fix: minor fixes

[ocervell]

Summary by CodeRabbit

Release Notes

• New Features
  • Nmap now supports list scan option and ping-based scanning capabilities in reconnaissance workflows
  • Nuclei task supports template condition filtering for targeted vulnerability scanning
  • HTTP screening tool accepts additional input types for broader target compatibility

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 741805f3-5c3c-4a94-bdcc-2f9b4abff4d7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This PR updates reconnaissance and vulnerability scanning configurations by modifying the cidr_recon workflow's nmap task to use ping-based scanning instead of TCP SYN scans, removing the search_vulns task, and adding new input type and scan options to httpx, nmap, and nuclei tasks.

Changes

Cohort / File(s)	Summary
Workflow Configuration secator/configs/workflows/cidr_recon.yaml	Updated nmap task from TCP SYN scan with version detection to ping-based scanning; removed search_vulns task and associated port-based targeting logic.
Task Input/Output Types secator/tasks/httpx.py	Extended input type support by adding STRING to the accepted input types list alongside existing HOST, HOST_PORT, IP, and URL types.
Nmap Scan Options secator/tasks/nmap.py	Added new list_scan boolean option (flag -sL) for nmap listing functionality and registered corresponding CLI argument mapping.
Nuclei Template Options secator/tasks/nuclei.py	Added template_condition task option (CLI short -tc) to support template selection expressions in nuclei scanning.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat(tasks/workflows): add arpscan integration and improve cidr_recon #815: Both PRs modify secator/configs/workflows/cidr_recon.yaml and nmap task configuration (PR #815 adds version detection and search_vulns task that this PR removes).
• fix(core): broken piped inputs and cidr_recon workflow improvements #821: Both PRs modify the same workflow file (cidr_recon.yaml) and update nmap task behavior and options.
• fix: prod optimizations #708: Both PRs add new task options to secator/tasks/nuclei.py for enhanced scanning control.

Poem

🐰 Ping scan hops where TCP once ran,
New options bloom like carrots in the plan,
Nuclei templates dance with conditions bright,
httpx strings added to the reconnaissance flight! 🌟

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fix: minor fixes' is vague and generic; it does not clearly convey the specific changes made (workflow configuration updates, new task options, and nmap/httpx modifications).	Use a more descriptive title that highlights the main changes, such as 'Add nmap list_scan and nuclei template_condition options, update httpx input types, and refactor cidr_recon workflow'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch small-fixes-2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

secator/tasks/nuclei.py (1)

52-52: Help example quoting is hard to read.

The nested quote example is valid but visually confusing in CLI help. Consider using single quotes inside the expression example.

Suggested help-text tweak

-		'template_condition': {'type': str, 'short': 'tc', 'help': 'Templates to run based on expression condition (ex: "contains(id, "ssh")")'},  # noqa: E501
+		'template_condition': {'type': str, 'short': 'tc', 'help': 'Templates to run based on expression condition (ex: "contains(id, \'ssh\')")'},  # noqa: E501

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@secator/tasks/nuclei.py` at line 52, Update the help text for the CLI option
'template_condition' to use single quotes inside the example expression to
improve readability (e.g., change contains(id, "ssh") to contains(id, 'ssh'));
locate the 'template_condition' entry in the options/dict and replace the nested
double quotes with single quotes in the 'help' string while preserving the
surrounding double quotes and original example structure.

secator/tasks/httpx.py (1)

22-22: STRING broadens accepted targets to arbitrary text.

Including STRING means generic unmatched inputs pass validation (autodetect_type fallback), so httpx may receive non-target strings. Consider constraining this with explicit normalization/filters before dispatch, or keep input_types to network target types only.

Conservative option (tight input typing)

-	input_types = [HOST, HOST_PORT, IP, URL, STRING]
+	input_types = [HOST, HOST_PORT, IP, URL]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@secator/tasks/httpx.py` at line 22, The input_types list for the httpx task
currently includes STRING, which lets arbitrary text bypass type validation;
remove STRING from input_types (keep HOST, HOST_PORT, IP, URL) or, if you need
broader acceptance, add an explicit normalization/filter step in the httpx task
(e.g., in the task handler that calls autodetect_type/httpx) to validate and
canonicalize targets and reject non-network strings before dispatch. Update the
symbol input_types and the autodetect_type/httpx invocation accordingly so only
valid network targets are sent to httpx.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@secator/configs/workflows/cidr_recon.yaml`:
- Around line 53-54: The description text currently says "Discover hosts and
ports with ping scan" but the ping_scan: True setting in the cidr_recon workflow
causes nmap to perform host discovery only (no port scan); update the
description key to accurately reflect host discovery only (e.g., "Discover hosts
with ping scan (no port scan)") or change ping_scan to False if you intended to
run both discovery and port scanning; refer to the description and ping_scan
keys in the cidr_recon YAML to make the correction.

---

Nitpick comments:
In `@secator/tasks/httpx.py`:
- Line 22: The input_types list for the httpx task currently includes STRING,
which lets arbitrary text bypass type validation; remove STRING from input_types
(keep HOST, HOST_PORT, IP, URL) or, if you need broader acceptance, add an
explicit normalization/filter step in the httpx task (e.g., in the task handler
that calls autodetect_type/httpx) to validate and canonicalize targets and
reject non-network strings before dispatch. Update the symbol input_types and
the autodetect_type/httpx invocation accordingly so only valid network targets
are sent to httpx.

In `@secator/tasks/nuclei.py`:
- Line 52: Update the help text for the CLI option 'template_condition' to use
single quotes inside the example expression to improve readability (e.g., change
contains(id, "ssh") to contains(id, 'ssh')); locate the 'template_condition'
entry in the options/dict and replace the nested double quotes with single
quotes in the 'help' string while preserving the surrounding double quotes and
original example structure.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 50927a7e-6229-4523-9fb2-978533ba5625

📥 Commits

Reviewing files that changed from the base of the PR and between 74df8a9 and 0fbe9a1.

📒 Files selected for processing (4)

• secator/configs/workflows/cidr_recon.yaml
• secator/tasks/httpx.py
• secator/tasks/nmap.py
• secator/tasks/nuclei.py