Path-Based Fuzzing SQL fix

[tarunKoyalwar]

Issue Summary

Original Issue : #6162
Related Issues: #6398 , #6393
Integration Test Failing : fuzz/fuzz-path-sqli.yaml was returning 0 results instead of expected 1 result
Root Cause : Multiple encoding and path segmentation issues in Nuclei's path fuzzing component
Impact : Path-based SQL injection templates were unable to detect
vulnerabilities
Resolution Time : Extended investigation revealed deeper architectural issues than initially suspected

Timeline

1. Initial Report: User reported URL encoding issues in fuzzing, specifically spaces being encoded as + instead of %20
2. First Response: Attempted fix in utils library via Change encoding for SP character utils#663 to modify the param encoding / decoding to use %20 instead of + generally ( due to possible large breakign changes , this was made optionally enabled via env switch )
3. Deeper Investigation: Integration test fuzz-path-sqli.yaml continued failing, revealing the issue was not in utils
   but in Nuclei's fuzzing logic
4. Root Cause Discovery: Found multiple issues in /pkg/fuzz/component/path.go
5. Added PathEncode / PathDecode function in utils ( path encoding / decoding helpers utils#671 )
6. Complete Fix: Addressed both encoding and path segmentation problems

Root Cause Analysis

Issue 1: Double URL Encoding Problem

Location: /pkg/fuzz/component/path.go:68
// BEFORE (incorrect)
escaped := urlutil.ParamEncode(value)  // Used query param encoding for paths

// AFTER (correct)
escaped := urlutil.PathEncode(value)   // Uses proper path encoding

Impact: Template payloads like %20OR%20True were being double-encoded:

• Template: %20OR%20True
• Decoded to: OR True
• Re-encoded with ParamEncode: +OR+True ❌
• Re-encoded with PathEncode: %20OR%20True ✅

Issue 2: Incorrect Path Segmentation Logic

Location: /pkg/fuzz/component/path.go:35-56 (Parse method) and /pkg/fuzz/component/path.go:88-140 (Rebuild method)

Before (Progressive Segments):

/user/55/profile → {
  1: "/user",
  2: "/user/55",
  3: "/user/55/profile"
}

After (Individual Segments):

  /user/55/profile → {
    1: "user",
    2: "55",
    3: "profile"
  }

Impact: The progressive approach made it impossible to target individual path parameters like numeric IDs (55) for SQL
injection testing.

Issue 3: Wrong Encoding Function Usage

The code was using query parameter encoding logic (ParamEncode) for path components, where:

• Query params: space → + (correct for ?param=value)
• Path segments: space → %20 (correct for /path/value)

Evidence of Failure

Server Logs Before Fix:

  /user/55+OR+True/profile        → SQL syntax error (+ not valid in SQL)
  /user+OR+True/55/profile        → 404 (wrong path)
  /user/55/profile+OR+True        → 404 (wrong path)

Server Logs After Fix:

  /user/55%20OR%20True/profile    → 200 + admin data (SQL injection successful)
  Unescaped: 55 OR True           → Valid SQL condition

The Fix

1. Encoding Correction

- escaped := urlutil.ParamEncode(value)
+ escaped := urlutil.PathEncode(value)

- if unescaped, err := url.PathUnescape(rebuiltPath); err == nil {
+ if unescaped, err := urlutil.PathDecode(rebuiltPath); err == nil {

2. Path Segmentation Rewrite

Parse Method: Changed from progressive path accumulation to individual segment extraction
Rebuild Method: Complete rewrite to reconstruct paths from individual segments

3. Test Updates

Updated existing tests to match the new individual segment behavior while maintaining backward compatibility.

Validation

Before Fix:

❌ [✘] Test "fuzz/fuzz-path-sqli.yaml" failed: incorrect number of results: 0 (actual) vs [1] (expected)

After Fix:

✅ [✓] Test "fuzz/fuzz-path-sqli.yaml" passed!

Manual Validation:

  # SQL injection now works correctly
  curl "http://127.0.0.1:8082/user/55%20OR%20True/profile"
  # Returns: {"ID":1,"Name":"admin","Age":30,"Role":"admin"}

Lessons Learned

1. Initial Diagnosis Can Be Misleading: The original issue seemed like a simple encoding problem, but deeper
   investigation revealed architectural flaws in path segmentation.
2. Integration Tests Are Critical: Unit tests passed, but the integration test failure revealed the real-world impact.
3. Context Matters for Encoding: Different URL components (query vs path) have different encoding requirements that must
   be respected.
4. Progressive vs Individual Segmentation: For fuzzing, individual path segments provide much more flexibility than
   progressive paths.

Acknowledgments

Special thanks to the community member who reported #6162. While our
initial approach of modifying the utils library didn't solve the core issue, their report led us to discover and fix
deeper architectural problems in Nuclei's fuzzing engine. This fix improves the reliability of all path-based
vulnerability detection templates.

---

Technical Details: This fix affects /pkg/fuzz/component/path.go and ensures that path-based fuzzing templates like SQL
injection, directory traversal, and other path parameter attacks work correctly by using proper path encoding and
individual segment targeting.

[tarunKoyalwar]

@coderabbitai resolve

[coderabbitai]

