Bump cli v3 #132
Open
Bump cli v3 #132
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
November 9, 2025 20:01
…sed action signatures This patch updates all CLI command definitions and related helpers to use urfave/cli v3. Key changes include: - Replacing `cli.App` with `cli.Command` - Updating `Action` and `Before` functions to accept `context.Context` and `*cli.Command` - Updating field names (`Subcommands` → `Commands`) - Modifying project dependencies in go.mod/go.sum accordingly - Adjusting related tests and helper functions (e.g., in pkg/app, env, vul packages)
…ability actions Add logic to iterate over command flags and inject their name-value pairs into the context before executing CheckSec or exploit actions. This ensures that flag values are available to all vulnerability-related operations.
- Upgrade Go version to 1.22 in Dockerfile and go.mod - Migrate CLI framework from urfave/cli/v2 to v3 across all command packages - Refactor command actions to use context.Context and new function signatures - Replace deprecated Subcommands with Commands field - Update sploit-spec dependency to v0.8.0-rc4 - Clean up removed indirect dependencies in go.mod and go.sum
Refactor the Vulnerability interface to use *cli.Command directly instead
of context.Context for CheckSec and Exploit methods. This follows the
recommended practice for urfave/cli/v3, which encourages passing *cli.Command
directly rather than using context.Context for flag access.
Changes:
- Removes manual flag extraction loop in pkg/app/vul.go that was copying
flags from cmd.Flags into context values
- Changes CheckSec(context.Context) to CheckSec(cmd *cli.Command)
- Changes Exploit(context.Context) to Exploit(cmd *cli.Command)
- Updates BaseVulnerability.Exploit to use cmd.Bool("force") instead of
ctx.Value("force") for accessing the force flag
- Updates Vulnerabilities.Check method signature accordingly
- Updates test cases to pass nil instead of context.TODO()
- Updates spec documentation to reflect the new API signatures
This aligns with urfave/cli/v3 best practices and simplifies the API by
eliminating the intermediate context layer, allowing direct access to CLI
command flags through the Command object.
…cli.Command Refactors the vulnerability checking API in the xsploit example project to use *cli.Command instead of context.Context. Changes include: - Update vulnerabilities.Check() call in checksec/auto.go from Check(ctx) to Check(cmd) - Change Exploit() method signature in vul/cve-2099-9999/vul.go from Exploit(ctx context.Context) to Exploit(cmd *cli.Command) - Remove unused context import from vul/cve-2099-9999/vul.go - Upgrade sploit-spec dependency from v0.8.0-rc4 to v0.8.0-rc5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
v0.8.0-rc4