fix: replace panic with error handling in template loader (#6674)#7090
Merged
dogancanbakir merged 19 commits intoprojectdiscovery:mainfrom Mar 5, 2026
Merged
fix: replace panic with error handling in template loader (#6674)#7090dogancanbakir merged 19 commits intoprojectdiscovery:mainfrom
dogancanbakir merged 19 commits intoprojectdiscovery:mainfrom
Conversation
…6797) Bumps the modules group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) | `0.5.3` | `0.5.4` | | [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) | `0.0.99` | `0.0.100` | | [github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh) | `1.2.4` | `1.3.0` | | [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) | `1.3.5` | `1.3.6` | | [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) | `0.8.12` | `0.8.13` | | [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) | `1.1.67` | `1.1.68` | | [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) | `0.2.65` | `0.2.66` | | [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck) | `1.2.20` | `1.2.21` | Updates `github.com/projectdiscovery/fastdialer` from 0.5.3 to 0.5.4 - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](projectdiscovery/fastdialer@v0.5.3...v0.5.4) Updates `github.com/projectdiscovery/hmap` from 0.0.99 to 0.0.100 - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](projectdiscovery/hmap@v0.0.99...v0.0.100) Updates `github.com/projectdiscovery/interactsh` from 1.2.4 to 1.3.0 - [Release notes](https://github.com/projectdiscovery/interactsh/releases) - [Commits](projectdiscovery/interactsh@v1.2.4...v1.3.0) Updates `github.com/projectdiscovery/retryablehttp-go` from 1.3.5 to 1.3.6 - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](projectdiscovery/retryablehttp-go@v1.3.5...v1.3.6) Updates `github.com/projectdiscovery/dsl` from 0.8.12 to 0.8.13 - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](projectdiscovery/dsl@v0.8.12...v0.8.13) Updates `github.com/projectdiscovery/gologger` from 1.1.67 to 1.1.68 - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](projectdiscovery/gologger@v1.1.67...v1.1.68) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.65 to 0.2.66 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](projectdiscovery/wappalyzergo@v0.2.65...v0.2.66) Updates `github.com/projectdiscovery/cdncheck` from 1.2.20 to 1.2.21 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](projectdiscovery/cdncheck@v1.2.20...v1.2.21) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-version: 0.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/hmap dependency-version: 0.0.100 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/interactsh dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: modules - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-version: 1.3.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/dsl dependency-version: 0.8.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/gologger dependency-version: 1.1.68 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.66 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.21 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ery#6796) Refactor `ParseTemplateFromReader` to parse YAML once after applying preprocessors, avoiding redundant parsing for verification. Also add `parseTemplateNoVerify` and `applyTemplateVerification` helpers to separate parsing from signature verification logic to reduce CPU overhead during startup template loading. Signed-off-by: Dwi Siswanto <[email protected]>
Closes projectdiscovery#6734. Signed-off-by: Dwi Siswanto <[email protected]>
…6853) Bumps the modules group with 2 updates: [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck). Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.66 to 0.2.67 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](projectdiscovery/wappalyzergo@v0.2.66...v0.2.67) Updates `github.com/projectdiscovery/cdncheck` from 1.2.21 to 1.2.22 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](projectdiscovery/cdncheck@v1.2.21...v1.2.22) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.67 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.22 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go_modules group with 1 update in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git). Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.5 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.16.2...v5.16.5) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.5 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…pport (projectdiscovery#6841) * chore(deps): bump github.com/bytedance/sonic to 1.15.0 for Go 1.26 support Update https://github.com/bytedance/sonic to https://github.com/bytedance/sonic/releases/tag/v1.15.0 For * bytedance/sonic#898 Found in * Homebrew/homebrew-core#258912 Upgraded by performing: ``` $ go1.26rc3 build -v ./... github.com/bytedance/sonic/internal/rt # github.com/bytedance/sonic/internal/rt ../../../go/pkg/mod/github.com/bytedance/[email protected]/internal/rt/stubs.go:33:22: undefined: GoMapIterator ../../../go/pkg/mod/github.com/bytedance/[email protected]/internal/rt/stubs.go:36:54: undefined: GoMapIterator $ go get github.com/bytedance/sonic@latest && go mod tidy go: added github.com/bytedance/gopkg v0.1.3 go: upgraded github.com/bytedance/sonic v1.14.0 => v1.15.0 go: upgraded github.com/bytedance/sonic/loader v0.3.0 => v0.5.0 go: upgraded github.com/cloudwego/base64x v0.1.5 => v0.1.6 $ go1.26rc3 build -v ./... $ ``` * chore(utils): update version range for json bytedance/sonic, to include 1.26 Signed-off-by: Dwi Siswanto <[email protected]> --------- Signed-off-by: Dwi Siswanto <[email protected]> Co-authored-by: Dwi Siswanto <[email protected]>
…6908) Bumps the modules group with 2 updates: [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck). Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.67 to 0.2.68 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](projectdiscovery/wappalyzergo@v0.2.67...v0.2.68) Updates `github.com/projectdiscovery/cdncheck` from 1.2.22 to 1.2.23 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](projectdiscovery/cdncheck@v1.2.22...v1.2.23) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.68 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.23 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
projectdiscovery#6828) Clone the data map before modification to prevent race conditions when multiple goroutines call evaluateVarsWithInteractsh concurrently with a shared map. Co-authored-by: Claude Opus 4.5 <[email protected]>
…very#6969) Bumps the go_modules group with 1 update in the / directory: [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls). Updates `github.com/refraction-networking/utls` from 1.8.0 to 1.8.2 - [Release notes](https://github.com/refraction-networking/utls/releases) - [Commits](refraction-networking/utls@v1.8.0...v1.8.2) --- updated-dependencies: - dependency-name: github.com/refraction-networking/utls dependency-version: 1.8.2 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go_modules group with 1 update in the / directory: [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519). Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1 - [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: filippo.io/edwards25519 dependency-version: 1.1.1 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…7006) Bumps the modules group with 2 updates: [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck). Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.68 to 0.2.69 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](projectdiscovery/wappalyzergo@v0.2.68...v0.2.69) Updates `github.com/projectdiscovery/cdncheck` from 1.2.23 to 1.2.24 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](projectdiscovery/cdncheck@v1.2.23...v1.2.24) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.69 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.24 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the go_modules group with 1 update in the / directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.1...v1.6.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ntf(...)) calls" This reverts commit 10421e9.
…(...))" This reverts commit 0b9665d.
…-ids-mapping-to-template-ids Expose cluster ids mapping to template ids
…7081) Bumps the modules group with 2 updates: [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/cdncheck](https://github.com/projectdiscovery/cdncheck). Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.69 to 0.2.70 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](projectdiscovery/wappalyzergo@v0.2.69...v0.2.70) Updates `github.com/projectdiscovery/cdncheck` from 1.2.24 to 1.2.25 - [Release notes](https://github.com/projectdiscovery/cdncheck/releases) - [Commits](projectdiscovery/cdncheck@v1.2.24...v1.2.25) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.70 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/cdncheck dependency-version: 1.2.25 dependency-type: indirect update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Neo - PR Security ReviewNo security issues found Highlights
Hardening Notes
Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Fixed issue #6674 by replacing panic() calls with proper error handling in the template loading logic.
Key Fixes
Replaced panics in pkg/catalog/loader/loader.go and pkg/templates/parser.go.
Resolved "no new variables" error in internal/runner/lazy.go.
Updated function signatures to return error and handled them in the runner.
Proof
Verified compilation with go build -o nuclei.exe ./cmd/nuclei (Exit code 0).
nuclei.exe binary generated successfully.
/claim #6674