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details

{"name":"HttpError","status":404,"request":{"method":"PATCH","url":"https://api.github.com/repos/projectdiscovery/nuclei/issues/comments/3216998367","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.3 Node.js/24","authorization":"token [REDACTED]","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated comment: summarize by coderabbit.ai -->\n<!-- walkthrough_start -->\n\n## Walkthrough\nProject-wide refactor standardizes error handling to github.com/projectdiscovery/utils/errkit (Wrap/Wrapf/New/Newf), replaces multiple function-based error constructors with exported error variables, updates several subsystems’ messages, and bumps dependencies. Functional updates include revised path fuzzing logic, AI template generation flow with optional early exit, interactsh cache write-back, and installer checksum behavior.\n\n## Changes\n| Cohort / File(s) | Summary |\n| --- | --- |\n| **Repo meta**<br>`/.gitignore`, `/CLAUDE.md` | Added two ignore patterns; introduced CLAUDE.md with repository guidance and architecture overview. |\n| **Dependencies**<br>`/go.mod` | Bumped multiple deps (fastdialer, retryablehttp-go, networkpolicy, utils, bart). |\n| **Integration tests (err handling)**<br>`/cmd/integration-test/*` | Switched error construction to errkit.Wrap/New across http.go, loader.go, profile-loader.go, template-dir.go. |\n| **CLI main updates**<br>`/cmd/nuclei/main.go`, `/cmd/tmc/main.go` | Converted Append/New.Build to Wrap/Newf; added error tags; removed Build() usage. |\n| **PDCP writer**<br>`/internal/pdcp/writer.go` | Replaced Append(New, err) with Wrap across writer paths. |\n| **Runner tweaks**<br>`/internal/runner/lazy.go`, `/internal/runner/proxy.go` | Moved to Wrap/Wrapf for initialization and proxy-parse errors. |\n| **SDK/lib errors**<br>`/lib/sdk.go`, `/lib/config.go`, `/lib/multi.go` | Replaced Build()/Append with New/Wrapf; introduced exported `ErrOptionsNotSupported` var; removed former function; updated thread-safe option errors to Wrap. |\n| **Auth provider**<br>`/pkg/authprovider/authx/*`, `/pkg/authprovider/file.go` | Dropped Build(); switched to FromError+Msgf wrapping for unmarshal/validation. |\n| **Catalog config/loader**<br>`/pkg/catalog/config/nucleiconfig.go`, `/pkg/catalog/loader/loader.go`, `/pkg/catalog/loader/ai_loader.go` | Standardized Newf/Wrapf; ai_loader adds log display of generated template and early process exit when no targets/stdin. |\n| **Custom templates providers**<br>`/pkg/external/customtemplates/*` | Moved provider creation errors to FromError+Msgf or Wrapf; removed fmt imports. |\n| **Fuzz path component**<br>`/pkg/fuzz/component/path.go`, `/pkg/fuzz/component/path_test.go` | Path parsing now per-segment (1-based keys), SetValue uses PathEncode, Rebuild overhauled; tests updated and new SQLi fuzz test added. |\n| **Fuzz execute API**<br>`/pkg/fuzz/execute.go` | Replaced exported ErrRuleNotApplicable function with exported var; callers now use Newf; IsErr helper unchanged. |\n| **Input/OpenAPI & provider interface**<br>`/pkg/input/formats/openapi/generator.go`, `/pkg/input/provider/interface.go` | Switched to Newf; replaced ErrNotImplemented function with exported var. |\n| **Installer**<br>`/pkg/installer/template.go`, `/pkg/installer/util.go` | Consolidated to Wrap/Wrapf; checksum WalkDir now returns partial results with error; removed Build() on non-OK version. |\n| **JS tooling and libs**<br>`/pkg/js/devtools/tsgen/scrape.go`, `/pkg/js/global/scripts.go`, `/pkg/js/gojs/set.go`, `/pkg/js/libs/*` | Standardized Newf/Wrapf; exported errors init without Build(); host-denied errors now via `protocolstate.ErrHostDenied.Msgf(host)` in mssql/mysql/postgres/redis/smb/smbghost/smtp. |\n| **Network/HTTP/JavaScript protocols**<br>`/pkg/protocols/network/*`, `/pkg/protocols/http/*`, `/pkg/protocols/javascript/js.go`, `/pkg/protocols/code/code.go` | Broad migration to Wrap/Wrapf/Newf; introduced http errorTemplate vars `ErrEvalExpression`, `ErrUnresolvedVars`; removed github.com/pkg/errors where present; simplified messages. |\n| **Interactsh common**<br>`/pkg/protocols/common/interactsh/*` | Switched to Wrap; replaced errors.Is with errkit.Is; added cache SetWithExpire after appending interactions; cosmetic alignment in const.go. |\n| **Protocolstate**<br>`/pkg/protocols/common/protocolstate/file.go`, `/pkg/protocols/common/protocolstate/headless.go` | NormalizePath uses Wrapf/Newf; replaced `ErrURLDenied`/`ErrHostDenied` functions with exported vars and a lightweight errorTemplate (Msgf). |\n| **Headless engine**<br>`/pkg/protocols/headless/engine/page*.go` | Converted to Wrap/Newf; standardized error init; improved path/file handling messages. |\n| **SSL protocol**<br>`/pkg/protocols/ssl/ssl.go` | Uniform Wrap/Newf; simplified context messages; removed template ID prefixes. |\n| **Reporting**<br>`/pkg/reporting/*` | Wrap/Wrapf for client/exporter creation; CreateConfigIfNotExists wraps error. |\n| **Templates parsing and signing**<br>`/pkg/templates/*.go` | Parser errors: replaced parameterized helper functions with exported static vars; validation now uses Newf; other paths use Wrapf/New; `ErrNotATemplate` message/tag adjusted; signer messages simplified. |\n| **TMPL exec flow**<br>`/pkg/tmplexec/flow/*` | Replaced `ErrInvalidRequestID` function with exported var; internal formatting uses Newf; execution error paths use Wrap/Wrapf. |\n| **Types**<br>`/pkg/types/types.go` | Switched to Wrapf/Newf for file/path errors; removed fmt. |\n| **Tests**<br>`/pkg/testutils/fuzzplayground/sqli_test.go` | Added SQLi behavior test against Playground server. |\n\n## Sequence Diagram(s)\n```mermaid\nsequenceDiagram\n  autonumber\n  participant User\n  participant Nuclei\n  participant AILoader as AI Loader\n  participant PDCP as PDCP API\n  participant FS as Filesystem\n\n  User->>Nuclei: nuclei -ai-generate \"<prompt>\"\n  Nuclei->>AILoader: generateAITemplate(prompt)\n  AILoader->>PDCP: POST /templates (API key)\n  PDCP-->>AILoader: 200 OK {template}\n  AILoader->>FS: write template to PDCP dir\n  FS-->>AILoader: path\n  alt no targets and no stdin\n    AILoader->>User: print generated template (optional highlight)\n    note right of AILoader: Exits process after display\n  else targets or stdin present\n    AILoader-->>Nuclei: [template path]\n    Nuclei->>Nuclei: continue normal scan flow\n  end\n\n  rect rgba(230,245,255,0.4)\n    note right of AILoader: New behavior: display and os.Exit(0)<br/>when there are no targets/stdin\n  end\n```\n\n## Estimated code review effort\n🎯 4 (Complex) | ⏱️ ~75 minutes\n\n## Possibly related PRs\n- projectdiscovery/nuclei#6393 — Similar errkit migration across code paths; overlaps in error handling patterns and files.\n- projectdiscovery/nuclei#6290 — Broad refactors and dependency updates touching many of the same files.\n- projectdiscovery/nuclei#5889 — Updates fastdialer dependency in go.mod, matching this PR’s dependency bumps.\n\n## Suggested reviewers\n- @dogancanbakir\n- @dwisiswant0\n- @ehsandeep\n\n## Poem\n> (\\\\_/)\n> ( •_•) I wrapped my errors neat,\n> />🐇> logs now read so sweet.\n> Segments hop along the path,\n> AI pens a YAML draft.\n> Installers hum, caches write—\n> Templates twinkle through the night.\n\n<!-- walkthrough_end -->\n\n<!-- announcements_start -->\n\n> [!TIP]\n> <details>\n> <summary>🔌 Remote MCP (Model Context Protocol) integration is now available!</summary>\n> \n> Pro plan users can now connect to remote MCP servers from the [Integrations](https://app.coderabbit.ai/integrations) page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.\n> \n> </details>\n\n<!-- announcements_end -->\n<!