blacklanternsecurity · TheTechromancer · Apr 30, 2026 · Apr 29, 2026 · Apr 29, 2026 · Apr 29, 2026
diff --git a/bbot_server/compose.yml b/bbot_server/compose.yml
@@ -32,6 +32,10 @@ services:
   mongodb:
     image: mongo:latest
     restart: unless-stopped
+    ulimits:
+      nofile:
+        soft: 64000
+        hard: 64000
     volumes:
       - bbot-mongodb:/data/db
 

diff --git a/bbot_server/modules/findings/findings_models.py b/bbot_server/modules/findings/findings_models.py
@@ -8,7 +8,7 @@
 SEVERITY_LEVELS = {"INFO": 1, "LOW": 2, "MEDIUM": 3, "HIGH": 4, "CRITICAL": 5}
 
 # Confidence levels as constants
-CONFIDENCE_LEVELS = {"UNKNOWN": 1, "LOW": 2, "MODERATE": 3, "HIGH": 4, "CONFIRMED": 5}
+CONFIDENCE_LEVELS = {"UNKNOWN": 1, "LOW": 2, "MEDIUM": 3, "HIGH": 4, "CONFIRMED": 5}
 
 # severity colors for rich, etc. (bash color names)
 SEVERITY_COLORS = {
@@ -81,8 +81,6 @@ class Finding(BaseAssetFacet):
         description="Numeric confidence score of the vulnerability (1-5)",
         ge=1,
         le=5,
-        default=1,
-        alias="confidence",
     )
     temptation: Optional[Annotated[int, "indexed"]] = Field(
         description="Likelihood of an attacker taking interest in this finding (1-5)",

diff --git a/compose.yml b/compose.yml
@@ -37,6 +37,10 @@ services:
   mongodb:
     image: mongo:latest
     restart: unless-stopped
+    ulimits:
+      nofile:
+        soft: 64000
+        hard: 64000
     volumes:
       - ./mongodb:/data/db
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "bbot-server"
-version = "0.3.0"
+version = "0.3.1"
 description = ""
 authors = [{name = "TheTechromancer"}]
 license = "AGPL-3.0"
@@ -17,14 +17,14 @@ dependencies = [
     "redis>=5.2.1",
     "taskiq-redis>=1.0.3",
     "fastapi-mcp>=0.3.3",
-    "bbot",
     "click==8.1.8",
     "mcp==1.7.0",
     "jmespath>=1.0.1",
     "uvicorn>=0.35.0",
     "pymongo>=4.15.3",
     "cloudcheck>=9.2.0",
     "textual>=7.5.0",
+    "bbot",
 ]
 
 [project.scripts]
@@ -47,12 +47,12 @@ build-backend = "uv_build"
 [tool.uv]
 default-groups = ["dev"]
 
-[tool.uv.sources]
-bbot = { git = "https://github.com/blacklanternsecurity/bbot", rev = "3.0" }
-
 [tool.uv.build-backend]
 module-root = ""
 
+[tool.uv.sources]
+bbot = { git = "https://github.com/blacklanternsecurity/bbot", rev = "dev" }
+
 [tool.ruff]
 line-length = 119
 format.exclude = ["bbot/test/test_step_1/test_manager_*"]

diff --git a/tests/test_applets/test_applet_assets.py b/tests/test_applets/test_applet_assets.py
@@ -426,3 +426,66 @@ async def test_applet_custom_attributes(bbot_server, bbot_events):
     # count with custom attribute filter
     count = await bbot_server.count_assets(query={"custom_tag": "important"})
     assert count == 2
+
+
+# Verifies the MongoDB predicates the frontend's isEmpty / isNotEmpty operators emit
+# (`$in: [null, []]` and `$nin: [null, []]`) correctly distinguish missing-field, explicit-null,
+# empty-list, and populated documents on an array field like `open_ports`.
+async def test_applet_assets_empty_query_open_ports(bbot_server, bbot_events):
+    bbot_server = await bbot_server(needs_worker=True)
+
+    # skip testing of the http interface (since direct collection mutation isn't supported)
+    if not bbot_server.is_native:
+        return
+
+    # ingest BBOT events to create some assets
+    scan1_events, _scan2_events = bbot_events
+    for e in scan1_events:
+        await bbot_server.insert_event(e)
+    await asyncio.sleep(INGEST_PROCESSING_DELAY)
+
+    # pick four distinct hosts and force each into a different open_ports shape
+    host_absent = "evilcorp.com"  # field removed entirely
+    host_null = "www.evilcorp.com"  # explicit null
+    host_empty = "api.evilcorp.com"  # empty list
+    host_populated = "cname.evilcorp.com"  # populated
+
+    collection = bbot_server.assets.collection
+    await collection.update_one({"host": host_absent, "type": "Asset"}, {"$unset": {"open_ports": ""}})
+    await collection.update_one({"host": host_null, "type": "Asset"}, {"$set": {"open_ports": None}})
+    await collection.update_one({"host": host_empty, "type": "Asset"}, {"$set": {"open_ports": []}})
+    await collection.update_one({"host": host_populated, "type": "Asset"}, {"$set": {"open_ports": [80]}})
+
+    # sanity: confirm the four documents are in the expected shapes
+    docs = {
+        d["host"]: d
+        async for d in collection.find(
+            {"host": {"$in": [host_absent, host_null, host_empty, host_populated]}, "type": "Asset"}
+        )
+    }
+    assert "open_ports" not in docs[host_absent]
+    assert docs[host_null]["open_ports"] is None
+    assert docs[host_empty]["open_ports"] == []
+    assert docs[host_populated]["open_ports"] == [80]
+
+    target_hosts = {host_absent, host_null, host_empty, host_populated}
+
+    # isEmpty contract: $in: [null, []] matches missing-field, explicit-null, and empty-list documents.
+    is_empty_results = [
+        a
+        async for a in bbot_server.query_assets(
+            type="Asset",
+            query={"host": {"$in": list(target_hosts)}, "open_ports": {"$in": [None, []]}},
+        )
+    ]
+    assert {a["host"] for a in is_empty_results} == {host_absent, host_null, host_empty}
+
+    # isNotEmpty contract: $nin: [null, []] matches only the populated document.
+    is_not_empty_results = [
+        a
+        async for a in bbot_server.query_assets(
+            type="Asset",
+            query={"host": {"$in": list(target_hosts)}, "open_ports": {"$nin": [None, []]}},
+        )
+    ]
+    assert {a["host"] for a in is_not_empty_results} == {host_populated}
diff --git a/tests/test_applets/test_applet_findings.py b/tests/test_applets/test_applet_findings.py
@@ -1,9 +1,25 @@
 import asyncio
 from hashlib import sha1
 from tests.test_applets.base import BaseAppletTest
+from bbot_server.modules.findings.findings_models import Finding
 from bbot_server.modules.targets.targets_models import CreateTarget
 
