Skip to content

Comments

feature: Support basic Python and Go PoCs to be generated by the PoC …#144

Open
QuinnDACollins wants to merge 5 commits intomainfrom
PyGo_PoC_Creation
Open

feature: Support basic Python and Go PoCs to be generated by the PoC …#144
QuinnDACollins wants to merge 5 commits intomainfrom
PyGo_PoC_Creation

Conversation

@QuinnDACollins
Copy link
Contributor

@QuinnDACollins QuinnDACollins commented Feb 23, 2026

No description provided.

@gemini-code-assist
Copy link

gemini-code-assist bot commented Feb 23, 2026

Summary of Changes

Hello @QuinnDACollins, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly expands the Proof-of-Concept (PoC) generation and execution capabilities by introducing support for Python and Go projects, in addition to the existing Node.js functionality. The changes update the system's prompt to inform users about the new language options and modify the backend logic to correctly identify, install dependencies for, and execute PoC scripts written in these languages.

Highlights

  • Multi-language PoC Generation: The system can now generate Proof-of-Concept (PoC) scripts for Node.js, Python, and Go projects, with the prompt updated to guide users on this capability.
  • Dynamic PoC Execution: The PoC execution logic has been enhanced to dynamically determine the project language (Node.js, Python, or Go) based on the file extension and execute the PoC using the appropriate runtime and dependency installation commands.
  • Expanded Test Coverage: New unit tests were added to verify the correct execution flow for Python and Go PoC files, ensuring the new multi-language support functions as expected.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • mcp-server/src/index.ts
    • Updated the security expert prompt to explicitly mention support for Node.js, Python, and Go projects for PoC generation.
    • Modified the PoC generation instruction to dynamically generate scripts based on the user's project language.
  • mcp-server/src/poc.test.ts
    • Added a new 'extname' helper to the mock path object for file extension detection in tests.
    • Introduced new test cases to verify the execution of Python PoC files, including 'pip3 install' and 'python3' commands.
    • Introduced new test cases to verify the execution of Go PoC files, including 'go mod tidy' and 'go run' commands.
    • Refactored the existing Node.js test case for clarity and consistency with the new tests.
  • mcp-server/src/poc.ts
    • Removed a redundant comment.
    • Implemented logic to determine the PoC file's language (Python, Go, or Node.js) based on its file extension.
    • Configured appropriate installation commands ('pip3 install', 'go mod tidy', 'npm install') and execution commands ('python3', 'go run', 'node') for each language.
    • Generalized the dependency installation and PoC execution steps to support all three languages, ignoring installation errors if no config file exists.
Activity
  • No specific activity was provided for this pull request.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions
Copy link

github-actions bot commented Feb 23, 2026

🤖 Hi @QuinnDACollins, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 23, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request introduces support for generating and running Proof-of-Concept (PoC) scripts in Python and Go, in addition to the existing Node.js support. This enhances the tool's versatility for security analysis across different programming languages. The changes include modifications to the prompt for PoC generation to specify supported languages and updates to the runPoc function and its tests to handle Python and Go file extensions and their respective execution commands and dependency installation steps. The changes are well-implemented and tested.

github-actions[bot]
github-actions bot reviewed Feb 23, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

## 📋 Review Summary

This pull request extends the Proof-of-Concept generation to support Python and Go, in addition to Node.js. The changes are well-implemented and include corresponding tests. The code is clear and follows existing patterns.

🔍 General Feedback

  • The logic for handling different languages in runPoc is clear, but could be slightly improved for readability by using a switch statement.
  • The tests are comprehensive and cover the new functionality well.

mcp-server/src/poc.ts

let installCmd: string | null = null;
let runCmd: string;
let runArgs: string[];
Copy link

@github-actions github-actions bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 The `toLowerCase()` call is redundant because you are already checking against lowercase extensions in the `if` and `else if` conditions.
Suggested change
let runArgs: string[];
const ext = dependencies.path.extname(filePath);

mcp-server/src/poc.ts Outdated
Comment on lines 53 to 65
runCmd = 'python3';
runArgs = [filePath];
installCmd = 'pip3 install -r requirements.txt';
} else if (ext === '.go') {
runCmd = 'go';
runArgs = ['run', filePath];
installCmd = 'go mod tidy';
} else {
runCmd = 'node';
runArgs = [filePath];
installCmd = 'npm install --registry=https://registry.npmjs.org/';
}
const { stdout, stderr } = await dependencies.execFileAsync('node', [filePath]);