-- internal state start -->\n\n\n<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKPR1AGxJcr1WGAAhNEQ6SAAxbAAvSPgMIkgAZQBFABlIADN4AA9ISAMAOUcBSi4ANgAWAAZK3IMAVRsUrlhcXG5EDgB6TqJ1WGwBDSZmTt58ETFaJCYpF06MbAYveFHsDw9OiuraupCKLlxnbAwAaXxZNA8Ad2dahPxsCgYSSAEqDAZYLmxuWmoSMB4eAeZCAJMIYM5SLhXu9PlwlBI7odcNgOvxuGRajYSBJ4CQrpQ0bR8ERMAxMAI0ABreB8PIpFQkEFcAAUGHw5AAlLUAMIUEj/ejULgAJkqIoArGBKgAOMBi6DijiVACMHAAzOqAFpuBDIWwZbLSHh+MCUkL0dJRGJxFCIBzG3CwaiMNCo0JOl6xGhEKjiDmQGiIaFW6KdUORMDcU2IACOHngGguzA8gfwkH5KIoWBq/IcHlwyFiwYF9Hw6UDsBeJCyGLEoRVGkgNnw+Gh5PdRaUGHEmTorJV3Pd/ArsewlFkUecaDYND4ZCYU1tLN8VGYAFEPooSNz0vg+NGnQpmNwOexkB3ELF4sSBl4wAvFNf0Bh6LEmBR+WJ7NHnpBH0u8QsgA1JAEjIAApGKnIADSQCyIrcmMvrSFeUgmkeIREGwPbUPAAYsmgDAMI4ax4baWE4YWkAJlSLwAESdO6FD0XBjHMZ0EoSqxkDsXsnESqMFDlsCJD0dyVwIJ8PD8lIPYepCJDiLasRTLitDYJc9gkNh57wSQGhEBobFceJcGYPQLLqty777l+0LDuW1jThuW5KCgGAlmgZYVoe/iIHW8CZAw/5udenRKIu15NjyzpxMa74eNg7n8twHhEc+jxJeIHgaKuM6bouLxXH0kBZUCuW+E6hXbi+9BZXlfh1OQiDkhikAlUe5U5Y1ToACKiNucH8lcFDqM+q4hHVzYkAI2DAvQs6wIoRZYKMVJEOG1qdMMp7kD2ox+IZ6YEP+WS4FQ34WRmg2eRdizQqpkjwBpWmUee5mvmVvzkfEQbUad/LpF435Pepmmpu9PavCQzq4vuHUIF4kDMNouGxM+lIMFSNwUPQu14WoCa4LITYAGqXC9eEcgcVYZNoCYqfJvrU1g/2QOyVwmvaxoshGW3RFOTpgHGCZJjOqaZo85D0J6Z11jQ9B5msuCwdNqMLFp/3PkozAcsGfrGg4xGoVaqZ+WawShMkaSxBM/pYEoNBiPhWAsjWM5pS8JEUJLSnS8+3nMLEkB/IcnJNgAguk6SiIrhpeCyiCclw62bfzu1ngdfnHU2cAvAaQOUAuxr8ul8dIA6yDXRVyCpemnyYKQyAsrX1g2MgpSlOq02lAA7IO03EiRVHIOIbCMyQw2tu2bpTZglyyFeiCffQXj2vrNECtmdAaOYlg8iwo/2I4qMuEYh+sHpvDSOwHBGFAhwUMcZwXNczhcPRAACRVUKo6jaBuogfAHgpD0QMFAX+Kg1CHHgAAbQEG2AAuvBN0BBiBkGUPHOQkBD5KBsNA9QKcbppTxPQTqsAXzoBdpvBwTgXD2GWiVW0wxj55hAVIWgec6aINwAAcjriQNK8hErJVCGgBQ6w0DtHgAIZGTsGY0UZF4eg9FACg5JASONDPI8EoHuCgbBaD0Q6qVOWk9eKXzYdIDhu9wEQLAIYAwJgoBkB8jgdBpByCG3xkfO+Ml+DCDjpIY0OCoH/00IA/QTjwBQDgKgVAmB3GEE8Vg0IrC/FUC5nQs+8hQnbj/jArQOgonGBiUYQy40iDsn5PfeidSDAWE0QASQwV4wUJ96HyCco3eKiAjCR1oLQMeVx0zkC5vAKp+4XiHjnDo06csKniEmTUyAnRvQ6T9K7AA+v9RAazmabI5GAdm119k+kORgHZ0hCzzEWMsOCaUiLiPSHOSs1YshIGUvETohZPGhQuqTSA+R0xKC8A7ZACM2xVj4HrKYwVWbV35DJW+PY95GAaZYSOBYsGuzHidOmkV0oXIhRWGsp4KDxwRtwO88AQrsHGtIB+QKG5xWbmmeW+5KUHhpSFQl05wVovXMGeAqN45FRurifE/4Y6cq4CkfAVwDB1LsRAMAF8UiRzqH1dcGhmC0FqfUxpkcWkpO8R0nJI5GCssZRAzRgzQg8g1VqnVequASLGaHfAI92CswTtM4S6lnw8nSmI3BtUiDzT+B8F4+iPJziIl8kxR4nSoHrleAgLg96xLppkZGN8Qg9mrlgfAsxJVcycoUJYJAdAsgAOKEHNKECQaw2lE3UPIVqmAvFJsoQATUjgAWTSDQE85dpBwWYCreAUZhIECYJDH45LcCr0gJESg6Z0iXCmqedNwTkC4gkfyS4YARm+x8a+caAYryTvLq7COtrD7ox0QNKQHh8DcComGpwr40RzQWnBf6cF1kswdnBK0HwHaXDglIZdgYXqk1tU0j4SUlDIApgmMOrtpopG9M+VhFk0QjseTQMAEhKZhynpAIgG7mCweo2BJSWbIA4eDMgF9TJ32fugK2ZkoccQEBAYgMAlwPBwSEA4H6JGRNwWHivFGJA9aeKYwNWBIIYDXKDSwPa54uDFnuto5AsarxxHvOzZ+OjrrAYuYGa5yA33kgdkxqwAaXrGkjk8BAzsswvAAPKlrxFce+uQoCHyRZfbThauAMD1bcqt8AgPyWzJcTo5mvEPI2jtKZ6XNpEbHXJ7gGWxhzsE9lzo76sH7nyxlhzlwSR72C9YWdXqQGaI8+oOOjxvC6IoDOtszXUwiq9lRBFlqJHYjHNcuNeink9q/dwUSLI1briyKIPAJAADqfRsT5kLItuCA7qCfD25AZbF0E2LYANzogq/OZgxRBnXiu0V/rItArBVePNDwtBOg1lWw7GiJJaX1d0Op0d/xEhLxHVwftQ6bNg6DMeebKi43pl+yRQ4ciXj8gm6x2b5W/SVauze8QIsaDcA6vuKkwMFWICu7l8HSxURzmigYBrJwSDyGW39rDYQ32BYB95SglsLRw+Iy8N93lwq7WBKzBL1LoRjHUpQbSKJuBwTIL0cgs3T1Uh4DxuT9OaBnW5wGChQCVZyYeG0PAKWhGcpZw1gAUmgMjCQGBjW4NCJD5zWbwjoLS9p5nx4xoRuK5787Rd5au2g5JmCzVqAvXEVaPAMviZ6HHwUnQrsJjeM4PEyeCubTTznvZV2EQCbUyHQvnQ0/l/10xw+sxkDQAU2LyA7G30fr8Yb40CZ0IhwkSEaMhsOZ3Orcc1veWSH4HTfuWQV2YdpANg9Trs3Yh7mGiQHHhY4L4+oITlGU7evFYXdwJdV2/0FjACHPqCQUhXbIxh31B6UbUheD30j5H/hMc3I4VJyB2d5A+paQ459x88uAc9Oh1cshPZ14oCpsQNtldl4Dq9+ZStYh5cUCMt64KVwo0V95NFsViV2U5Y+ViCnIyVOVQgqUeV/kGU+lbVgUrUm5HR0wrwqlqBOsSUOUKU6BVg5FaU+Mlh+VcVBVhVRU0lapZIAtpV9FOBmMFUlV6l7E1UDBotvsrNWYJ9gxOgWg2hjoDVwEjUTUM945slnAukKwelm4mVsRHlnghQsBKBhI+BhgE9fUZlKAsAQ49DuABpN0VYDtcBPhKBH0phHMud0cut0hhJmB0AiAUJSRE13UpVnCEYzc5ZhI1t5xPwEZTpRppF5tbQ5YaxPlnwsi5x1xPxZs5Y2B7Q0BSBeJN1RJZY2DXFIBfCbpt92V1lLpCxKE9hZhjF3ZPwaRNB1sqBuB70oAkMOjWhuACErhNsnR8pmBEANBIi1s4JrCPQRkTQ1wlIhcQjsZ/xciKBDNYjGAj1kiMh9xRUzCLpnwX90haMNAEheBvQKxrpI4z9XFnxTpnCsgAN0xCi/jbRB99NvN6APU0i+AzcyUEwGB1BDQmQhlP46JZAVQOY2xbjjg3wsBh8ZxEBjFOheIMSRRsSQwHgvoq8XJiT0A31bR4Taw45xEvpqNoRH9xx1jEMsBfDxtuTcAEgmR0hH1YEZZljYBVj1jNiaA4Jr0Zc+A8xITHhnxY1cA9jCTZwhdg5EBRVpJYS0RUp0o/w5YQFLQ7jqB458gpVQIfiMQvpPDsxZtnCxiNAbSrgWR6INAfTWJ6IyVWSjEYIfTjJeIOSeIQy1ZUZvQ0ZA4Ej+QkisNvRUdPwsgmNZj+St9BThSPBRSORxS6AwhRIkN5cNiVsojN97DdiUyXCMJYBkB4TRj1ANAJjpFbi+A8TKAPBZBnwmkfNTiXC0R6JmjkdTp3cBQjciM/VjFrphyGYPR0xRp2sTRZAJdWjRdpyo4QR0xjSnlZY6Yb54ZURIAAhPtaBFsypEAGjipSoJEph7IgV8QLzyR1h2z0A6ywAqIplLQGZV86irzGjJJMRXFTxvQrVRAqRDMGZ0y2Y6Z+S0Argqp/Ay52l2Y/J4IQhcywAmAn1Qhc0AQMC8AbNgxABMAmQBAvwDAuOKpDVh+Ao33JjViC0lhJuizCwBiJYHfMbliFCA9MWw0FPIWgvKdLZhBNDhAO/D4u5BfNTAyLpivLYHk3qMaOui1MOPOM3z1lxFtEEq+34qMD82UHWAAzph2OQEQAQBeQHIRjiloEZniA4riOvS9mYJ4u+zcLcusvOPgntPaNAg9MgFAl0toG5FOlbPJ1jU7N9h7NtENOmgkT1iRWXzEE63oD4sjI8gkC9V9WZNISRJDDxC+0M1D3zJrE0HRQMCxXjXBRIIJVECJRGwoNrCoLLG5QELpR7HoKZWBXICMCFXHnaXFWkNSJlQpS4AHX90cCUJVVMDUJi00Idm0NwE6DXMoAMOmoxWaVaVSXoHMIYW6WtQYJmKwHULOQ2S0P+hWvwEFwoGOjAwRjXJb3hw2z6CaT6jLL+0oxKLONYuljrOYN6QyEuKlmzGfFdObN8tfBGIoDdL4rnJaPZTXMj3BzNxejMgHNCp3P9lBtiqbPGMmOhrYhHIXIF1lknxRtKjRojhgFMvzOElTGpy5n5GjLmXkpnBICuw5G7LeS8oUDumfm0QBrZUcvfICrtN+K+kzl3QDFOjvIkuhHCstRKI+WFVxpcLRSgGFI1nEBktkBMurB+tQE5g6kmIxCFCyK+jNLGk12Yp+rkv9RIEyByHhtHPTCRp7zXyMQ8i8jcSlsDg5lSLttMTpjAJttygqqNSIJG3mTquEPINJWat4Nap4FoPpXEBtSgB6pID6vEMGqkJxBkMdrkPGsmuYA2pUKMFOoWtdiWqEhEnvFWtuuo0MM2uNW2rNT2ssKFptTgH5ANpcLAFsvspoh4obOLm7stEuJwuSuSK+lBMT3iBSK5hYvyNNv+LplKNVviBYrNwkRwpoHOghiUoAoMkSDewD3WD1o8hknrpIHlRuoCFkGxA8CLK8A+orJvvwvvqUAoEfqaS4VlMo2uhImDBYGc1vu/rWsAf1oUHci0rwtiPvigBBqcLxo0EhvPPBs0DhuJvXPdvJqN1RqMTVmcM5AMAIFtRQYHLdPCsJqaPnLweurJues9vEiMCYKhWVzfV6BChKp7HpoyD527rHqRVRiUDpzpmVgLHAuxiLSVmxp0WZrRh5oUoMgjsxSjpqpjpeDIMaoTqXWoLasRLoPTqOuZXsAmQwE4KRTMvZUoKTv4OMbTvzzEIGrFXzrLVkNlUgAmqmCmuVQflmqroOQuuuR+QIYBHvPWoCeMPbvaU7stTMtsKERNI9A3p+qHufBDh72AIoElOgEUlwBb2DHfrWzfIHSpHvKeoit/JWRFpQbBrQYwehthqfJdpJvHPBynPvPRtIfZQabVpoYJucKJoYfZU6cnNb3EpYmpvzj5ouha0ZpuhZrHjZsUvdmcG5qoYDFhNmckcmycjlnA0FtQGOB2NoAkf7oRmNoKPaB5tDqYtTB3tvIsZMxeH/OvO9poG8kSa0xn3+L2MNPwNbs0dxVqp0fqpEM3iaoMeTupXapMfz26pZRYLxR4MVkccEN0YFRzrcckJSgLpGuLp8dLvLtVUrpiwWDi06BZuicNUxRMLaTMNPgsMScOqMFmLllZU/I5HUARmVjYGwpEyxl1z8hgZYsydtFjQSBdxIG2z/0fUyHiGdBkBIExCBjuLIkVm4QdqPIvFqndHoCwfQYlswbQbhqYDWFoAwD4XbGuO9ioAsvN0Uvwt6c/ExsRxn3f3SfVpppeDorzoJarNWdQEbJhubNoZGd4kta+xtbtYnIdeCEoQFcYq8HRtuaKL+g3pVsTWeeTTqtag93EHQg+dICbAiAg1dkphJmmn3oEaWaUeybWZeGCFcyBs4qYR5pYtQGnshLZPkbYtCCAqwBTauInKwxHJ5PRUjuqrBe0aEIapqphZav4CMcEOcYzuZV6oMH6pFUDax0JeXtGvkN8fgH8eUPJbmu+1wGYAYBpbRjpaMIZbieZc6TZdReSarKFFfJYt7YFv+xEuTzIDimeGqbHXuoMWoDA/+DgkZiKYiZXUfyphoGg6NxFuNfSp9IjmCovJZDNxeM0HeLGh7HSA9aXvsBJmRlREafDewbadLbEnMgoCIHWKw+4VTQUxLUdDphw+kpE2mgsqCgBg3UtNaCePgAkSwbIvbPuOfCrOWi+0JBgoWY0gcMDAaM13iBDl/f1khKwxwWjHtEDge0g1TEhD/0LRPmkmCF4kOCIB4noiQ4ox4lnLg+MQBPNfxHVysYEIohVP5Hxn+GozGkiF9QoLOPWJpoSRjjjmQD8mQElfiCc/B0NNg7AtS+mlNXXYi6YzqEk1CAY5k6tLVIRhCFmFttrPi6CxBwSGRGPPZAwHlG2Hi+xK5mHAw7aeOADPrF2rq/1aUC4AggkB4jzG4DeL65sjulLEtUv0AnfINjVNpBKdZxB3Q2Q6w0NK4BFsc6/xoEG7RBdHMSG/c/THogggO+hCO+G5qIaNp14mS727Al24nYYZO/u+e4DFweMQyNu+BygBw2hk2/bbiPojg64BDLe+9N9Nm3ojs79Lc4E5FUVPQFoCECZ2PnVLpkABwCQ7niwAXAI9dcCOQ/vQc28WKrG2AtvLi+Ke9tsxuqj1b8h2bsOzyLzTo4bzueJafpB6ezj3TmeSfNwQO+Ce8oLgQ6y0QRbeOnuxpMBhOeB0oQ4pKe0rcTzWfpjNF3cZ9q5Xy0AYueuMgznwUYG63FmhHG2dEznrVLIWKxhoxEyAwWureWCQq4I5poQWKGPEUD39F7j+2Xx2RkQh3TFbuV0zEdIiJ5BpeSxycOP4GuF1HCDZ3N553sWwXl2k7V2U6EWN2zGmDbHTp2CrHvNuD7GMX4WnHOrTG+MvNd5CDUxYUgoA8arnAvREsrHUxTpjn/tEEphpBXG933GCXPGi7vHT3z2ZrVDqNdVFAW7YnTV4mWX9qrD2XbU8uWYlB6B60UZFA1gIWHTuwkSEosBp/YVquoBegnQBghgWA677YphWouO5hN1gwphLgSgwJKgNByhv/dA9BP/v+GgUoCtwv59Br+wwO/nHAf4zAJwtuAFCoC8C+FiA+ALgBIEbBf8VQKoAAJx/8wI6AjQCqDFAgCqMYAwYBALGD39pgT/WQPMCUg65TwiJWQKgIwEECZQuAiQCwKIENZL+/QMgbfwoFQCqBswGgbXGYGACRQPcBxAAJ/4ihyg0oDQGKElCygJBhA9UBKHFBmhaAfcdICKBlDlAsBgyAQOUGIE8DwBt/UkJXGjKdBKQY1AAWKA0ASh2BX/CQQQIfSHV0AvxW4ERGEj2hpmccaaE9AfLY55oeYK7OyADpcwlAB/BcPnhR6b8mM+fdwQCUTrl9U6VfeQGn2hZKljgweGGHDHwgUBOaGAbmlENcQLh5ATefTo4HaDAsZ2OKFPvighZx09G6LQxtn0r7iBTGyLVod9gr5YtIWxBRvn2AT47tc6Q/A9iP2PYl0/GZdAJhXQMC9EO+owWgAwG4CdAlyc4R9q3UZY7VzUrLA6h+1tR2FUm5FH6n+wehYZgwq5GNJcWo6DMIaprFps2ThoQ8SG7rdlHcO3poNI2n4NiK8OoQ+DkAxOeAC5Vt5+Bk8iw5LL8FWHrCxomw6fn62EboB9eHvCZC0FdCvl00xoB/o8Xd7iItevgj0nlzXITF2sFAOCD8DXKxRjgVICkWlCYYrooQApa5HBAoSq9LgzOKVkb0uGWNrGxoGggi0jhWAmkPJbNP63y70AWu+aSgOhCtoTJHmvNL3h9mhDOUEw6QeQHLAzaBwz8wkIiLAE0olp167yPKsiUw4aBuQ4tA/seHcL/YQ4m6LKnwCciD5rwyMRWjJVqEaNk+cyRoQuyhY6IM+XKdoeuyr5ItGCKLQGoX15El9LUZfPgn0N5QDCEUA/CQj4mH6F0phJLGYWS1mqQiNgqWSgCtTQCRBSYzdDavP1MKhAEmBw3pJ+1SZGsziJ6Nen52uHA9qGDwg/k8Lo6ekoeGgN1hQA9bGsfh5I3iP8OyaAsfqLXChCHFrRKRI4eAWANAFHS1cpkJPAILCC+CIxMQggcUv8QiYS9WxIQcctRHwrwQZx8HZ6khUQBhBYiwpI8a/Sub9jVx64rgMOw8jjRKYNoLNjo1kAU9BCaCShKLwo5TJ4Ijdd0k+QYDpAiA3IXZgkPDFsoxydNM3gqiz7Gxngvg+Lldk96oRrygiFmio3ZqwSgxIUIUU0k6BF8+RwjD0Un3qHeieamQ/0foxXYCiOhXVMMdu13YpjYGEw9McS3H6zCL2OY9vslnzEUA66WQEsSgLLHPsF+r7C1NWJsJHCUme5LtmcN07/ssM6FWNMPmMxfib64k2bBIgzbK5nA1JBiqu3lEd8vKMUa3q2IGZfDaOJrDsR109IEc3iHxEjl6VwbsptJ/qfAPpI5KQBju6ud1m8P7H9MFGNHIZtInSB0N2m65HyXpPkABSgpGNJjHEnMqWVqIErCyMPRFoTN/aMJH6tdHnpzc5RYddAPq3kjnR2UWo4otmzKJq10iLzX3laQK7YSy2D6RCQzXN4KY0YqzF4Koy4CO9nAU0Ecp1hgbd8sMKDfqSbVBL1j1atqOZriCvCY5FR7U72KVWhgW9yKY4SQO/2hghx1k0MTyWM1OgJSxg/knEsAGcJ6B0a7vVrpeWNC1T4gfoaFJWESQJUj8OnE8P80cxhj+AnoPgNw0EIIxc8HwKsMnjXLgNxJwpCgE3nQA2NreVEqqjRLRakFExS7RiZn2YnBjOhoYzOnBNYI9DMWHVToR2ijFcFkx+7CVDxLH6ks5hl7SAjhSVZbDyxTLSsUvy7pJNbUAyIZO+UKkD1npHgsYHqLfIJA+oJwdEP9hCCtBCQm47wrBSPS0ARYevd5tuF0xTcfmTkOySdk/A+ZPcuKYFEKUXQtUvSAADXRpyxxUxtaaW2PxrSIWQDPfWeCiNkJATZSdNiBbL2aoARKdoYWQmBJrAiXK76aWUpDnBohJS3uZQGIAsrOzcUcETcAgJIC1dqAiASUs7LkySkyYlARBOmivqSkbSGpSnIqwmRwRJS0Mq+rsBIA+Y8A8uUkXODghVyU5hYeuZQDLl9BUOJAPLhRh5DCsiItI6aJKRlavhEEWQOOfrGU7CRVOxocjoNm8amC+BIwAQZMCEGwDa4P2NBv9IL4bpuRV6CmXmCz6m8PAYAJZsUFkAcgzJsJRsYUUxiwwXcBQi/HfPhhKlepxYfCYpVbbuQRaJRDAML3ml8MD65Vadp6NRngtfR8dHoVn3jGItN2TBcid5iRHJDYWJM8BSNidiBkqZ4wmmUSzplZiGZs1SAsCNZnSSKxu1Tme+xrEGA