • Parse JSON input with silent=True and default to empty dict, making endpoints more robust to malformed or missing input.
    • Ensure consistent error responses and correct HTTP status codes. [1] [2] [3] [4]

Testing and Fuzzing

  • Updated the API fuzzing client in fuzz_api_inputs.py to use a mock client and model, allowing request parsing tests without requiring a real LLM backend.

Configuration

  • Enhanced the Kubernetes service manifest to explicitly specify the Prometheus scrape path with the prometheus.io/path annotation.## Description

Type of Change

  • 🐛 Bug fix
  • ✨ New feature
  • 📝 Documentation update
  • 🤖 Training data addition
  • 🔧 Refactor / cleanup

Related Issue

Closes #

Changes Made

Testing

  • Tested CLI mode
  • Tested API server (/v1/chat, /v1/triage, etc.)
  • Verified no secrets in committed files

Checklist

  • My code follows the existing style
  • I have NOT committed .env or any API keys
  • All training data is from public, legally sourced knowledge bases
  • The agent's ethical guardrails remain intact

Copilot AI and others added 3 commits April 5, 2026 04:07
@0ai-Cyberviser
Fix code review issues: nmap sys.exit, sqlmap tight loops, fuzz app r…
22a3902 
…ef, semicolons, get_json silent, k8s annotation, deps

Agent-Logs-Url: https://github.com/0ai-Cyberviser/Hancock/sessions/b8a89df3-1eb3-4848-a39e-8c5cad791df8

Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
@0ai-Cyberviser
Use module logger in NmapRecon class; add timeout guards to sqlmap po…
cbf1cf4 
…lling loops

Agent-Logs-Url: https://github.com/0ai-Cyberviser/Hancock/sessions/4d708d66-94e6-42a4-8281-94e3aebd976d

Co-authored-by: 0ai-Cyberviser <266508493+0ai-Cyberviser@users.noreply.github.com>
@0ai-Cyberviser
Merge pull request #34 from 0ai-Cyberviser/copilot/review-test-config…
0387988 
…urations

Fix code review issues: nmap, sqlmap, fuzz target, OSINT endpoints, k8s, deps
Copilot AI review requested due to automatic review settings April 5, 2026 07:08
@0ai-Cyberviser
Merge branch 'main' into main
4b4d670 
Signed-off-by: 0ai <0ai@cyberviserai.com>
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses prior review feedback across collectors and the Flask API by improving error handling/logging, making certain OSINT endpoints more resilient to malformed input, and improving fuzz-test isolation from real LLM backends.

Changes:

  • Added polling timeouts to SQLMap task status checks to prevent infinite waits.
  • Refactored OSINT API endpoints’ metrics/error handling and adjusted JSON parsing behavior.
  • Updated Nmap collector logging/error propagation and added python-nmap dependency; improved fuzz client mocking to avoid real backend calls.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
requirements.txt Adds python-nmap dependency for the Nmap collector.
hancock_agent.py Refactors OSINT endpoints’ metrics/error handling; changes JSON parsing behavior (silent=True).
fuzz/fuzz_api_inputs.py Uses build_app() with a no-op mock client/model to allow fuzzing without real LLM backends.
collectors/sqlmap_exploit.py Adds poll loop sleep + max poll count to avoid infinite waiting; introduces timeout handling.
collectors/nmap_recon.py Switches to module logger and raises exceptions instead of sys.exit(1) for better testability.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@0ai-Cyberviser
Update collectors/sqlmap_exploit.py
b33e7bb 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 0ai <0ai@cyberviserai.com>
Copilot AI review requested due to automatic review settings April 5, 2026 09:03
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

collectors/sqlmap_exploit.py:55

  • In main(), the loop breaks on both terminated and failed, but the code always proceeds to fetch and print results afterward. That means a failed task is treated like a success path. Consider handling the failed status explicitly (e.g., print an error and exit non-zero) before fetching results.
    # Fetch results
    results = api.get_results(task_id)
    print('Results:', results)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@0ai-Cyberviser
Update collectors/sqlmap_exploit.py
b9778bd 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 0ai <0ai@cyberviserai.com>
Copilot AI review requested due to automatic review settings April 5, 2026 09:46
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@0ai-Cyberviser
Update collectors/sqlmap_exploit.py
04fee74 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 0ai <0ai@cyberviserai.com>
Copilot AI review requested due to automatic review settings April 5, 2026 09:59
0ai-Cyberviser and others added 2 commits April 5, 2026 04:59
@0ai-Cyberviser
Update hancock_agent.py
d41f12f 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 0ai <0ai@cyberviserai.com>
@0ai-Cyberviser
Update hancock_agent.py
360b386 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 0ai <0ai@cyberviserai.com>
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@0ai-Cyberviser
Update hancock_agent.py
c49d8d5 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: 0ai <0ai@cyberviserai.com>
Copilot AI review requested due to automatic review settings April 5, 2026 10:03
@cyberviser cyberviser merged commit 3172298 into cyberviser:main Apr 5, 2026
2 checks passed
Copilot AI reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 6 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

cyberviser
cyberviser reviewed Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@cyberviser cyberviser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot

0ai-Cyberviser
0ai-Cyberviser commented Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@0ai-Cyberviser 0ai-Cyberviser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#8

@0ai-Cyberviser 0ai-Cyberviser mentioned this pull request Apr 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cyberviser cyberviser cyberviser approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@0ai-Cyberviser @cyberviser