nmap go dep

[Mzack9999]

Closes #1592

Summary by CodeRabbit

• Chores
  • Upgraded embedded nmap dependency to v3.0.6 and adjusted module path for compatibility with the upstream v3 release.
  • Updated nmap integration to follow the upstream v3 API, improving scanner initialization and more robust handling of scan warnings; may affect scan behavior and warning reporting.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The nmap dependency and imports were updated from github.com/Ullaakut/nmap v2.0.2+incompatible to github.com/Ullaakut/nmap/v3 v3.0.6; code adjusted for the v3 API (context-aware NewScanner, nmap.Option usage, and warnings now a pointer to a slice).

Changes

Cohort / File(s)	Change Summary
Dependency version upgrade go.mod	Updated nmap dependency from github.com/Ullaakut/nmap v2.0.2+incompatible to github.com/Ullaakut/nmap/v3 v3.0.6 (module path and requirement changed)
nmap integration and API updates pkg/runner/nmap.go	Updated import to github.com/Ullaakut/nmap/v3; added context import; replaced []func(*nmap.Scanner) with []nmap.Option; call to NewScanner now NewScanner(context.TODO(), scannerOptions...); adjusted warnings handling to dereference pointer (warnings != nil && len(*warnings) > 0) and iterate range *warnings; preserved WithCustomArguments usage with //nolint

Sequence Diagram(s)

sequenceDiagram
  participant Runner as runner
  participant NmapLib as nmap/v3
  Note over Runner,NmapLib `#DDFFDD`: New flow with context and pointer warnings

  Runner->>NmapLib: NewScanner(ctx, options...)
  alt scanner created
    NmapLib-->>Runner: *Scanner
    Runner->>NmapLib: Run Scan
    NmapLib-->>Runner: results, warningsPtr
    alt warnings present (warningsPtr != nil && len(*warningsPtr)>0)
      Runner->>Runner: iterate over *warningsPtr and log
    else no warnings
      Runner->>Runner: continue
    end
  else error creating scanner
    NmapLib-->>Runner: error
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Files/areas to inspect closely:
  • pkg/runner/nmap.go — ensure correct nmap.Option usage and context propagation.
  • Warning handling — confirm nil/pointer semantics and that dereferencing is safe.
  • Call sites elsewhere in the repo that may import or construct nmap scanner options (search for github.com/Ullaakut/nmap and NewScanner).

Poem

🐰 I hopped from v2 into v3's glade,
With context in paw and warnings weighed,
Options reformed, imports anew—
A tidy hop, a fresh review,
My whiskers twitch; the scan's parade! 🎩

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'nmap go dep' is vague and generic, using abbreviated terms that lack specificity about the actual change (dependency upgrade to v3).	Use a more descriptive title like 'Upgrade nmap dependency to v3' or 'Update nmap package to v3.0.6' to clearly communicate the version change.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch maint-nmap-dep

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/runner/nmap.go (1)

79-103: Critical: nmap v3 API requires context.Context as first parameter to NewScanner.

v3's NewScanner signature requires a context.Context as the first argument. The call at line 99 is missing this required parameter, causing the build failure.

Fix: Add a context as the first argument to nmap.NewScanner():

scanner, err := nmap.NewScanner(ctx, scannerOptions...)

Ensure that ctx is created or passed into scope before this line (e.g., from a parent function or by creating ctx := context.Background() or ctx := context.WithTimeout(...)).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 65716f6 and 9bea202.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• go.mod (1 hunks)
• pkg/runner/nmap.go (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: 🔨 Release Test

pkg/runner/nmap.go

[error] 99-99: Build failed: not enough arguments in call to nmap.NewScanner (github.com/projectdiscovery/naabu/v2/pkg/runner)

🪛 GitHub Actions: 🧪 Functional Test

pkg/runner/nmap.go

[error] 99-99: not enough arguments in call to nmap.NewScanner

🔇 Additional comments (1)

pkg/runner/nmap.go (1)

7-7: Import path correctly updated for v3 module.

The import path change aligns with the dependency upgrade in go.mod and follows Go module versioning conventions for major version upgrades.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

Verify the nmap v3 version is current and secure.

The dependency declaration syntax is correct for the v3 module upgrade. However, please verify that v3.0.6 is the latest stable version and check for any security advisories.