 
+def test_finding_confidence_kwarg():
+    # string form
+    f = Finding(name="X", host="x.com", description="d", severity="HIGH", confidence="HIGH")
+    assert f.confidence == "HIGH"
+    assert f.confidence_score == 4
+    # numeric form
+    f = Finding(name="X", host="x.com", description="d", severity="HIGH", confidence=5)
+    assert f.confidence == "CONFIRMED"
+    assert f.confidence_score == 5
+    # MEDIUM (renamed from MODERATE) — regression for the rename
+    f = Finding(name="X", host="x.com", description="d", severity="HIGH", confidence="MEDIUM")
+    assert f.confidence == "MEDIUM"
+    assert f.confidence_score == 3
+
+
 class TestAppletFindings(BaseAppletTest):
     needs_worker = True
 
@@ -25,8 +41,8 @@ async def after_scan_1(self):
         assert {f.host for f in findings} == {"www.evilcorp.com", "www2.evilcorp.com"}
         assert {f.severity for f in findings} == {"HIGH"}
         assert {f.severity_score for f in findings} == {4}
-        assert {f.confidence for f in findings} == {"UNKNOWN"}
-        assert {f.confidence_score for f in findings} == {1}
+        assert {f.confidence for f in findings} == {"HIGH"}
+        assert {f.confidence_score for f in findings} == {4}
 
         # risk should auto-sync from finding_max_severity via CVSS: HIGH -> 7.0
         www_asset = await self.bbot_server.get_asset(host="www.evilcorp.com")
@@ -76,8 +92,8 @@ async def after_scan_2(self):
         assert {f.host for f in findings} == {"www.evilcorp.com", "www2.evilcorp.com", "api.evilcorp.com"}
         assert {f.severity for f in findings} == {"HIGH", "CRITICAL"}
         assert {f.severity_score for f in findings} == {4, 5}
-        assert {f.confidence for f in findings} == {"UNKNOWN"}
-        assert {f.confidence_score for f in findings} == {1}
+        assert {f.confidence for f in findings} == {"HIGH"}
+        assert {f.confidence_score for f in findings} == {4}
         assert {f.url for f in findings} == {
             "http://www.evilcorp.com/",
             "http://www2.evilcorp.com/",
@@ -107,8 +123,8 @@ async def after_scan_2(self):
         assert finding_by_id.host == "api.evilcorp.com"
         assert finding_by_id.severity == "CRITICAL"
         assert finding_by_id.severity_score == 5
-        assert finding_by_id.confidence == "UNKNOWN"
-        assert finding_by_id.confidence_score == 1
+        assert finding_by_id.confidence == "HIGH"
+        assert finding_by_id.confidence_score == 4
         assert finding_by_id.url == "https://api.evilcorp.com/"
         assert finding_by_id.description == "That's a whippin'"
 

diff --git a/tests/test_cli/test_cli_findingctl.py b/tests/test_cli/test_cli_findingctl.py
@@ -37,8 +37,8 @@ def test_cli_findingctl(bbot_server_http, bbot_worker, bbot_out_file):
     assert {f.host for f in findings} == {"www.evilcorp.com", "www2.evilcorp.com", "api.evilcorp.com"}
     assert {f.severity for f in findings} == {"HIGH", "CRITICAL"}
     assert {f.severity_score for f in findings} == {4, 5}
-    assert {f.confidence for f in findings} == {"UNKNOWN"}
-    assert {f.confidence_score for f in findings} == {1}
+    assert {f.confidence for f in findings} == {"HIGH"}
+    assert {f.confidence_score for f in findings} == {4}
     assert {f.url for f in findings} == {
         "http://www.evilcorp.com/",
         "http://www2.evilcorp.com/",