Fixing nmap -oX CLI arg

[Mzack9999]

Closes #1589

Summary by CodeRabbit

• New Features

  • Enhanced nmap integration with improved handling of custom arguments and XML output files.
  • Enriched scan results now include enhanced service information and OS fingerprinting data from nmap.

• Bug Fixes

  • Fixed XML output redirection handling to prevent duplicate file processing.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The PR fixes XML output file creation in nmap integration by extracting -oX flags from custom arguments and configuring the scanner to write to the specified file. Result integration functions are added to enrich scan results with nmap service and OS fingerprint data.

Changes

Cohort / File(s)	Summary
Nmap CLI argument handling pkg/runner/nmap.go	Extracts -oX output redirection flag and its filename from custom arguments, preventing duplication. Remaining arguments (excluding -oX and filename) are passed to the nmap scanner. Output file is configured on the scanner if -oX is provided with a valid filename.
Nmap result integration pkg/runner/nmap.go	Adds four new functions to convert and integrate nmap results into scan results: integrateNmapResults() processes nmap.Run results and updates ports with enriched service and OS data; nmapOS2Fingerprint() converts nmap OS info to local fingerprint structure; updatePortWithServiceInfo() updates/adds port entries with service details; convertNmapPortToNaabuPort() translates nmap.Port data to internal naabu Port structure.
Linter directives pkg/runner/options.go	Replaces specific linter directive on Options struct with more general nolint directive. Adds nolint directive inside hasProbes() function body. No logic changes.

Sequence Diagram

sequenceDiagram
    participant Caller as Scan Invocation
    participant Parser as CLI Parser
    participant Scanner as Nmap Scanner
    participant Converter as Result Converter
    participant Results as Scan Results

    Caller->>Parser: Custom args with -oX flag
    Parser->>Parser: Extract -oX and filename
    Parser->>Scanner: Configure with remaining args
    Note over Parser: Filtered args exclude -oX
    alt -oX filename provided
        Parser->>Scanner: Set output file via ToFile()
    end
    
    Scanner->>Scanner: Execute nmap
    Scanner-->>Converter: nmap.Run results
    Converter->>Converter: Convert OS fingerprint
    Converter->>Converter: Translate port data
    Converter->>Results: Integrate enriched ports
    Note over Results: Ports updated with service<br/>and OS metadata

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

• Critical review areas:
  • -oX extraction logic in argument parsing—verify correct flag/filename identification and handling edge cases (e.g., stdout redirects, malformed args)
  • integrateNmapResults() and updatePortWithServiceInfo()—ensure ports are correctly merged/updated without data loss or duplication
  • convertNmapPortToNaabuPort()—validate that nmap service/version data maps correctly to internal port structure
  • Logging of filtered arguments to confirm -oX is properly excluded from logged custom args

Poem

🐰 XML files were lost to the wind,
But lo! The -oX flag we rescind—
Extracted with care, results now flow,
Enriched with service and OS data aglow! 📋✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fixing nmap -oX CLI arg' directly addresses the primary issue: the -oX (XML output) parameter handling in nmap integration.
Linked Issues check	✅ Passed	The PR implementation fully addresses issue #1589 by extracting -oX arguments from custom CLI args and configuring the scanner to write output to the specified file.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing -oX XML output handling; linter directives in options.go are minor and support code quality without introducing unrelated functionality.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix-1589-nmap-ox

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

pkg/runner/options.go (1)

31-31: Consider specifying linter names in nolint directives.

Generic //nolint comments suppress all linters. Specifying the exact linter (e.g., //nolint:gocritic) improves maintainability by documenting why the suppression exists and prevents accidentally hiding other issues.

Also applies to: 360-360

pkg/runner/nmap.go (3)

95-116: Edge case: combined -oXfilename format not handled.

The parsing correctly handles -oX filename (space-separated), but nmap also accepts -oXfilename (combined format without space). If a user passes -oXmyfile.xml, it will be passed through to nmap unfiltered, meaning nmap creates the file but ToFile() won't be called, which may cause inconsistencies.

Consider also matching arguments that start with -oX followed by characters:

 for i := 0; i < len(args); i++ {
-	if args[i] == "-oX" {
+	if args[i] == "-oX" || (strings.HasPrefix(args[i], "-oX") && len(args[i]) > 3) {
+		if len(args[i]) > 3 {
+			// Handle -oXfilename format
+			outputFile = args[i][3:]
+			continue
+		}
 		// Check if there's a filename after -oX
 		if i+1 < len(args) {

---

154-176: Add defensive check for empty Addresses slice.

While the current caller (integrateNmapResults) guards against empty Addresses, this helper function directly accesses host.Addresses[0] at line 161 without its own check. If called from another context, this would panic.

 func nmapOS2Fingerprint(host nmap.Host) *result.OSFingerprint {
-	if len(host.OS.Matches) == 0 {
+	if len(host.OS.Matches) == 0 || len(host.Addresses) == 0 {
 		return nil
 	}

---

225-247: Consider efficiency of host lookup.

The function iterates through all hosts via GetIPsPorts() to find a matching IP. If there are many hosts, this could be inefficient. Consider whether ScanResults provides a direct lookup method by IP.

Additionally, the direct mutation of existingPort.Service (line 236) assumes no concurrent access to scan results during nmap integration. This should be safe since nmap runs after scanning, but worth noting.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fdf42a6 and c45f13b.

📒 Files selected for processing (2)

• pkg/runner/nmap.go (2 hunks)
• pkg/runner/options.go (2 hunks)

🔇 Additional comments (2)

pkg/runner/nmap.go (2)

129-131: LGTM!

The ToFile() call correctly configures the XML output destination when an -oX filename was extracted from the CLI arguments. This addresses the core issue in #1589.

---

249-289: LGTM!

The conversion logic is clean and correctly maps all nmap port and service fields to the naabu port structure.