Copy link

@github-actions github-actions bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 For better readability and maintainability, you could consider using a switch statement here instead of if/else if.
Suggested change
runCmd = 'python3';
runArgs = [filePath];
installCmd = 'pip3 install -r requirements.txt';
} else if (ext === '.go') {
runCmd = 'go';
runArgs = ['run', filePath];
installCmd = 'go mod tidy';
} else {
runCmd = 'node';
runArgs = [filePath];
installCmd = 'npm install --registry=https://registry.npmjs.org/';
}
const { stdout, stderr } = await dependencies.execFileAsync('node', [filePath]);
let installCmd: string | null = null;
let runCmd: string;
let runArgs: string[];
switch (ext) {
case '.py':
runCmd = 'python3';
runArgs = [filePath];
installCmd = 'pip3 install -r requirements.txt';
break;
case '.go':
runCmd = 'go';
runArgs = ['run', filePath];
installCmd = 'go mod tidy';
break;
default:
runCmd = 'node';
runArgs = [filePath];
installCmd = 'npm install --registry=https://registry.npmjs.org/';
}

mcp-server/src/poc.test.ts Outdated
Comment on lines 36 to 68
expect(mockExecAsync).toHaveBeenCalledWith('npm install --registry=https://registry.npmjs.org/', { cwd: POC_DIR });
expect(mockExecFileAsync).toHaveBeenCalledTimes(1);
expect(mockExecFileAsync).toHaveBeenCalledWith('node', [`${POC_DIR}/test.js`]);
expect((result.content[0] as any).text).toBe(
JSON.stringify({ stdout: 'output', stderr: '' })
expect((result.content[0] as any).text).toBe(JSON.stringify({ stdout: 'output', stderr: '' }));
});

it('should execute a Python file', async () => {
const mockExecAsync = vi.fn(async () => { return { stdout: '', stderr: '' }; });
const mockExecFileAsync = vi.fn(async () => { return { stdout: 'output', stderr: '' }; });

const result = await runPoc(
{ filePath: `${POC_DIR}/test.py` },
{ fs: {} as any, path: mockPath as any, execAsync: mockExecAsync as any, execFileAsync: mockExecFileAsync as any }
);

expect(mockExecAsync).toHaveBeenCalledTimes(1);
expect(mockExecAsync).toHaveBeenCalledWith('pip3 install -r requirements.txt', { cwd: POC_DIR });
expect(mockExecFileAsync).toHaveBeenCalledTimes(1);
expect(mockExecFileAsync).toHaveBeenCalledWith('python3', [`${POC_DIR}/test.py`]);
expect((result.content[0] as any).text).toBe(JSON.stringify({ stdout: 'output', stderr: '' }));
});

it('should execute a Go file', async () => {
const mockExecAsync = vi.fn(async () => { return { stdout: '', stderr: '' }; });
const mockExecFileAsync = vi.fn(async () => { return { stdout: 'output', stderr: '' }; });

const result = await runPoc(
{ filePath: `${POC_DIR}/test.go` },
{ fs: {} as any, path: mockPath as any, execAsync: mockExecAsync as any, execFileAsync: mockExecFileAsync as any }
);

expect(mockExecAsync).toHaveBeenCalledTimes(1);
expect(mockExecAsync).toHaveBeenCalledWith('go mod tidy', { cwd: POC_DIR });
Copy link

@github-actions github-actions bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 These tests are great! It's good to see that you've covered the new languages. You could consider creating a helper function to reduce code duplication in the tests, since the structure of the tests for each language is very similar.

github-actions[bot]
github-actions bot reviewed Feb 23, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📋 Security Analysis Summary

This pull request adds support for generating Proof-of-Concept (PoC) scripts for Python and Go projects, in addition to the existing support for Node.js. The changes also include refactoring of the PoC execution logic to handle different languages.

🔍 General Feedback

  • The code is well-structured and the changes are easy to follow.
  • The use of execFile instead of exec for running the PoC scripts is a good security practice.
  • The addition of tests for the new functionality is appreciated.
  • The prompt injection vulnerabilities identified in this review should be addressed before merging.

QuinnDACollins and others added 2 commits February 23, 2026 13:49
@QuinnDACollins @gemini-code-assist
Remove AI Emoji from comment
540d222 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@QuinnDACollins @gemini-code-assist
Increase specificity in failure reasons comment
f9a9528 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@capachino capachino Awaiting requested review from capachino capachino is a code owner

@evanotero evanotero Awaiting requested review from evanotero evanotero is a code owner

@heltonduarte heltonduarte Awaiting requested review from heltonduarte heltonduarte is a code owner

@QuanZhang-William QuanZhang-William Awaiting requested review from QuanZhang-William QuanZhang-William is a code owner

@shrishabh shrishabh Awaiting requested review from shrishabh shrishabh is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@QuinnDACollins @shrishabh