5mtjIYfIGymvhh6IcQBpWmWDpzPciAHkLgByA4JdySJYouONrLnCDMrYz4ZolNYGSIhkAcKukGFziIdR11T4E2HeKiAm+utJBoiJ1xLNG6Y7X1OT2Qmdg7ZLZSYhWHtrH1Pm9EQ+Fa0pI6LCGlOLRUww/6c8PIjOUqSHWtoKiWKC3OIGlLpjaKlgeIaGPlJ2Y/VjaBiwccYpqJ0xCuFih4F9msUTNxcDi1wgHJ7D7djEoiVxS8AeaWTPFjxbxQUHTCcMgZgOXhq4S6mCNkJtjVvnGinmLA6ARQ7mt9UFlNj4gVw5GNdDlh28Gi7SJUdUoDbatE+KM4gqnwxnp8sZgY6Bbn26HbyLGHBaMQGLjFpC8Z/fXFoP3xbcScFtgvidmNUKQFEAtAKkMQq2oySOZb7eSZu2xDx8eaxwQ1hkFowoAfpFKJzKnR+r0SOgxAhnkbKaSjoFM7AfsK2OclekjZDyobH8uIYCV1edjTzt2OBWDYvAVEOgOJEF6fhgUncxAJHDIwy5McVPTioCvohMFAJLuBmEnKRXS8PODkuGgSoibVxMV6UTHEio+Uor8ABTZjkpHRW0qk5OKuInioJWFMaVxK+lSzyEoDjoVQKk6HyvQAcrBVJPXmaECdkGz9Yrs92fHBs7kdJlZxLgPKpdltg3ZZ+FdgAF5DFcNceVgED4nw9VmfJtkrPsCqyd+SgBlQ1mOHKS5YnMMAMzS470AtVhsnVcqrwq7ysApij1OqtrJkZZemOJjN/SxQeA0VvNRLufykVVgTq1xI0RThhr2Kbq9MYEHJl4WhBmmGVM3NIpZAZVZaGAQPl0zphRVuyNHfcJ/EsVxKzVCS1NVTiEaN00lJPdbImpsUpq/FKSkMAzGzVKS1OearDrNkLXFqQSpatsOWv9avguyMVeyTWosSxLoSOJRtT2oCXyFOeDecpYzTlRMMo1Ma42giVpSeB5AtsjAOLxdA/yE+UAKwLQRImzLi+q+MyvGq9WKqfVFq+OJNIDDurOE00HNfQBwQSJoFoaiTqtLfWeQlVn63eAQSGXR0fRbymMSkLaGTKQxm7CmGGvkSjKAw/S/5QAANPlbYb5aCvki0A8N19PZQcuOjECCNTK3AMRvhVgrIAhqnlTiThW/LSNpK9XuRvBC0aKAXyn5QivoAsbRV+KtjYJrBXiQ8NtqDDWBqw3ND/suG/VJAD42orqVGKgVV4HI0hxKNhy6jDRsI1oqNNWK5GCJopVtMqVz1flSZrEhCq9KnIHjSpsM3qapVpmo1RZpOjUrJVmm2zdJqgCyak5qCxTRKK4CqbmVfK4zXSq00UbZEZEqjfpoaxhaWVUIdlT5uY3uaYV4q1ldRCJU2auNwqxzUloi2uaXgZm1pplvU7ZbrNUW3zYwSlSoayZcQ/DRBsQBQbYW2mrALpuo2JaWtbWlquRr5j+ruQ3kTfhVPfKgbOVTmvWQqsg0frYW6WvFSausUSZ5tVq6bleVjh2ratUAS5R6qImG9K2NMKbRQBNWta5tpskOZcLyVQSvK5GkWl1v034LVC1ef8YrlcyiT/xWQCKD+JnBA5SxMTEhezLIVnKV+hwqAM1DPgWVLgjuBID5nyBcAfMpq8Xl+GrSzAJp/q5FHqy2YKNQgeK8kJOocgYBIdzoAbD2FGTi8+oP24OCFBnr5b7NYQ5CciVtl46u0OJY4MTq0jJkOYFOqnYIVp3ch7yccbskxjW4UYuAczIubzWorFU+AncpCtNAC2Y44u0hB4IgGx2Dt/53lS/JyQk6QAIVwqhnVzE9BnqFGKkwcn4LEDc0X8gKyMmijqHDKEN2GhiZApxmkzWJBMxBajmQ29DaC36rAPAspmrLOJQ1Q9l4y2X0yBJz2jLK9pcw/1Ogn28MKJCOVt0TlwOuSaDsoVzN6FdlErnwEXzTQYdcOsqETpGkk7h6NwC8DZLylqSLh4JSRXm0oQQk8IIUQrsVNNYprslFXPIouRaX3N3FOSoOkeGNbXiWADPfcPrX91hyU1hXF/AOkQBEB0gSi8+mottRni5x/UagGgBH3MBF8Q0rAOztL1d7hxoSkIKcJcIM9IAHAMrc2W31j6KA0NTkJhLOIM8NAc+hfV6RjYrrCdHO1MMmA8DiQrsVDC9aJi8ov7V9s4+cX1E33b7C98O/gPvpL3nESdXlOCCfuNCwkL9V+wxbfrOIP6n95+z8K/vn0xT6In+6xQfqQNaRxMHIAA79WdLAHgpBB26lQv2bBglatNfhkhKZqvzWaA09mhhUWBoS4ufgYvec3vTALqJDuuiU7tL7e6oFSy93eY1jE+6EWAexGai0wXrLsFR7XiRHsn5GAXt84t7XHvwrJ6dhHdchecrMa7a/1Rze5XPIpTTQmQSPYvqEEcgVhXJRHT4m+SwnKUNp/NC4cT15KPkrg949fVKVj1tz5ZocXnTTtECZhyKObZUdiQxEeARWfs4w3QFQPITmdom9KMWIyBKRpIMldIxx12kBc3ytAWI9pCPHEkJIfQVXrxyYxhAEYD3DbhF2vqHiEjQ8WIwOq/Y81Dy+EY8r7KchCzyODertjm2rV8BrdTTR4YCs8PuTcAMUyMqFPqNHhnRo6JvqEBErxrH0swaEMrQakLqOyOk7A7ETv0P7iBwpQ41EvWmXlnwb+kg7ECc6QBgAJMDEP/ztGiQ0lDyPwGQ0dWm7Mi0gKdI1IoCLTfFJSipVzBZBtGOQ8pKfbaHyPyBY4wRShCUf7krpggRfT9KUbJ1AT+Q3Ibae/JbbD4QwlxJpXwxnpYYzKyM0Fg0OkMKaxlLutdm7q6H/ToFD6tQ97HcHoKDeVeaPUYciOiTTD0/IPdTOGo6HcFZ7fifoYMDV4as3DTLBgCVaxZlgzMiZGYZfanL09wjZJpujEAIxs9jCgktVk31KmNTm0KluqY5Asz6MhfTqNJBFpCy4qZuZpmaLWMfCzjLU2WWlXxAVglRnYsCVcFI7vSPed2NJjOp/pVqwT7HSvaiyl017Ba3g7XtpHK6phLTN0byLCOXKTiGjRFDkZQDk73rhRU7cHflxYXVomkyyEgAAAkk2e+rMz+WBCr4bZCjauEV19O80X8HpEg2QbNXWrrT1aFADWb9SDdhujBx/SjErhZNRzJ49Cm2bYrIA4aljYCSeLNV7g8SUWZdeQfy6j44sI56pC8BVawBxI8EcIbx3EOa0lIaK7OecVdiNmxpSKVesuUzOLnpYy5/0x/p3NmqNhLwIczoEzMniXQ53cczxDFYY0vm03UY73rdOPC+Kix4jssaLVYc1jGtGaN5DRUlyiA8appFYVtMTI/UnqY0Gas3ryF3z2YT8yGa9IAW+aSrIiyBeQDEgSLOJMi+Bf+Pnn0wl5knojqbNeUuAvZ781YoHPTdaLQF0SOgGhCgXApE5uspOZ4sIGf9/FkI32Z/Ns7EDUO1MGJYIsOUJLjFsC38adDyWmUrcrCzpfjW8WlLsJAS1+binsolL2llUxMgMupTiBvFv88pcEt2WXzRuRy/ReAtSW0QKUiC6Q3QsJLsLuTPC0bOWyfI0QAYQXYaYYRBL2KtTLrF5f7Orr7W+55YHRcIsJWM08gfSzJZ4j3ljLtqQylQB/YoiuAwYCyM4CmBrpaAEHP3prrMVsp4SEZ+1PVFnXRVpjd3X9VpCcjS9UQnzEOIHxPmmSJeDOg7doi0jAyQotjM+RfN5o4EvkdJr0WjNjqLtmTyh+QznzQ158vdyChre2iC1gsCQojJ8MMM0OpiNlUp8PXgsj0GGzThwJU43Xj3wAtkoE/7fS2OWkK9hy/PU4pKuV2HHojy8k5xSOZJ7FJ/R39smuGmyzKLAK0VbbrJU1lytJB/4Smd8FBzkYYecEQaO0q6TpeMlORsikGK57ZOtoHs/6dmw+mEZEaUeExidVqd+OBipyIhe8PacfqSosNhjYnRowdxdUvg4pV6IMD2kXJEJERWsIpqhFGaCjtcJgpUZZxTSGcUDrRXxrRduijo1pNiKe4t4cQI8BRdQbmaQzEix5CHC8VAQLz6ve9A1jv3RGRy/xdMCcvfIe1jbZ+jG16TCCnSXbFY5Go9xSl9M9M0FisJ0pV3HkPT+u+zXWRJ4+2Wzz5huFlblhWA+oPIKwAHZ0by058K6J809LhEpqPa+FbI21ymi9mZeEnQtErZOXGpO58a2A6/koNPMzicEWs9AGgAZ3ghk2ZKygesBp2M745bsOIC0iZgxoOII/SulTvp3NEwoyABiXiU6XUqXlZAMbYy0rG2OxAqexnYfWAFpzRnW0OhXOZemXg5d0xYVzZBcWzydtkHG3Y7tdFBSmapKEihrhWN5xYBRqzPaaRz2OcQCPaKfoelUNnJ6980VBa1lh2DyEd4Q4jYwAyrZ7DXMAD5klmjd9YLF0u/3S9v0QH1KDSsX1y4mvDYHX95B55CaFPgwTK9/RVNCAck8B0M54ohE06DhYwUSZWCi8Cwc88UHD0sJdCpIPx3Xayt9mZnYZVQBZV0JKVNw007TR0K6+UTg+eIHyoEiz4Q5nTFT2Z26yXANW7sI9p+QuAwAPyHoEnm781OHqI+SfKEbFB8hCMEODXaaR13iB0cV5DJNdisjO1gMltkinCFPwUt00cIa/1iAyYkAjyDUco/+se0zcl2jkFpHz2IAfxhwHIAgCICwAEwCTxNK3DOO7TsYGgWs2iKSctBhtX0bhigFgyegnCHyW475KEPwQZ8ZZdQCyEqCchvZRYauMRC0yYAyErwQq+ECaRmyB064Ski20QREUjj0Icx/fP3DM2cdZkouxJfQo2c4ESCK2wAG8e894gAL7X0XVlpc2H4AeR5gZRYNKY7aCoYjPn5/APAFeHcgurUipTvmuEVdh26QFUh9GUyehbjKUNCh9kwTN6pPbnrm0RUySCuo3UAXP9LUyo6rEZ6FJx1DC7QE7nb6GgTScVhOJEOxonbxRN2kw3fLurJmLDFVjDHVb4g4RNADALTF1ZDHPb7Y1xEGYQuvEvDHkmJcJZxL4MWG0l5KbJdVIGiUO1K+p5Ob9kAaXS3w4xbFLrVf7Saqj5lziRSlsvlmbYEgGir2b+GFm3U5CcAwvmXoR2PBkkw0qCcPi+a1JgMD2yRm2otacvWlIRh9aWPyHXMIyUrD8DK4nQH001lkfJt7Phbxe6M/Ot5qSQ9LrQPUdPvWlNg8L1ynqzGZON+z4HDBwpyYlfLFBZpvxC5igArDhvjnBQvjAfwhQsPDF0ikFYxtwigZkjiSbthegcwpq87kb1MNG7GDTz6AGkd/D6J9PxwGOhEopQDh4ae6pXWLtvOwmyhYYEYt9jO6ic+CXMgE0IJyNiEwsRNYXNgQhzweQDO94oIw2DfSdolPPtrLzlk/tqmVsSXgF94mdAu5Pxm536zvUOJRjjiGOJEp0PaPwesymdlPzn7OdC8LJYQGBAWjNSvj2RBOsWyORIIBBf/WwXQNnbZx1sM5p7D4N1sXLAcOFglbHpSOO+/5DgMlcGlCembpso5S5OIh18dcgQFIAEALrmD6vgCBvoBAjAXtfGu310GL1toYA3y4cnNMFj1LpY8A65cY1iB3GLtWrRyCzGHJOBlwg/u2IiYaOaZJ416QduYeBCgnW0Hh6RQEfBAxHjdW+U55wRIyK6HWeG8BIQmfZuzuGdxxjQY7uT00J/vxyPnQnkjiAR0xDJqm96jjW9D181NE71v7joiuWjF35CA9VJAR5M/Ir1E+KD2bBpR4kpbfEnZ3pAedyCw2tgLENCyuFu8/xnmMZle7pDcdei8rLRheLW69obD0ns9DgTKPZtDKoPuNgT7lgKLx6CeAVAP7oHQDa5mr8APINitQsBFwEcQVnKKD/iFrTqAGQAgeD+9r6N1jkPZS9zwByRfA0Ip9wzQLR9FWc2PJqx7l2OWTXgkTbrR3XcPouO4HSG5kb158H9p1u2pfh6j4J+IMoXzRynkb/EFU+pl1roCkZc8+d27XXdMCw662+UMoK93N1riel8veZfHrcp6vHl6SwFemcRX194gHVDlfdhf77mTV723gfQPHN+5SLR+/3u/vO0AHy+6s1kSQfYpyFx6QSDqguvP9Hr86rNf9fdXCsnmpHHWwJAPs2MJSJ6iuDFD0XYIp0BZa+xcAgDwIRg26XG+m2+Y9HpCyQZYrEg6fa5Z8MD6p90RArPEcJ55HQZXBEAp5an7gCZ5sAmPpDYgR6S4CAlL91+zQNx/3B4GBy+39/f6VeUKp6fkuCiD3DmgK/ApxJXfDNvWKRxZf8v8X0r53CAHTdZ3igFkAhPavCugC5Zn1JJOfwBfpv4Xxb7F80+t1Pvod+wf8+CFAv4Ml3ldj92PqKJyrzg4q65jVLpRWnpq3jmKEdOdi19TtpSb4ChtTa/vbByF/t3wbGTK7m73Ibu8bvPn2dFL2srS+SmMv0w6998/lMZZfvSwwr6j7Fx7JReWyTI03UkkA6/rFX8H9V8gDdz2kxprJlgA9I8gUfaKg7FY1ID7A3ybX3ALWYGBwRyflPnH8f9g9AMvo+/jrzfQQ9drPuqVg3Dmgx03NJiM0zvc3drJ82b9K3nj2t5VwzS+9GVQPG7HkQZG+GVvGzg4Zsrf7deb5EP6Z2dRsd5Lm3OiAaAkTYCzaRmmOqS6GKXPuVpekrwty4iUMUDuo9SKzCSb6QmzCbpsU8Bl5RTm4QjMpywqEqhCx2gyou6bWTQvX6yG82k34HW3Qru77yPJgmZ8mAym37B6HjLTJXuE/Nl63uGcH8z7Qy1DnA/WT7DP5g+lhuC6bsk0MrhJuoeDZKF8GaNMhC4UMJySXA3JKA6+0pELejoQ6FDfBO0/fJABNI0IMbSIANIHczh85vtvQngNbEYFAYNZkWhdIgMv+CeBHaDpCjwFIv/YqgsiviRKAHyFKwIwGJHJjXQoDAfJc0WrtpC6Q0MFbYtw8QbxAqgDnCKARkG9jMSgeVaJgA/ArPoB4Fc0iA4A5Ql5NeTTWjJDv43QAcmm7vkqMOTgc2awFs5HgNgUaAy6M0LNwi6JgdWBhQtoEppcANxuhjjgnDv/ZIUNUO5Ah2YDs5BrgcwWowAes3M24gyswM6BrA5QXLYzS6FHIDECAUMTCJoZUgqJSO+JkYH5YmnkTbvkXgO4GBBnuMEHpBVJHwBuBc3IxCsQxAmSK/QlYFkQJOaQcfDXQvCs+Bm4HqJLZFgvkLs7HSoihEGNo9ANkFd8RRsmyDqHGoWCwQxApmCxktoB/6AhekK+LhCOap+hkWK8MQJCAlFBR4vSs0J9gqiIQXpB4mstP9Rt6wiBNB+AA0OKiy0WVC9Ceod4ACAAQ14DBDECSwLyzze9UJJgpqXdmwamK/INrr/ULIIv40Az9EhTcgCMIsTy6qqvTDrAIrExgVW0mP0FnkjCEJwXEnFMBpAw2QJEE3QctlhiMhRgWaCTgRgSQipMn6IUS6inwAlguKOsINBzcqlDcFhc4DuLilgIvulAWUF3o85bWfolwFMSrJvd7Is7EmMJaGnfh95cAWTgk43uffunDbQmcPIGHQToFcglMSgdsLamaevsLqBZjAqE1uxFB7wskYgAihcADgakgPSPZKiRQOlCBCEq8BZlvAPBaukmz6QhkKGSw81yH5DpKmsm4iMQ/0EOFqwwCIkBKQkwd7AiYM7lNDwO3YU6xth7sH2FsQYyBOHEBn4Ow4L0FUnsA1UF1uKL0U4UsDD+CGzo1zLhrYUMHoWxTLgANAKQOFhZwuAFsg2kJYLQCXiKPGjzBgo8OLp0w9YSPjUU9gGZ7GgItPqQ4e8QHxAFifcBKDqgkPDBFwRV2BMFDB0wcaD0QCEXwjDhPtJahQRokhhHekiIjui4AbqtSELQ+4ZQD/YR9kgrnhB5CIa4RnQBhF10rrNNBHMqVm1Zeg5FL/JkgwfPmwtsKVFpDoUL+Dr7mmi+kyhIYnTCLjswemM/DDYDsFwAiOgYBoDyOFYLVYjoekGdJIWkAIASdAs4SaBLcocKqQqQXotfS8IAErZjmQL0J6FzQCjvkp1aXMDbDX4GAPbATs1oJWHyRXVupjBgSFE+HyBWyDbBIYzkfCaIwtKJQizcHZpKGHG6YExD8QXEExGiQfxucTjohTv/h4hhaLnbWg2nqlHQgZuPRBcQkAD5h2A0AM/BiQ0RnLCS2fsrlHcQ/rtCAyhZ5DNIRR8VDzAUoM0pkCWSUjsgD0ReUQVEwAxUXFFpssHCSASOZwZZLXQQwm04tcNnASC68LUZ0EL+jQHGaVhfGHrD80/wAlyoeOISpG/gx/P9RXB8EGbizBbkA7QU2FEFtHJw6FrqHGUSIt6C1Kf4B9ImcVbJ3zd2VsPFSo8TOGdDHG8sHHC1+lMFUizY8DvcGAQIsMGGUIgkUMFk2HqHbBBIRyChTYIT8gUKsit5B5HiOuemBBIAsiMCDtooYbX7LuEYQl5Rh67rwG2oFbMmZdWoWscyeRuAN5FyB7AH5GpAAUVDEYALINCAAAVNrDeK0AA5rX0v4FSCfMeGlmHsAHWipqoEmYdTHZwfgHmGaA1GNJqiB57pMK6GX3tIHphAsJEB3un1KD4WGIOv+4zQ/RnLAM8NgHvxGy9pIiSBaVYB4AYgfACn670JoNjDXkYAF4Cvo2kJ1TkAqYBNrgan4PrFeAhsWfjGxq0jXASivNI44y06YMODmxQrD+x40OrpCSVYSth7EGQ0DH8Fqs/4JQEkR1AS1zhCDQcrjDguse7EGxbYEbEB4q0n7qXM8gKvZAOEirVavg9VvAAf2PQc7TPwyMGaqFEPsV4Dg8vpPGovG5GB5Dy4c0WkBSC9EPXH/mOJE3EFxLcZlSdxhFA5C+wrcb2LECpka8DPRDUcCFb4o3CgG4C/cXvzWKw8eSDYqrwFCjzxU0IvFfQ2OCvHVKVHrGgQ8xAvQGix0IOBGhAfcQPGbx3sSPFdYV8T9LyBr+GibUEsFKmh784CGKL2BiAHrG5xuAPnHbxyMKbHmxAfsWDbE+ZLEDzQqLjXw0RR0SXCx+vEA/GNxT8WAklR3ALACOsbfMvbee+2lyaPABpoIGA0KQWApAJnsXnGYJgWvRJXYI1o0R+eWAarozWtooIj9G3/l2IVgIcDJQWMQYFjFaMjutd6Rh2MtGHN+M0PHyaqchin58ascV7F5USciyBHowCArJzgpCQs4rO0EmcSCxeGsLFhgaOGtjHQfmnaib80ifNquxyMHInAJoCUnLkaZuHp54aoarrIUA8iTQmKJq0tr7BmXpOglDxtCYKq6J+iSrGGJNAMYnimWComEZi2yr37V4E8eGCiceyOVhWM82OnhMsYzgWFsyqgZrEQ+M0Aaby24XIIpJmckY6HKS/HF6g+wLnmhIxiE3rz6fEh3vU7R255OsaUIQDvUnykhwJXF4w1cYo7pu23uegz0YzragTUu3v77eQ34Tew6YUrkB4MQSSdIjwAHAMYi1xB4jiBGUa0n4ZyYnrnmg3BKaiEDa0ghGwCtOG0X16iimiCiJaGLXNu7aBrhIdTEIZ4rWiEelwNKQtGFALeKqkJMAKQgEzoVf4ViqxOpTb6ryXCKyAbuFWBsAxARn7GeqlCWZf28XhbyiG1vJq5S68NlgCjR9xkAHQwfShKKCJc7MImcBeMWIkExyyg94zKT3vwFzKgejLERJF7lElZe8wrEkYAmBBP5nUFAKQnqxi/Nknz+GAfsEvKhSQN5YYhGvRoSapGq2ISIKfna6vBLVq0H3GGRJqQuQ6lC3AT+E6EpDLQIVOyjjGchpYkvA/KQxpohoQBjDD2CYB/aceeAfRAT+xFuQ5g2JGjfFKpigEiqIi5pGwl8pdGtqlCaLIAqnyYToIoAUcxHDdrdsuEh6pNgDPEhgJowSCWREUxJkoCtR4iKqz6Ip9HMwOAuRHiTFmCLL2xy8uEsoxBedfCKJapgqe4xOxpgadDCBlJNfg5puOh0Yv4Vth/GbecQCXb+yz8WApZcIUNmmWpO3ifRYpDJjjEQKt3uImExwjqTGQAiusjBNp2bhXAEk/cp8ympfMNM4ZYcSYym9ELKdRhqweqRJwGpPES0miapqcxbmpWbmiHupyqUI6SJHqlwDEx/2EOk6p55G6lLQnqVbbaJtZLSQ2xjRBOnzm06fSk24s6Yljzp+AKe7xhHflSnyxPfk9ZKxemCJgFiPeKymySJYUDZzMh4NJA5q4Uatifg0xtfJn4aHtA4iKZxsay4Bzwk+STeyFtN6QWjIccDbG9UFNAFJUUtwAVgRpvy5tk2NkCKYAGonuJAZUiA7BMQe5vFwLRtjJ2xxU2fsJD28goBrLYR3SEUkFSgdLWTMhYJLpIf+JvLVCv+VQZMYfRExiKl2eLadeQ7Ot8HDIpqlau6470SMAeynomSifDMpM2EAHnQOrPMz1spAYH4ZpefvdK+GJ9KqzDA/hsvCEuuANzR9J6sMBI4USJCEBoou9oICDEgWi+pExeYLABIYtVusBRWbYDFasYj5mxGnQjGY9FWarIm/6jqEShkqF2hTBboFWTGPFlGa8hPFbZ2SVkimP240jG4NkpUNIpFCtPmb4/09/ilYJ2lGLcxlZR4BVk0Bf5sciEAD/Lrh52SWbJkFqxikxi4auWfCCh+SSm+L6p1cb6gluMmbG4pZ0Ukxh/maKtxjAEzgbhYnUfctjCb4PzCeJ6KlrhX7kI5Wf1nECHani4bCu4lZqVOcSuBCSKfkGrAeWcVNNlm0s2eRkk8fUCNk/MMfB657ZT2STwxqmZndl20X2X1nSIJPOWGWoq5kignmn2XNLfZLHl5qVCOGnuY70gOQdnA5xAmeKz05CAXYuutFoBKqQNYMvYxuj2UDljctqC+QkQY6LFAQUdCAdjcAjZutiXAVILky92HtvsT6pMjJBSOANOU9lmBlqCp7i8bQQZLIpDrq1aupzgGzlSM1EKjC5IB7Bro0BsJNsSsot8hY4WxFJhA7JuwBiRE7YvNCJTiGF0agEZM60VpxAiwEoRm+83NFa4ukfQMriZuCMOFQroZ4F5RCwlCFLnkerOcunm4BYDrwcgLHG2yaiX2bCRtpS7uGGdpjft2mEp0ykkJsEAgaImpC+1oSmIJPXK94h6csd4wphsAGmF0pYWV4CiSFUGBk6mEGdzI2GmASTb8cr4olz8yRyIg6QAvbr/YcOVjkpDQe90frD3i2+vv6H+gwMyhXAu+P7q4OIAIapiglQOjqHaarsgGl+NiqEA4IeKvDmmqOJJuavgZ5vlbdkCWAJkmKvesiRm4TRqwFheV3rimRee1ixIfOsXpHk7u7zhkIyGSeeIGbKn3v+nfeqeHsh14gmD8jz6ZAGRLu40iAZAZJgOlkm6mOSbMSFs7+XdQJxD4inF/Uk4uPRH2ItKIp0ehHAx71Jdmk0lemkUlhnUWtuoiK2ZOEm8hrETIFIBppTbCLbv4ZVPGompY6Y0RDcb5B8YvAZBRuamSxiMbRy2TaLrq9mxArDyyA7UFQWz5k1nek8xpBcBDXcdBUUkMFEiEwUNYZ3IiBG0Q8YGCsF/5uzS0FlSgIX0ANNiGbR+RnkszXQKfnp6wpVmQilj5VoQjazIfskppNgHDAEHzWWfGXze8dqkRmB57AWdaruXaQSmKGWdOEkJhv6dKZSBtKXfk9ADyRsCFsIIpB6f5KgRrE/5HKRUGWgcPqrlegoHgmDLckLtiC9AJYPxp4QUgG7hFsBPmpw6FQmQjaUI9TKboYZ8xjUkwFfPkJb1q4mkuh8YARNIywoe/JBCyWEaW6AFgxGpyjJwnpoDC5FVGeRmxSEAU16OGdRSrB2q1RcVYyYjtPUUCpS6GdFRc+7myjL+UrJcQlSwmcvQ/Uq9DfIuuuIQpmdm9nn4aDu8aRbRzcphQn7nM1heF4yGeKRMpJeRKcfkkptBC97OFP6SnmSBsporHV4aeNRhp4MsnnnFhgNjklF5Zko14QeAnAQAzZVoS64dxGGGABS+QIvcbPEtSSRzR4zHBZzy8cNuOwBgbZtzTBKtHNJx1uz4BAnK4lLv6ZqwAXIsCeh0Qh8BdI7FK8S2ogaRgBOcxMRnLTQnysCD6xnVKLYXq42WujeUR4V+FM4JNLQA8ZPNI0nPkeoTLa2gJfhDLTI3Ka0Z54SchYUVudSjer2BWAHEWfIlAMTFDyAgVJnuQmkpY5UlnceCUAO7Zmvb1JPOaRnIFPPoUV1JqxvyVqwP0ZSGRK/5lKiYl4JJ56KK5VumZlucMfyzTu5ASLR70wGQeCEgCsMEhu8RFDpy8pAYGoV2egcElQXQAoCmCeUVsflYhGnQOXYuhCirADAst6jyh3u82ohrnMr6p+BIY1JWcy0lApkXh7ILxXshvFzdGNnLpE2ZRFV6lxHiogl3ISn7glYFvAVs86NiaX0QTZZaAY64JWwz22KKgyU5CIqPglPFZZeMAVljGFWVLpH4r6gQFDZaJpB4o5aG7AgdOggXkqxqcuWi2K9muVkMFKS4V3F1+e4WXs45StSyIeyGsSiwNLPaDxg7xZV4UKELtrG9eIZST7RGy0GwbiF0ICJgKoCDJxTh4gmEHwbEn4LWYz4uAANAXqdACyAflqsN5JNY86KpFxxIFWBUQVZCGAExSMFZNxAFqRvwnSA25qWpxwQGIgBz6osCuiAMSQOOCZohESIbXQK9FIVQJ6bqozd5jSjmhKZi0A57/2XLGBWoxEiE8ZGFhMmixUMFBRCj9eCrsZ5LWltET7sR6xSzjR+MFXriMC7OQxUzuifge46aUJiyAiioFcGBRqv5SqkdK8lI8A7FapEIxMxGWboUYAcEH1ABAfNOQDaIK6BNgMIISXegGFZOosBVgQoOc43CkNlJUOlRkEyh65shHHDEuASP5mrS6BcLQ2UYFWADdgbTuSD/2xtBkresx5txWz6xBuZAEilUnZWwYSACRXxgZFeWRrYFFROCHFO+bjF75PAeHlbyFxd7ooK6hdHlcxnhSXg3l15VeV3lYpgeW3FEgceUPFHhaWXnlAgJeVLw8YDSzDVuUAEUp6v7moFA2LRo8A4VWIqswugVDDBUxVZAG06um49EprjMRSX16zYQnphVGlVhPx62gDPNpXgVa1VBWYVpmXryxwBvH7oWFuVUCmpAcEI+jZVYGNeCUASxgOhPVKQAVWfUxVS4BsKkHoiJF+FCYWbeUIpSlXBgq1RepH6fsr7z1KPNCoVCMtFYsVSFuBYxXs0YfHcbrJD0klUdE3FX5U8VPjMQalVOKeVWvOUXnHmOFR1i1TPeAgVdGmm/Vc1XMAY1aNWiwx0PBAii31TbAvVHIG9XhAH1RQBfVP1XzUEVYgJKS34+QAnKFVNAADWyAQNXJjkVlFVfTK1E4IjrWVX6al5vekSX+knls1GeXNV5AMtTG195XP6HCnKYGACK+4EhmZsqRsnjWqeZhsaE5paZVytS2YBrKPkuAK9UaA2IAwASAEQLrxfQhcj7V+1EgN3l8W3WUjXSZORvqXhK0UrFJeSrRT8wQQgGrIBBgPEPkCTcK+TgH5F3PjhkkGSdVjQp1adRnVwQWdWhZho4KaoWOkVxQ1WaFqlcF6DufmTKKBaRdP4KoApnuoBVpDlFPRCZdeh6glSrtd3qE5KamRbTGEim5kNuW+Zd7k1IedwFh5NNa27xekXigq58F+WmJX53fvrU5eNeHsjNVREShB7Ih9XmBm101V8WohwyIUrEQRlSXDcEK1bFXD1xPnpyfctwmcYAVIIEBWnVKFRdXnkB1RpF9YCFV/XIVwYKhW7w+1WBVYVc8SEkkA8tbWz81/giyC5iSEOCKmZyNUq5Hxpum2GwpjAezTaFvlRGVxAO0EVmH2h1D4oJIRBAlzISnSuKUzGKEfD7wVgFeDinMFoJqogN51ZBVvgFrlNh9Eq6cTW8VB3gdWXp+JDnXFAK/llR0Qnle+R+6/FQDJvSphVUrNOJ4HRmVg8SOm4t1ufse6iREhnBpCJdfhTVruJ1ofl3qgorPY7EXAB/WIVwFRQBnVYDcRmfMC5SaEOpRyG0pt8WVEW5BxkqR6llg6biBpDBQGBoAGQCcuw12N0FdxXXpvNOCDf1oDb/XoVYTWwYRNLFI7IhNv9Q9KUE/9gI0L6u6Z6nIuhDbpLyVXOmPkMcWte3461rhbYJp5GeU1UXltuA/y1NSAGfXspYOs+XKSr5S/XIp0IA/VrVAkRSHHilxJY3ANNjT/WcN8TbBUANJ+FY3RNHDWhUQNwYFhWbmxSh42eQXAFCCwyswEhgb4tlYRXK2QpDKKUAGzfgDhGK6IyUpAmkCkV+FaDSQEYNA7H9TYN6rloXwGLFSHiQcXZhFWDx4yMhhiIM0vJVpVC+uhbGF8jVCa2M5SY8BXYWlWBW6VBIPjBVgsjNsS9qtWQ8jXgCQTSQqmWNI8Tj2XQfWQIyM6gcULu2+XPUtC9hUY0xeTBJybCiZEgzW0mNxWU1Hl29b1Wnl1TYNVkSd2My2DAE1eYZspwRYcK90icV02cN2ueCIPS9Np6C0g7EU1kAScFNxVJVefiCEnVKTSM0HVZuFM12NcTVdVn0KivCiX06ijhTZVCQAOgBABzQOjqy1edFWP1koiIYs5Azd/jKtsTbM2wVCwW4hWtoSTa0KtkDRGqfIerQEASAIoBNSHAYcGgDJhprak0LmsdcgFOtSFUM0xNnDaq2QNh1TfQTNgzbY2/1ozRrzRFQpM6B5ggbdDVmt/1Ja2MNn9da3ytMzYI2xtDrZajht1jUm2utczWijUKVzVn5fQdFe1A4NzbPg2++9xkTUzK+NVxVsGvzdo01+ejR2mEtoeQ4WH5cCpS1kNVTczU1NepAICstCTmBWNNXLZQqQuKmHHCettaDBUwMfLetVueb5RXpIeDDYA1MNzrUW2XVsbeM39YkzWe1cIdrXK5mZXBk4aUBruS234Fbbd2b0NeTdk3QtLvLI1NuCjQa46NbAUcUiJJxW87U17Jk4WdVNLd1V0tU7XvUDVFZbRhrCepPoTstRYQ+VWGYkav74gerR3bBoG6tu1gVowJyh8YsNZ/5Um7TUiJHtCbYW2Rt0zee3BgwEPRALJwEEugRwlxh6wVtLrcW3v6MFcx2sd7HdY16+k4WZ5qksxZlnONjXPCG80jIW5ksUfbehZRqcjVwwaV5nJ+hwmllcbjo4rsP/SsUY9o/hwQMFSR2OG0uiuiMwNIHEBEmnpQ83oNXMJjwQs5Hf9SoAqEPSgiYqQaowVSbbN/JSVFlWTX6N89fjHEtsCg7nbuK9ZTVr1B1hPQlNYgZvX3WPVfB3F4M7RZRkSIYeh2gu59RynHACOkjoZmCDfZV6lyAXipXx4tQ7AL58tEvlTJKaoMasJlpakZMYOrXHCnaGgA9xdYZ1dNBWApHZp3kOAOPFCuE/HLxzFxruXioFNgiOUaIqeTvNLGpZRWUYhCE3ZlnC6pOfl24AzXa11Zt0ILFVw1pDQmY0dV7Ym3DNZCCyAMAmThe3pg3HTe1xNx3WdWid3dRBHsobmQU2fNV4Hq7puAebagmNxjCRLjBDVVZn3OeQJu7UtyebB2ZiN+Y8WFY+bXshFQmWEoBLtBeSEVXKpQrOoklNAQvI38S8v3462ERd0WQeMNi+V7t7TbCLLF8QIBzUeYxK+pxAPFNWVzl/2Iz6UIaBmS72y3AHQzOEb+tnXfMbiHkVOSoqiz3z6npoRBfQbRraCwo8rnAlEyBTmPlsi0torksI9bdfZQA+sjdiI4MuDT0hKFDugbtFnRWpbtgWmBJZ74GaHUZxtQLOFQk8zmACA4UtzgGDS4t6GiXXMavQz3BmqlvS7a9J4NM78g2FCq7FJCnpBZltTkLNxbebFbzRpZLrh7RvUJvW73m9qrtp1AgNvXwD09BpaQZa9UfUbg3w7vReie9tvt70jhYOZ836ZIfX1CHu7zH66KSO2M+BKiutmb0e9U0kyDtIedj10Zxt2Pdg80ncm9QF9vNJkE6hrpbGqG5+4hiknhrRaiUm2YxC7XnEtAmbYk9Pvf6EsJx5GMZOlaZTPVhhHAQY1EtZxbGGt+Z7pSm0tIPTvW3uljZlisAHIEykJoKXb2yw9nxavzPJVNovSvRP4d3h0wvREf2wAD4Qdgw0lAHEX459Eo1WbQu/awgH99/THKwAypvmGjIyEji4jaqrm9CnRb5NaVUQCuU3DidLAEYB/9/RE/3OAdEK4k6Q+OYaoJkZKK/pM44WAtiRkRgBQwLCiWA/0oDL/egOkAOQLkBYDGA7WC4DwYPgOJwhAywYtsRnFUihA2AzkC+yxJq5idUL5NNa7JxrqUp5CozpVaUS8/djHB5w7QvWjtJLWeCA9l+fF17qiqDEng9x7SCB79y0Yf3/9Og/0Sn9VXs00O25eULKBZDWHyDjsLrlHJ9ETrP4rsAqEfb2K0E/bnVc93Pkp74ZIJBt7ompVNVLzsmmdMYm9ICMPRxUsaEgNOsDAsPSnxyEhblm4xmQ5DoZ7RXG0YMIOY0BU9BqdrZu1Rtnb0ZuBNJSXxo//QR3sAXyiyU1ljVowbCd9+vU5JDprDs7vo3SqcF1ebrhPXT1FJWjXtQ0ujdB5JYBHEDxqGAfY1soBSdHEiidDEQDkgIRBoCAERsrNWvgd+s0mGKww1GyjDeogZCTDbYNMO0Asw631IDYLKPZ4gj+BsEMA5kEk42lv7DC2QUpPeoDScz0uha9yIRN9AUYyIq8gacCZL7hHZnavm4HOWnKQOC0abfDWTWxUpIrbDertXDC5MDFtW/D4hbtnqAhLvPEnE87GMN0wZuDcaSky2PNj8g3nPGmy2yw50MgwAMHTBD1b4COhooeuT1nIZooY7nUUIvr1L8DIjMeGoUwcZQ4RxFUPQRYmroHcO4a/1Ae0jazyE8Pt6TMPkM4sQHfi0BdMg0F0r91VQmaRiZKckERdwXVOzr9h5cD3RJAGdXjf9R8Af3htiem/TpdU1U00rtB6X+o3KDXiB5lFPnb5K0dNAFqMf56YH8VfuGTmGKQcK6fLrTFOFjQElurRcAigILbJLT3Bvjds7ARt3X+VxEfvfN42eQ+gUVuSRRasbTQQsnBZWip0FAXtFMUlGw9iPEPhTKhsEo6PVxJAPLqtRg1mc6uYMVQVl0KGqiUlqc0BZGPmlqFnV3xl8tPH3oUZBagBW4Xldlbj4HtPlZz400HbGboobqxY+cKiGmOiQGYxKMRiZ3VCmp+JfJhKI+HfFbpoxq0lcnKVJJv51DtmMoY3ijLfooNxdXfgoSqDKo+oMTNWgxqMQ9QfLoSlg68OsQ6js/pl0W1l9fcxxKbTf+yVYLiQ+F2NdJTe0SKOThqTVoyThSMkN7tTA7ylKnHUrmUyIIITBqlWGw0UAL46k2EQFjD8oftSUDuBvj9Ha+P89XlJ3JPciE5PWicXqdeDU0vMkWg8NA+i4QYTFBfFQk1WTcI33dOE3FS0QyVVP0zuOUPQToBt406B90v40iX+67WMnha2NAPkC8OzImwYJjjI6bYmKwdPgXSVPpqpnHRukgpjQjkhPJDQwmyWQkSOfnQaOZRvxaB42cRNZCMdEOUoIUqWy49IOrjy/RB0xeH3bjKnWenmMHHa0E5w2BJ+41e2HjGAHXQWjJAKePeQ548YmQAgACgErYnhrkxDPHZOHdWUMNAbxiTTomQAvGs4lBTjQK+NeJcNFWCeTqEN8C+wocDxmPZPCr/EOaTKBZNsm5MtKN0jisKFo8ddAA5Nf9EPc5OuTe3f8AeTdlKhDeTfkyLQBTZzC4lVth3fJURTLhIVoxT742Zr7gncgs4+mn8PJVkFPJe+iZTJcXQKU4ClbSiyA9ECs7SxmdFKj0SoWmROwkGEzPSQACzp2a4TtoItPX0eiY5MIVVU5qNJT9U/aBhJdkd+1kxrU+7DoTETNyBCekIMgAhkc6U8iaJN6fuDlT1UydM/9Lk2dNnjDU1LGbjd1tuPKjt+RVMaDeyOdPnjP2BT3kAh0GWyXj3+XD2HCsUC7xd9DCijEPh+xGcYhwjJeop9Du1RZXxUfI8T3/j+kHMauDeAQXXFFwrglK4zXvZ45KQKviFISKFuUk3x1HRSmNdFjM6kPMzhTA0m2oAQO6Vl+bMJQBrEvORM6YTpgcSa4N6zOG6e++4GrD3SY+dNnv+/epzpZ9vvdWgsI9rFI2D4QiPyikm0QprqmZGjWRirShXLwOFuvwXLC4zCUnnZGTi/YF34pco6v0b1YM0mFb99LQbXHTj+bDOoQ8M5rjuT9vCQBbIwaRPIozQRWjP6jDtqTOuN05iBhBjIAfEC8cFoXLZPjBaXWMekSZf6adAmbowl8RgIjzRBzvghrg8UTmK04hQcamWPGgGczJ3RgF6i3qopRWVwkO9b5G5lW4pZLaj05yJCn4uj5QcGxiKHYnMPhUhcxEqxopgz4PflOxe9HWecVBpDepHUNoC4AxMUn13Oa/KkNWMuIA7xEuIKgGhP1tWW+SOzI0qCGlQyZV9AW5u8xMgZDT48TmiRmtOORkAFlDiToUdcxXF/AXSR/aIlk2VSgiGJQZSHbEt9UpOU4OsMWP6dew1BhDwkCz3Zm4vZpPOo5UAPeILzhLrdHXzWOa6Nd1n8euTl2saOPVSsEllxmYL0iBaG28PGfUMTs6RHCIxoj/kxj9zuAOuByQ35Zg1jo5tIzb2Ddc1tXCTJ9rTaxo8DmRb2DKyZZzXQ8DuHP/gLC3dzqd9g8cCdunCJ/iYaD4tw3DgmbrLReD8zGVTPK7VFmUrsbypBMpAYQFohCGr47OXpDdZZjNS86vBaGMhCZcrxmL2Y4UKqNOvOHKTGFiZKWY40nB/2uNwLO920EGqROOr4NkwzyGLxi6hCmLTNb9OBzQM/aAhzPFEjMRzUc9L70YiVSUMfiT0qVA26I6s4NZL5opaWgz73tSkKxfVVEuaDvhNYJnkWyBFEGDj5Zuze4N0TPL2AqMOHG1khuCL6Q4CmFwAeowlQ9MsM10EZIUAd+gjHNZkxPtjpVUih3INEZFTzbWpQyFHCDIiRvNp+NSi8gAM8zC5cCojeYM93IpX0EFMYA8i3QAYa3BOtNnEncuriiyDix/ZWxHtFbbjOI8+HYF0rCQ+OBGo6ahlrLj+JsuoQrsGZWtK12ruBnM0NCrO80/PYSMLhnzO8sbLtYFsvfL9EIABkBOJAP6cwxIim5dxKPWOlIstJCJjDkhPOZuIK2vZwBFEcozxV0gFaWZVh+AWAgieNvxwLV+kFCtfLOzFySy4PcXjMChGYAhRkSIpKn0Fk8jN0TxcRnaWCEg1gooB0KjKw7Aa8ltcXOWoeywcu0ARy4aWxDs826ohRiKZxPE1ZcWuFGQbEHIvWIXowoUeL68CppDcd2pwVqu2+OjS/q1XWNAIwVRr+J0o+PY+MHgR0Lj1PI5lCsniDAUBq3ZctZIGYf5oZNpLPgD4dmoIU99pNj+rVncfY80HqELK+yLIDivGKk3Qlj2ALAHOGn65dfwsIwU9etInJBEzJVENbSxRDKqUKjykk+3nFh4y9nkEqXQwXSvvOoJ/g2CblxHSd/MNWymY0SgZkg4O3GTO1iO0ezfixB0FTT6kijBLn4OsseAny0ZwvdRFqqOVT5S7NxVLWZNcic1jjXEQip/qitwQro63SvjrjMXZx7TN2scyArYUrCQrcjIcstya2dLkDrrY69ssLapyxEwLOCfU72SLJgeDjYl84JuvbLxJCs69rB+f2sUSQ61BP7LOq5whHL19E+lQzB4zOuVL1S/RhLr0jausXrn4M1Ayrcq6GogT3qV9PgmuQCev+L+q+evPjgG56PAbI0jeskTd6/RDarhG02i4byAHhpGruJCi0hrwYAtMFLutanloi8Hbv3lLmSClgIUNS1h3Or5Y/asvLGELMhNOpc7jYbSGpYK2QFCQ24Nsc0vKjU0ejwuOo5DCde4M4UBxlSPpmiZj9LS0OiFzqczHRmKlOuWnn3oWSWkJeDFQOmXEJ4Ys872Garj9iTQJSWUGB4IcCgI+sx4bAKyqalbwXuIQWRdUkhebjRCGQiKnkLao94V5okCNrVcb/MzLuNTwqAeKav3EIUCydND0QmFDIr70aMHQBuqCFIslmhK2MnhlcqyV7xEFmSFty+2eM/6xpTZBd/IRMaSmvEBbzmzVuIgdW89TgIIheVvubJRd+V4Aya95tIueRH5siGx3GvFdFnm5QCkAPm6o4Njw3MwVdbAWxNusqMlqFsbaBBc9QNbfcYtt9bQW5QWtbtwmFubaPeB1sg46W5ytZbblLlv84h9qzrDO1YEEGdGIpPMzZbPK4KTGIfcTdsE6MMI8E1sltk9sXbMsIxu4AJ21ABnbWFADs5bXW/JXnTyuLN0gEFpC/KWB0yH4Dvb//PRDQ7Aq2X5jdc3QjtNBSRcjtOgKqLgjuCN1f4IULdQzWstcIcJoFwQmgYsSCTsGEvHsLWMznq2gYMiER3c4QmS1f2RpnIaIaHJWNEwaQo7PUijJk92vrjR+ZKMgoxxRVWL1pjF7OFLetX7O71nG/MQUtHAx9qy+IsJYx8bpYdh2aIFPgkCWMa1EbtVIvbgi61k5edNsipYzCf5gQ5QI+rK4fCbBs6ynPRS54qAW0XxzEbQEDtpz6ALL727juzMwzeaLQHCjeRig7Ipjnu5Yze75OA1GOeAexIAO7RfJQC2p6UgGOfxxoXERAli9PXpFSc9OTNmb5UksVkjEmVrMUdcJC8yoY7uH4XBI7EVuSpg/7VCYhwpuxgA15+xdbzuhKGGh6rk6LieaBwX0DDt8AMsmtbtr2KaLtdrsgz2se6lxQiz8749ILsjCCo11Vb1vsxxvTrau7XC67Wsd8U80mk6aP9NAc2Uub7OUBeP4Ady716S6zy4LQ0rxm7coVjNLrhnVj0vB3NjqWHLAMIzsk3Ft2ZqqXzReZDEF0UaQJ4EDtgWnZqZmZA5xArgWt0Q8llywdayG7Sh86wk3Xa8ENjgaA1S7Vzepi2FaWSVA0rdDmtR4I1m2lzK8olb4D4Q04mbOBUXseKdtNZuqiQUO66FcRNUvFaUY9bWCIkA8/crFzsjTMp2dWfG8CjZphRJWtW1w3i0i7K45PtijZkyF3L1DVbLtyDKymoPgbTk0IBEqvhZ7h712+xfX9GEm4mahl+m1gCqHZGOofLU4mAYRMDJABeQybSBV2KmllY1N7P7kKsJM2HDvW0lVdLriXnrAC0V/Mxb6vYIpFZ10ONOuBdMHn3IoTtK2Je8aDSTvexGolHk5AtPe8oNYXRVb1ZK5sfvjeULLsQJ8InXRSh8IFdgFm3bz2wPgYAGQmrryw0K/rBChifSkdjZXEvtxVHj6zA3IoqfRb0Hz53A0c9bSvVskV9afQ+Y2+HR8K41HRh8EA17+tkVD1HUAOuAoiNAXZ1dLZ4AilvNua/EBVKmDVpSDWYdhExgALfbXErK/8Tkce83+58zpx3ubDs59mUXn2c0AQUqJBHqjtscFb00MODOibzOsU4O3qdoufd5LTCn3NjdULtiHC/bYUN+U++KPL7MHavsQzYPcocnTxtTri0CRcjDRaH8PVD7AeFqc17vdpHWGshu2jvXNmSNXceRu7UNA/uwFeGX0yv7ArimMQ8inoUHWApHe8CNE1lticDGkDhlp2Hj+yQbSWZRY2NbpIcK8a0njHEDsaAzfX1APInKN7gNJL+5kvcOXpBydiFXJ1gA8nLBOBYinPYBrwkjeh2+Vx90ivnNm2kveGb3YpUnuJvUyeJkQsEXlFdh8HqlKR3zouI1X14SCs2ozC7/xxF6U1++ZZNjtoXeEKz7xjPF6L7MXbLFKjNKQy2Qnj+dCeU4tuNvgInzTcTPX7toiU6fUDO+XJoAve95CS8w3mxQuHmGbYcPrnR9apEOo0n3WldrsH2Iesruxr28zifTme7heZ5xSNd2iGntHuBfET6212ohivZFsxYXvkcBaMpBMgsnT3pE9cmYvOD6jevXudS1dSjWOkY0BagLjr7TarrMRzLp45QfsMgH5uP1D+rTcedqrODOrBqCYhu3FDPncGZ4THLzcLosVD+5htDrNfEnrFiLwGqwSdjTHMfQZmkJIVctKyIyMG81kShwCcQlQr5HCixwfANW7soP58XBKTvekIM0jDCUG7uulmxkY3BE+URTSiQqS/hOev5/YNCyJEi7MAnMeeB0H58g4961VpKQOvJeIJ0D1gnAZ/7NBnmg/aA+FauhGf6jKcp0nNrLO/ZQ1WZnq2K7n6Z3nV4B7g30wk9m5RGzDMvwiOK+kZHIMiaL1Ujqc3QsYy8wtQ8cCxRpt4zvAxq8wqrUEqUmDVWSzYCZc5JmF3DpHEOrcmNPQgI63PWs924ZS82j7mtHCoMH00PZjpLayT/sJbrBwfZC4oRzsfJ4GsPIBe8ROFmswwDmfw5FmC1nZuZB9m/2FdFUIAHRwnuuHYM9gDnMkfJ2IIDkAU2zwPukYBLx36ZcwpNmGaPSYRWaUkcFw9wmVG1RminQgGq/2Ee0Y0/gAsW2vU+iYT3IZ2iNcwvbIVoOVFmJNHgDuYKf7E7NHOAa8AyOMk/gnq3as8pgCokcg4hcjriye9g7sMYtXKrxCUX25o+uhXIZzDRjXUV+yhZnwrvNfTTi15FfA7P2XuK1XPLO5CadU14pmmXjrm9RKr0kH75iUnmUgAMQpV4iCbpC9lVevGe1/Vc/ZKQJT4JXDrJxNTXocR7QFuHobaBtXjIQ2nRs1R7FeIA8V3s6JXPFmkfy2Vvb7itiv13uLydixadzJHOvcjB69T4yy7ekxAmdUmdUB/eY9Dwqe2cu1Ihy8xxDR9BWkl7dtXAcQXE9TlFdFxwciQTxBNWwZLouNw1hrNTu8t19H8Pk5d7iK9L2el7MPOjeld7KIMSp7JPHTwcOGJ1NfpbautPGugX2+W4jSuqfiYQk/7JDy5nc4SrfI7iUfiQ2hkJJzcg4PIBRGqK4ODrcsrxN9twzXeuj6TK3ZqqrcG3KOPNzG3K188C4E8KEbhW3+Ok7f63IuFzqa3D0Ljfy9nfe3ViAGvj9SrWt8g5nG5g6xeq+8sHMwHp065Hn3ItmuhYUxDmS+wcnqlV/76vStrnFAfYwILcb/BdPdciOuH+I/yPZWc+cRgpYlQ2yelfuu53kBn8t5VxEnoFNClseGJO2he4h52t2F4u9IeHW5ALI2enfOg1Ucl3IzK2hFu+Ncm/tLG+U0JdSh7bhLo4ULGIj9Z8JUym+TEDlD3sMNIL6XIW+zHOctccwpLQA1tc/XqSe8gjghwFg/8AFMq0qvZj5i+SiaLlcmyA7ODbFzpSQqMtFucFgS+n1fud6ipyx0wYmh0SY7yuoaKb8xiNRQwMVDNYGQO3NLcqDdEbizmsakDzdTQPSuMQwLdCGJC5yw9ENxjpgbl5IiOAOiA50kCckFg/4+iyf6PAmqccg/yAqD+rxXYyJBg+iaJD6/glH5D8wCUPeRMo7BIfJFA/ld9kIt1zMBnq+TmnX0IIuIuToBjVwpSfvcwF+lhd7dJkVDQsXm61SvQWOEkopQtJEvx/3eOnMu86eVVS9cSl4XtBG8oK7rG/cXwdMd0Q2OPRkKffgZZ/c00YzgNC6PX0HphZ5tk8BwTkKrVUiiBaQSos4NzFLrp2c8UFe6R55El0GgO1ZLcG3lH+kANf4qAcEPv4CgcEI7i0gaAHBAA828PiWohGPKmdh7p3uz4uDFLnrF24uBHECFDPYA/e5ufTK0VpnlHhU/czyYwJerX8SllbOPS15uqyW1T+vd1Pvao093ocdrzsGMrhEiktwz/Tvd0+qI1QTDiMrGNDpAiz7wTDisBus8NykALAYpA2z1EbrgwYTrQhAzgJ8AHPyz2lA0iFz/tje5+ANZUXPRT1WQlPnFHzn65Smx2JrLKQvU/e1SKSHvkez4J75kZnT8OLdPDallZl8/Ty5ZfPS6D89jPHIBryzEjTyQDYWEWUws5siAMdjePr4ii5/QSdgmzR1TlrpYNx2Q9zOa9j642riWabGz2h2lTwSeiaMVwS9UvtmsZZh3RlE8zVWcQosscH+d2VRH0QsrLQtLACwo/th35UQS2bo58hJ3eJEldg+HP834cIwSonFlnH75NXtFsde0skGVUZnOoBDY++2mD3gJ1IfYXMh3F5yHso2cW2Py93B2r3xXikc0XCkpbVX7Qm4LTj9o6YlEYTVsabltOM/S2dAPSJJq2VdgWSgulPONOU/vPnPhxcmldM95Zndatzb5c8ETL1CwAbM2FItPZTygEc+fFwnVR7lWwlLMzib8OPBvrzyd4ZvdL2az510JchYxvIrieJAwfQfm/PUGgG9QpvxZyW9AvWbzzNdPAW0jS1vjtPW8Z9oGc29ooos8rnwNkr9wa2nzbF51fyWPULKuNgg3Idl+4NhYXg1RjwO3j7Eh0PdAnI9xHlS7a43Pvn5S95v3gnJS8V4+Sk/nPxf5sc+4/6jjRY4Yz3KzaQJo9kAivKP8wgnvdZqG8rRx2M/Y880Sp0Z1vMAe/RvxwM8QrkbLf0ncoaUsUtsh3NeWQrtYqMubeNJYNvYuEhRwQ10p+B6ApK+JtToLlPjYKPq2QoRjuG25naaBxg931x9Zcc4Ogfy6uB9MMnciTyzEEH/VvVXmGByDkf2M5R6kv2l9R+fgYH22DMfjb8QJMf9Hyx9IAzfai2+t3kJvpBEBpAbmcfp3tx+iTjH1gCCfYuKgIfcGAPTmhvekwp8ODa9oQmk7BvHwk0r/HHmBtsU4qp+ifz1M3Wd9Mjzc3OkPSw3XnMwy5QgUJGRfofqw7UqX1XWaFXq9B5rs6KPuzEu1B1EXSg+DOkXu9We9q3FAFsgB5rj/nk3vT5cTNGzw7r5CypzOLFvFrUceyWlQqkbSiqZjke+IrpkorQ35HSuixMI91RkqKyhItKzdthWr3crERMnX5XKYTIIcQ/FJo6ieQ+f6pkDoQr61J2LVCuA0sI7/7xFx5lFAFv5hwc+EWSokNDvvZEAYQLRiTpqJLusYbjKhQAFl5GLN96UfYF9jNWLoF1P7gG39p+UhO37QDzfOkit9xKR35hsg4NH1ax0fxH2Lii5RllmaqJa315QbfkDLQCSkp30i2vf+oqvM6ft37yRATrNjLyvA9mLrhl8i3OhBxUlywZOaX+HEaDsV6yRN9Tf6R7IDnfl39eBLf0IAlP0cdVgVYokcSqgC6kOkgOX3f+ZdqUYY53yRvGpPZaT+jf1AFT+THn4P99xAOP7Q7xAhP92J7fXDXvaU/AJtT8UA/H7gBqfY6Az9dlXRYh9jobPy4k/ff384CUhyAHz9ekq1Mwxt4DiTE5oAOQLjCUhbDAYA+Yg1a3XhVnL9zuGhLyFnvdYYcSAZqUmX8fN13aLPl/9XEpYhMbJpUOIsZfRZh/a9KqxyWjrHilzHbcH/nzYVOn+78a9mMeUyYzyAuZcdqY/BVtz8Lf+Pz9PRfiUbF/xf+AORpNTlxPVWFTKmoFOfgifzN+FUF3zz/4/1371zobt2lFMqavU5N/E/pf3N8V/9yur/0QGsNN8MIAv37IU/14FJrfrrp3H/W8JUzT/UlZf2n+vu573F988Usb5Oti+fwReF/rU5SXj/qJFX8HfKon8u1/0U7cCr/232X/S/mZ0z89/PpgP8ZlfaxPSj/eTCr94/Zf7j9xAk/2j7T/Wfzn8L/ungzUtTHwC4mc/i3/f88/Vf0++sJB6me/w5+t/y5+//wW+R/28Sw5EP+5Px5+5/2sAp+Sv+x2nF+kv3+AT/xH8h0Az+M/3Voc/1z+nFEX+FEi/+jaT4+tHwE+1nxe+EFhUSV6G3+wALr+TiVABYv3IBEv0oBUv3b+sv3Rcx2xymF/x/WKAL40Svz6Av/0QAmALyw2AL2AuAPSS2f3n+ItCIBCChIBivwcUv3yEB4AJY4gP1ZEqgKABkU13+fABCWSgOV+obzV+zJ1B4SgNUcOv1wg+v1UBA/2g6xF2UG1eXY2Nryn+MXy2QrXXteFylRCrVlJm6V2yYe4k06B4mX0kDzNicsmSajf0riSf0gBOknx+wTU2+tPxeg532iBv/2T+OkjI4vlzGg/VwxsSx2FkroSB+NGR4eXf0KsX0Cl8WkB7+0uiYwCkT+KsaFR65AmEglAjfea8lP2X7zdIRMUVePPzyBWP2Z+LcAp4QDDfsw4heg3IA9QSondAn8E7+7QL4Q53DyOPf3gBC31Du4QC1KrxmbKonFQMUqAY4n8BP+h/3pssaDGBiADyOhEHWAelV2mqAHO4nIBmBzySF+WmyLMv22LQM2mKBZfzkwAwPWkn8B7+WwLyOUwMp+26nHei4ztOKzRtcOREHIYmApC1HmjijuApCSAT+oVHlfErjmxaKRiBYYfxA6u+TMecuxwulj0S8qhmjylr2PekX1vcxXhT2okl6KgDwS+HxUMGt7ywAvMlb2lACWywxRVgMDA1yOILVOVHVsYORVae9kmNStIKNoe5Tq6abx0+eKlZBu5X/097WVIqCRT88synehEHEUp0H8IIxU7kd5m2M3lCXi1AWAM1NFJa44z08wLRvqzBgdOUg0C+Yu23eUf1ym44ysyt02/+pION2FAApBFRVwAScEgAzMU7kZIMPWkUxDgR0xywQPhNBEUEpB+IOkBwoPwK6IP9OxS0DO4TDR8OIJ+Qo6C2QOILcBZjFmINoJNBbxEsYAGCvuMIDJA5njwKN0G12VSGvAn+Cfwg3kIOm1RC0xAl7kU0C8AjMWcAYUn1U/eQwoDNRxc4QhiIDRCogxCFxOauioC0sFdqLIJNB5QRTBNpQ5CXmiiGYrz5weFFK48GVOsNAOl865UuwhXQ/MxgLd6RfFs2Fzk7B7jiHiewKhab5EPEbyRN0wQAnkDqlNuz0QLBhEHeEJYMgAPcDUKVABeCe9nAiFjWYe5HibBXZRxBrYMnBMvWnB52S7BDJB7BuOyXBgKXe+a4PbKdAVDaY4LxUE4MsYU4PW2I/ihBjcXnBvYOH2/YJrYg4PWI+6WoU7gl/U9E08OZnC+gNxyIeV4Py2jtGyAYHikqFaWUmlBx2S/BhMcSzA2Y0VFdyq5zbBgcFlkngTOig/2IknxwZqv3VhBZVTdmpxR3eI43gktNQcY+Fz5E8o2/SoJzsBJ7z9BxXh7wIYJ12BIMw6eu1aG/GjziGE0uW85RH+rYhDGuexT6hmy/8pUGiUV4OoemIHTGIhi/KbtgiYb3Bz2/MhEyTUiPA0Sl6ANDy0hR4B0hEiGO2Xnz9am+nU4RAH1UoYMNcljAwm3jxsmD/nqyiNC4ByN0uInWRrSRB2GicNVMUcQ3oYCNFOgoVyLsfkKQAVICwi7PUSYc3lz2AsgRgYmT3CQUPDoF/BvMgt3k+rO3iANkwxOBOWmy1B2ImxkIla8rmAC1bwSkNkPCepN2Sh6oPz4XUlMclSncEwh0YuVIz2SDACnYfx01BGFzA6VNV1BMmlw2ajzIQ1/0NinclEBq0X9BYuGEhVSGMSTYB8wZPzSW5iz6OYWhASGE3b+6kLMhmkKHG2kK3S1kL0hH4Lw0V2ACoMkOKSq0Mjg60OMBW0PYoO0Mshe0MEcbEDh4bEBxBUmm9BJF19BZFymhYgNF4YYLEiWk0baOUOHoQMATQWpRTwToLR8P0KrKcEKyurYgg8d3AA+yJTRcfXUekyAGl4Ga0re6QHlIYnQQSyPzy+/nB2MPv1lBc9AchBKwpQyjBhB/mk0+YrXuGfGTTMqyW66o4OdI1127uXl2KucECx4HtG5Ck6DYM4EXKO9KywAQ3Dx47MI8ce4i6BzPxgCm/CFhkACx4IsL6WPQPFhmRloAePEm6klg/OQ5x3W3ZViBtACuQ7W34aJMId+a1CGSR+A/qxeissgMOvAW3FBke8Qh0h+g8A+emugNsKbssBjAwj/mvoFBk0skQ3JWJOBNhHtCiGu2WhyWK2BesUgpOmdibefUBpeiwQMh4xnz2QoEL2yJD8G9NxxCY90NcAQN/YVsBncIWjyADWCZ+PeG+AU0E6IHpW3wcmDniD4JW0K7CkEw4ALhL8iLhbvD3ipcN9UtAG+CWsMzsecPfwqwiz4C1wHkJcNnBKogbhuAizi7cOuYG1y7hdcJ7h5qlhYIszFmi4yKUJUCmgdp0HcwLVUeYyTeif82Yyc72pGJzy8+IyS0WK3A1BHay1Bkh2C+LEI3GNgPC+Ps34hn0P+g68gjAgTl9ApkjIk8YE+s/0F+hlVAWWhkK5g2/HZgAVjBh4TGDA18OtAt8J2KD8ITAEsU5q7Giog/tAcikMUFoC4xOQFgjug75CsA6UFkAd8LxI1eXbsGdklut1ERE7MAjSo9Api/kSciDMRHeYg2ccIUXvgD6HtYHZiQRiZ1QRX0CwRxNTPENCJQROxW5ufAH6WyWXXypUF8Iz8Ox8ezWYMO2mOAHZgxw94B5KwjxPgy5EOYT0X/sKP2bCXSyxqclk+iPXGbkqIHlIy0CtYYpDRgAyGDgMDne6eiDuIyABrytaHXA0ACB2aMnWIuM1Ag02wFAxRitgGI0Miin15oZoyB2K6AjScsjW2xHgFACwHaCk/StuvfAIemiCaieIx88f9gGkuDlviM0m64isBURJyVHcfMh+A7KBVA4oAd2cgARwziL8Rwqx2c3oCYs1IXiAk8BbgDOzggMSLggMt2IcOB3PQrR1bu2JgoiQ3x5oGSKqMRRx0Q9ECDgsQG+4najfmGiPzIWiNoAOiL9k90BvOVcmx2IBHdI+ACGW99mGR64DHAMCyXi43Q0AmiLfksaGqRRPGl8D6DfQnFRCOk2AYRevFeQzlSCMVCmkRxoBgEsfU2c1CCEME6Fw+yMCgRRCO0QdsXgAdEBXIa5Bbg3URVA+qhVAjcnyAfZHyAiQHXA+zx5AHMQAww2yTOfMhZA3USKi44HKRY8Qww8wCOQQi2hgzEE9+Q+mrCoE2hYPeU4I/XF5gA+Sz46gjqcMYyrAAQRaRjsHshLnSRR6tzqRlZ3tO3UP3hvUPkO0+3CAGOgfey/2/+d4UIRgUQwAJCOfkTMStBbMSMgHMUFi3MV5iN8OQRdCLI08EHwooWmrwV8IaBgqNoRQCNFgT8IXWUsX3KYXy3G58MxBSsRvYXsHLI4YD5w2qIVQcX1lqUgMvegRTPuSX3cBOsQPI4pXIArCRT8+/wwwDOzeoTMQiYb1E3w2+Bb6t3z2iUkGyKAfTHysznO4KCCZ+DUW5CzwIlhdACRW+2gCWtqJeg9qPz6iP0NmqQK9WirweBvEADRSB0eg+jxgeiKjVW0KnYySQgtRpjS/s3pSk6dsRWS9v0Jh2Y1asNoWPOcEBBuu1gU6N4SZQHH1yhW2lBooXGKSvLh4uzoEquM9HEQee1EyuByFyZs2KhwUMRilSLy6wTzCC7FwP4rnz/2N1zRWyx3nCGVytIoslCh87EIWJxkI+gDElI8rE9yEdXdQ0MRHKilHly2J2q4uQHxO5b1pmGMJOk4UK90n1GhMAAB0MAENwH0WmMNAOCUNALzgFUC28VuLkAKECejVNp29QXgFsmjozQH0U+iMAC+i30R+irgCL9IXJuitsCCYd0TQFD0AeiHxJWQ6xH+iz0biVuxAFI9wPOC+rMFFXzrLUTKgqhzVihiGeCL8f0X0AMMRr1tyiQAGeGxAcMUEMFUPhicIc5UpWHzgFfrMQzxIyVg8Hfo5MAQtRZCbCj0QBpqMR893dhGNWTlei+HE0cyCh/VwLE1gv0bkBKMUz5v0f+iQXqMxr0Un09tvG1+sPJi+sPuV84FNAqlNMdFjqTMfQhTsmVg5de6pxRpLk79MigSQkoCCN4xmwRotvK9Mcn2cmqPJkOjEE9AFEfQveGQjujjJNDQCNF4yBHx/sC/hgRM4Q5kSwAE8BSjjHj1CI/qZMBoeZcC/jZMFAZGjaANGjHUc9RnUUDs3UXQD7QVgBHQUGDNUaIBdUVcBysfqi/sFICQAboCx/uRho0dACVzM3DA0emjcHlJpDphKiflFqjGaJViQkjVij3sD1Kmja9usWVjesYzQtkLmIX4b2lRtBUCEYFUD+BDUDBBHUC5gOvJjWMEZwPFrCSItvhr8PQArdiIYkGhWsLnKxUlSCacn+FLJ1iNjg3qAkA1YDoUislcprDnK0YgU5wssSptA4cgUSDHAg/UZCjuQq1jIAMGjFYRBj7fAKcnUUKcUACFRCEtsVTJBK9G7hZk35AaDm3H151vERhIogSYvQDroRUloB1gAzx1iDcYBoovReHkkFPmEei5QX9Rb4i8k+uEpEmGPpQ94Ru8DXphd+oa6d5BnGFtarYCIvh9CovujUfkOjVpsepNOviidHDPD4MsMJVucRiAz9hftWms69MwaJsMrvftqZuJiK3tlcn9uaJPTKSds3l08Q4e4MJciv5RLiE9ZKL3pPMQOdzdN/dnQBjAKIMbMR8HWiPfkrY8QawDvILWYmQObF7xIwZ0iJ2okklt4JLLpNs7iMsE6mC8cSEkkiLClJX1veII4W4h3TNhlL0cSd3WErYzxKLpI4INU0PgTk8pL6MsSo7jjJJbRhtiK8/YWTcnsox442qIpw8S5JI8ahZWXvKVUnjOFyMPHjEAIni5YERAhDDDVxotAdGripYvSHXiU7umABvieIxpr/UeIMHjbocm842lS4lcYx4PwR312Xg+1j5E3cyAvPDQqmb9kYAuNBONb9kbIIpTcTaV8OBjDqJidd3MSLcjUuoBc7F+1dJkPQJ8iWN0Sg2QK/PXcGIQS1tQUa8mcSa9j8uF0T8iPc3oXxDSLo4hnEKFA3EDHgMOukhUlGysskOQo8kD/RCEBEhikA4hokBABjwMHAXwi9BEAHOsy0HQAQwU/BoQCUh38X3ADBOqBigBKARQCKA0CeKAJQOUABACqBSgJUB1QH3B1QFUA+4CKAVQPoJ0gNoIRQJSBaCQwAYIroAwCeATIEEfB1AJNihkHASAsAgT2iFEh38bexuAFsg4hogSxciwTHEAs4VuKQZpECoAMYqYw3ZJ0gWOrxAmCAOhp7BXhqtCSoDAF+s2CSjBVhCITZ5nF8voPoAgAA== -->\n\n<!-- internal state end -->\n<!-- finishing_touch_checkbox_start -->\n\n<details>\n<summary>✨ Finishing Touches</summary>\n\n- [ ] <!-- {\"checkboxId\": \"7962f53c-55bc-4827-bfbf-6a18da830691\"} --> 📝 Generate Docstrings\n<details>\n<summary>🧪 Generate unit tests</summary>\n\n- [ ] <!-- {\"checkboxId\": \"f47ac10b-58cc-4372-a567-0e02b2c3d479\", \"radioGroupId\": \"utg-output-choice-group-unknown_comment_id\"} -->   Create PR with unit tests\n- [ ] <!-- {\"checkboxId\": \"07f1e7d6-8a8e-4e23-9900-8731c2c87f58\", \"radioGroupId\": \"utg-output-choice-group-unknown_comment_id\"} -->   Post copyable unit tests in a comment\n- [ ] <!-- {\"checkboxId\": \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\", \"radioGroupId\": \"utg-output-choice-group-unknown_comment_id\"} -->   Commit unit tests in branch `update-utils`\n\n</details>\n\n</details>\n\n<!-- finishing_touch_checkbox_end -->\n<!-- tips_start -->\n\n---\n\n\n\n<details>\n<summary>🪧 Tips</summary>\n\n### Chat\n\nThere are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=projectdiscovery/nuclei&utm_content=6400):\n\n- Review comments: Directly reply to a review comment made by CodeRabbit. Example:\n  - `I pushed a fix in commit <commit_id>, please review it.`\n  - `Open a follow-up GitHub issue for this discussion.`\n- Files and specific lines of code (under the \"Files changed\" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query.\n- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:\n  - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.`\n  - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`\n\n### Support\n\nNeed help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions.\n\n### CodeRabbit Commands (Invoked using PR/Issue comments)\n\nType `@coderabbitai help` to get the list of available commands.\n\n### Other keywords and placeholders\n\n- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.\n- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.\n- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.\n\n### CodeRabbit Configuration File (`.coderabbit.yaml`)\n\n- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.\n- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.\n- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`\n\n### Status, Documentation and Community\n\n- Visit our [Status Page](https://status.coderabbit.ai) to check the current availability of CodeRabbit.\n- Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit.\n- Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback.\n- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.\n\n</details>\n\n<!-- tips_end -->"},"request":{"retryCount":1}},"response":{"url":"https://api.github.com/repos/projectdiscovery/nuclei/issues/comments/3216998367","status":404,"headers":{"access-control-allow-origin":"*","access-control-expose-headers":"ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset","content-encoding":"gzip","content-security-policy":"default-src 'none'","content-type":"application/json; charset=utf-8","date":"Sat, 23 Aug 2025 13:53:44 GMT","referrer-policy":"origin-when-cross-origin, strict-origin-when-cross-origin","server":"github.com","strict-transport-security":"max-age=31536000; includeSubdomains; preload","transfer-encoding":"chunked","vary":"Accept-Encoding, Accept, X-Requested-With","x-accepted-github-permissions":"issues=write; pull_requests=write","x-content-type-options":"nosniff","x-frame-options":"deny","x-github-api-version-selected":"2022-11-28","x-github-media-type":"github.v3; format=json","x-github-request-id":"7003:253625:226D9:7D0FD:68A9C7E7","x-ratelimit-limit":"15000","x-ratelimit-remaining":"14524","x-ratelimit-reset":"1755958846","x-ratelimit-resource":"core","x-ratelimit-used":"476","x-xss-protection":"0"},"data":{"message":"Not Found","documentation_url":"https://docs.github.com/rest/issues/comments#update-an-issue-comment","status":"404"}}}

