Skip to content

Update dependencies and fix changes #757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 15, 2025
+104 −82
Merged

Update dependencies and fix changes #757

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a39ecba
Linting
hahwul Jun 15, 2025
c26330e
Update mcp-go
hahwul Jun 15, 2025
e695309
Bump golang.org/x/sync to v0.15.0
hahwul Jun 15, 2025
8368e61
Update tablewriter and related deps, refactor table usage
hahwul Jun 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update mcp-go
  • Loading branch information
@hahwul
hahwul committed Jun 15, 2025
commit c26330ec5206eb49c3196f55b16a8e29c946611d
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ require (
github.com/hahwul/volt v1.0.7
github.com/labstack/echo/v4 v4.13.4
github.com/logrusorgru/aurora v2.0.3+incompatible
github.com/mark3labs/mcp-go v0.28.0
github.com/mark3labs/mcp-go v0.32.0
github.com/olekukonko/tablewriter v0.0.5
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.9.1
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
@@ -81,6 +81,8 @@ github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4
github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
github.com/mark3labs/mcp-go v0.28.0 h1:7yl4y5D1KYU2f/9Uxp7xfLIggfunHoESCRbrjcytcLM=
github.com/mark3labs/mcp-go v0.28.0/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
github.com/mark3labs/mcp-go v0.32.0 h1:fgwmbfL2gbd67obg57OfV2Dnrhs1HtSdlY/i5fn7MU8=
github.com/mark3labs/mcp-go v0.32.0/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
24 changes: 15 additions & 9 deletions pkg/server/mcp.go
View file
Original file line number Diff line number Diff line change
@@ -96,7 +96,10 @@ func RunMCPServer(options model.Options) {

// Handler for the scan tool
s.AddTool(scanTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
url := request.Params.Arguments["url"].(string)
// Type assert Arguments to map[string]any
args := request.Params.Arguments.(map[string]any)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This direct type assertion for request.Params.Arguments can panic if the actual type is not map[string]any. It's safer to use the 'comma, ok' idiom to check the success of the assertion and handle potential errors gracefully.

args, ok := request.Params.Arguments.(map[string]any)
if !ok {
    return nil, fmt.Errorf("arguments are not of expected type map[string]any")
}


url := args["url"].(string)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Accessing the map key "url" and type asserting its value directly can lead to a panic if the key is not present or if its value is not a string. Using the 'comma, ok' idiom for both map access and type assertion would make this safer. This check can also be combined with the emptiness check for url on the subsequent line.

urlVal, ok := args["url"].(string)
if !ok {
    return nil, fmt.Errorf("url parameter is missing or not a string")
}
url := urlVal

if url == "" {
return nil, fmt.Errorf("URL is required")
}
@@ -121,13 +124,13 @@ func RunMCPServer(options model.Options) {
}

for _, opt := range stringOptions {
if value, ok := request.Params.Arguments[opt.paramName].(string); ok && value != "" {
if value, ok := args[opt.paramName].(string); ok && value != "" {
opt.setter(value)
}
}

// Handle special case for headers which requires splitting
if headers, ok := request.Params.Arguments["headers"].(string); ok && headers != "" {
if headers, ok := args["headers"].(string); ok && headers != "" {
rqOptions.Header = strings.Split(headers, "|")
}

@@ -141,7 +144,7 @@ func RunMCPServer(options model.Options) {
}

for _, opt := range numericOptions {
if value, ok := request.Params.Arguments[opt.paramName].(float64); ok {
if value, ok := args[opt.paramName].(float64); ok {
opt.setter(int(value))
}
}
@@ -159,22 +162,22 @@ func RunMCPServer(options model.Options) {
}

for _, opt := range boolOptions {
if value, ok := request.Params.Arguments[opt.paramName].(bool); ok {
if value, ok := args[opt.paramName].(bool); ok {
opt.setter(value)
}
}

// Handle special cases for mining options
if skipMiningAll, ok := request.Params.Arguments["skip-mining-all"].(bool); ok && skipMiningAll {
if skipMiningAll, ok := args["skip-mining-all"].(bool); ok && skipMiningAll {
rqOptions.Mining = false
rqOptions.FindingDOM = false
}

if skipMiningDict, ok := request.Params.Arguments["skip-mining-dict"].(bool); ok && skipMiningDict {
if skipMiningDict, ok := args["skip-mining-dict"].(bool); ok && skipMiningDict {
rqOptions.Mining = false
}

if skipMiningDOM, ok := request.Params.Arguments["skip-mining-dom"].(bool); ok && skipMiningDOM {
if skipMiningDOM, ok := args["skip-mining-dom"].(bool); ok && skipMiningDOM {
rqOptions.FindingDOM = false
}

@@ -218,7 +221,10 @@ func RunMCPServer(options model.Options) {

// Handler for the results tool
s.AddTool(resultsTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
scanID := request.Params.Arguments["scan_id"].(string)
// Type assert Arguments to map[string]any
args := request.Params.Arguments.(map[string]any)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Similar to the 'url' parameter handling, this direct type assertion for request.Params.Arguments can panic. Employing the 'comma, ok' idiom is recommended for robust error handling.

args, ok := request.Params.Arguments.(map[string]any)
if !ok {
    return nil, fmt.Errorf("arguments are not of expected type map[string]any")
}


scanID := args["scan_id"].(string)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Directly accessing and type asserting args["scan_id"] can cause a panic if the key is absent or the value is not a string. It's advisable to use the 'comma, ok' idiom for safer map access and type assertion. This can be combined with the emptiness check for scanID on the next line.

scanIDVal, ok := args["scan_id"].(string)
if !ok {
    return nil, fmt.Errorf("scan_id parameter is missing or not a string")
}
scanID := scanIDVal

if scanID == "" {
return nil, fmt.Errorf("scan_id is required")
}