---

🌐 Web query:

github.com/Ullaakut/nmap/v3 latest version and security advisories

💡 Result:

Summary (checked Nov 20, 2025):

• Latest published module version: go module pseudo-version v3.0.0-20250523140515-70ac6af02194 (commit-based pseudo-version dated 2025-05-23). [1][2]

• Security advisories: I could not find any published security advisories or GitHub Advisory entries for Ullaakut/nmap. The repository has no formal release tags and no recorded advisories. Verify yourself on the repo and GitHub Advisory pages if you need ongoing monitoring. [1][3]

Sources:

1. Ullaakut/nmap GitHub repository. [GitHub]. (github.com)
2. Libraries.io entry showing the module pseudo-version. [Libraries.io]. (libraries.io)
3. GitHub Security advisories / GitHub Advisory listings (no advisories found for this project). [GitHub Security]. (securitylab.github.com)

Would you like me to watch this repo and notify you of new releases or advisories?

Citations:

• 1: https://github.com/Ullaakut/nmap
• 2: https://libraries.io/go/github.com%2FUllaakut%2Fnmap%2Fv3?utm_source=openai
• 3: https://securitylab.github.com/advisories/?utm_source=openai

---

Update to a verified, available version of nmap/v3.

The highest tagged major version is v3, but v3.0.6 could not be confirmed as a published release. The v3.0.3 version was successfully retrieved in recent examples. Verify that v3.0.6 is actually available by running go get github.com/Ullaakut/nmap/v3@v3.0.6 or consider updating to a confirmed version. No security advisories were found for this project.

🤖 Prompt for AI Agents

In go.mod around line 7, the dependency github.com/Ullaakut/nmap/v3 is pinned to
v3.0.6 which could not be confirmed as published; update it to a verified
released version (for example v3.0.3) or run go get
github.com/Ullaakut/nmap/v3@v3.0.6 to confirm availability. Edit go.mod to
replace v3.0.6 with the confirmed version (e.g., v3.0.3), then run go mod tidy
(or the go get command if you want to validate v3.0.6) to update go.sum and
ensure the project builds.

[Mzack9999]

@coderabbitai create an issue for this PR: nmap dependency has been bumped to latest version

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Create a GitHub issue for the nmap dependency bump

gh issue create \
  --repo projectdiscovery/naabu \
  --title "nmap dependency bumped to latest version" \
  --body "The nmap dependency has been bumped to the latest version (v3.0.6) in PR #1591.

**Related PR:** https://github.com/projectdiscovery/naabu/pull/1591
**Requested by:** @Mzack9999" \
  --assignee Mzack9999

Length of output: 53

---

@Mzack9999: I've created issue #1592 for this PR about the nmap dependency bump to v3.0.6.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

pkg/runner/nmap.go (1)

80-101: Use a cancellable context instead of context.TODO() for nmap scans

The switch to []nmap.Option and the nmap.NewScanner(ctx, options...) call matches the v3 API expectations. (github.com) However, using context.TODO() means these nmap runs can’t be cancelled or timed out, which is undesirable for potentially long scans.

If you already have a process/request context on Runner (e.g., r.ctx or similar), consider passing that instead, or derive a context.WithTimeout/WithCancel upstream and use it here so nmap respects global cancellation and doesn’t hang indefinitely.

Please double‑check that this usage matches the exact NewScanner signature for the pinned github.com/Ullaakut/nmap/v3 version in go.mod and that you’re happy with the lack of timeout on these scans.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9bea202 and c7de58d.

📒 Files selected for processing (1)

• pkg/runner/nmap.go (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: build-mac
• GitHub Check: build-windows
• GitHub Check: build-linux
• GitHub Check: release-test-windows
• GitHub Check: release-test-mac
• GitHub Check: Functional Test (ubuntu-latest)
• GitHub Check: Analyze (go)

🔇 Additional comments (2)

pkg/runner/nmap.go (2)

3-13: Import updates for context and github.com/Ullaakut/nmap/v3 look good

The new imports align with the v3 module path and context‑aware API; nothing else needed here.

---

113-118: Pointer‑based warnings handling matches nmap v3 expectations

The warnings != nil && len(*warnings) > 0 guard and iteration over *warnings correctly follow the v3 scanner.Run() contract where warnings is a *[]string. (github.com) This avoids nil dereferences and logs each warning cleanly.

Confirm that scanner.Run() for your pinned nmap v3 version still returns (*nmap.Run, *[]string, error) so this pointer check remains valid.