feat: v0.4.0 — code quality, tool pipeline, and stealth expansion#62
Merged
feat: v0.4.0 — code quality, tool pipeline, and stealth expansion#62
Conversation
Add tool_pipeline() helper to eliminate ~20 lines of boilerplate per tool, expand stealth proxy injection to 8 additional tools, add shared test fixtures, narrow exception handling, and add future annotations to 24 files. - New: src/tengu/tools/pipeline.py with tool_pipeline() and PipelineResult - New: tests/conftest.py with shared fixtures and autouse singleton reset - Stealth: hydra, amass, rustscan, katana, httpx, testssl, dalfox, crlfuzz - Narrowed: tor_check.py (httpx.RequestError), metasploit.py (InvalidInputError) - Added from __future__ import annotations to 24 __init__.py files - Updated CLAUDE.md, README.md, CHANGELOG.md with v0.4.0 changes - 2643 tests passing, 0 lint errors, 0 type errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- hydra: removed wrong `-p` flag (that's for password), use HYDRA_PROXY env var via get_proxy_env() instead - rustscan: removed — has no proxy support at all (use proxychains wrapper) - httpx: fixed `-proxy` → `-http-proxy` (ProjectDiscovery CLI flag) - testssl: removed — only accepts host:port HTTP, incompatible with socks5:// - Added HYDRA_PROXY to get_proxy_env() output - Updated tests, CLAUDE.md proxy table, and CHANGELOG.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
P0-1: Fix generate_report silently dropping findings with uppercase severity values (e.g. "Critical", "HIGH"). The Pydantic Finding model requires lowercase, but _normalize_finding was not lowercasing the severity field before validation. Also coerce cvss_score to float. P0-2: Unify risk scoring across score_risk, correlate_findings, and generate_report into a single algorithm in scoring.py. All three now use real CVSS scores when available (falling back to severity weights), with attack chain and critical finding boosts. Eliminates score inconsistency between tools (previously 6.2 vs 8.5 for same findings). P1-4: Fix sqlmap --answers flag missing "How many=a" response, which caused batch mode to send invalid "N" when sqlmap asks how many entries to retrieve. Also added "follow=Y" and "keep testing=Y". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
tool_pipeline()helper (src/tengu/tools/pipeline.py) — encapsulates the full security pipeline (sanitize → allowlist → stealth → rate_limit → audit → execute), reducing ~20 lines of boilerplate per tooltests/conftest.py) withmock_config,mock_ctx,mock_audit,mock_allowlist, and autouse singleton resettor_check.py→(httpx.RequestError, TimeoutError),metasploit.py→InvalidInputErrorfrom __future__ import annotationsadded to 24__init__.pyfilesTest plan
make lint— 0 ruff errorsmake format— all files formattedmake typecheck— 0 mypy errorsmake test— 2643 tests passing (up from 2562)test_tool_pipeline.py— 7 tests covering basic execution, allowlist block, custom sanitizer, stealth injection, no rate limit, execution failure audittest_tools_tor_check.py— useshttpx.ConnectErrorinstead of genericException🤖 Generated with Claude Code