[coderabbitai]

Actionable comments posted: 9

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (16)

pkg/external/customtemplates/gitlab.go (1)

71-73: Incorrect format verb for project in error log; and referencing project on error path is unsafe.

When GetProject fails, project may be nil. Logging it with %s is also wrong (it’s a struct pointer, not a string). Log only the projectID and the error.

-			gologger.Error().Msgf("error retrieving GitLab project: %s %s", project, err)
-			return
+			gologger.Error().Msgf("error retrieving GitLab project %d: %v", projectID, err)
+			return

cmd/tmc/main.go (7)

241-271: Close HTTP response body and prefer StatusCode; add action tag for enhance path

• Missing resp.Body.Close() leaks connections/file descriptors on non-200 and success paths.
• Prefer %d with resp.StatusCode over %v with resp.Status for stable machine-parseable logs.
• Consider tagging enhance-path HTTP errors for consistency with your validate/lint tagging.

Apply this diff:

 func enhanceTemplate(data string) (string, bool, error) {
   resp, err := retryablehttp.DefaultClient().Post(fmt.Sprintf("%s/enhance", tmBaseUrl), "application/x-yaml", strings.NewReader(data))
   if err != nil {
     return data, false, err
   }
+  defer resp.Body.Close()
   if resp.StatusCode != 200 {
-    return data, false, errkit.New("unexpected status code: %v", resp.Status)
+    return data, false, errkit.New("unexpected status code: %d", resp.StatusCode, "tag", "enhance")
   }
   var templateResp TemplateResp
   if err := json.NewDecoder(resp.Body).Decode(&templateResp); err != nil {
     return data, false, err
   }
@@
   if templateResp.Error.Name != "" {
-    return data, false, errkit.New("%s", templateResp.Error.Name)
+    return data, false, errkit.New("%s", templateResp.Error.Name, "tag", "enhance")
   }
@@
-  return data, false, errkit.New("template enhance failed")
+  return data, false, errkit.New("template enhance failed", "tag", "enhance")
 }

---

275-305: Close HTTP response body and prefer StatusCode; add action tag for format path

Same issues here as in enhanceTemplate.

 func formatTemplate(data string) (string, bool, error) {
   resp, err := retryablehttp.DefaultClient().Post(fmt.Sprintf("%s/format", tmBaseUrl), "application/x-yaml", strings.NewReader(data))
   if err != nil {
     return data, false, err
   }
+  defer resp.Body.Close()
   if resp.StatusCode != 200 {
-    return data, false, errkit.New("unexpected status code: %v", resp.Status)
+    return data, false, errkit.New("unexpected status code: %d", resp.StatusCode, "tag", "format")
   }
@@
   if templateResp.Error.Name != "" {
-    return data, false, errkit.New("%s", templateResp.Error.Name)
+    return data, false, errkit.New("%s", templateResp.Error.Name, "tag", "format")
   }
@@
-  return data, false, errkit.New("template format failed")
+  return data, false, errkit.New("template format failed", "tag", "format")
 }

---

309-327: Close HTTP response body and prefer StatusCode (lint path)

• Add defer resp.Body.Close().
• Prefer %d with StatusCode.
• Tagging already present in downstream errors; consider also tagging HTTP status errors.

 func lintTemplate(data string) (bool, error) {
   resp, err := retryablehttp.DefaultClient().Post(fmt.Sprintf("%s/lint", tmBaseUrl), "application/x-yaml", strings.NewReader(data))
   if err != nil {
     return false, err
   }
+  defer resp.Body.Close()
   if resp.StatusCode != 200 {
-    return false, errkit.New("unexpected status code: %v", resp.Status)
+    return false, errkit.New("unexpected status code: %d", resp.StatusCode, "tag", "lint")
   }
@@
-  return false, errkit.New("at line: %v", lintResp.LintError.Mark.Line, "tag", "lint")
+  return false, errkit.New("at line: %v", lintResp.LintError.Mark.Line, "tag", "lint")
 }

---

331-355: Close HTTP response body and prefer StatusCode (validate path)

Same as above; close the body and use StatusCode. Also consider tagging the generic failure.

 func validateTemplate(data string) (bool, error) {
   resp, err := retryablehttp.DefaultClient().Post(fmt.Sprintf("%s/validate", tmBaseUrl), "application/x-yaml", strings.NewReader(data))
   if err != nil {
     return false, err
   }
+  defer resp.Body.Close()
   if resp.StatusCode != 200 {
-    return false, errkit.New("unexpected status code: %v", resp.Status)
+    return false, errkit.New("unexpected status code: %d", resp.StatusCode, "tag", "validate")
   }
@@
   if validateResp.Error.Name != "" {
-    return false, errkit.New("%s", validateResp.Error.Name)
+    return false, errkit.New("%s", validateResp.Error.Name, "tag", "validate")
   }
-  return false, errkit.New("template validation failed")
+  return false, errkit.New("template validation failed", "tag", "validate")
 }

---

204-207: Don’t ignore file write errors when formatting

_ = os.WriteFile(...) discards failures; on disk-full/permission issues the user gets a success log and a stale file. Handle the error.

-          _ = os.WriteFile(path, []byte(formatedTemplateData), 0644)
-          dataString = formatedTemplateData
-          gologger.Info().Label("format").Msgf("✅ formated template: %s\n", path)
+          if err := os.WriteFile(path, []byte(formatedTemplateData), 0644); err != nil {
+            gologger.Error().Label("format").Msgf("❌ failed to write formatted template: %s err: %v\n", path, err)
+          } else {
+            dataString = formatedTemplateData
+            gologger.Info().Label("format").Msgf("✅ formatted template: %s\n", path)
+          }

---

218-220: Don’t ignore file write errors when enhancing

Same issue as the format path.

-          _ = os.WriteFile(path, []byte(enhancedTemplateData), 0644)
-          gologger.Info().Label("enhance").Msgf("✅ updated template: %s\n", path)
+          if err := os.WriteFile(path, []byte(enhancedTemplateData), 0644); err != nil {
+            gologger.Error().Label("enhance").Msgf("❌ failed to write enhanced template: %s err: %v\n", path, err)
+          } else {
+            gologger.Info().Label("enhance").Msgf("✅ updated template: %s\n", path)
+          }

---

421-433: Guard against empty match set in getInfoStartEnd to prevent index-out-of-range

If no known tags are present after info:, indices is empty and indices[0] panics.

 func getInfoStartEnd(data string) (int, int) {
   info := strings.Index(data, "info:")
   var indices []int
@@
   // find the first one after info block
   sort.Ints(indices)
-  return info, indices[0] - 1
+  if info == -1 || len(indices) == 0 {
+    // fallback: treat info block as spanning to end of file
+    return 0, len(data)
+  }
+  return info, indices[0] - 1
 }

pkg/installer/util.go (2)

49-58: Close response body on all code paths and include status in error; also handle scanner errors.

• resp.Body is not closed, which leaks connections (especially on non-200 where you return early). Add a defer right after the GET.
• Returning a generic "version not found" loses context. Include the HTTP status and version.
• After scanning, check scanner.Err() for I/O/tokenization errors.

These are correctness and reliability issues.

Apply this diff:

 func getNewAdditionsFileFromGitHub(version string) ([]string, error) {
 	resp, err := retryableHttpClient.Get(fmt.Sprintf("https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/%s/.new-additions", version))
 	if err != nil {
 		return nil, err
 	}
-	if resp.StatusCode != http.StatusOK {
-		return nil, errkit.New("version not found")
-	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return nil, errkit.Newf("version not found for %s: %s", version, resp.Status)
+	}
 	data, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
 	templatesList := []string{}
 	scanner := bufio.NewScanner(bytes.NewReader(data))
 	for scanner.Scan() {
 		text := scanner.Text()
 		if text == "" {
 			continue
 		}
 		if config.IsTemplate(text) {
 			templatesList = append(templatesList, text)
 		}
 	}
+	if err := scanner.Err(); err != nil {
+		return nil, errkit.Wrap(err, "failed to scan .new-additions")
+	}
 	return templatesList, nil
 }

---

75-93: Defensive WalkDir callbacks: handle err param to avoid potential panics (optional).

In PurgeEmptyDirectories/isEmptyDir, the WalkDir callbacks access d.IsDir() without checking the incoming err. If WalkDir hits an error (permissions, transient FS error), d can be nil and cause a panic. Prefer the canonical pattern:

• If err != nil { return err } early in the callback,
• Or selectively ignore with a logged warning.

Also, returning io.EOF to stop walking is non-idiomatic; fs.SkipAll is clearer with WalkDir.

If you’d like, I can send a follow-up patch touching these helpers.

pkg/protocols/network/network.go (1)

172-180: Per-address TLS flag leaks across addresses; use a local flag per iteration

shouldUseTLS is declared outside the loop and never reset when the address doesn’t start with tls://. If the first address is TLS, all subsequent addresses will incorrectly inherit tls: true. Use a local variable per address.

Apply this diff:

-	for _, address := range request.Address {
-		// check if the connection should be encrypted
-		if strings.HasPrefix(address, "tls://") {
-			shouldUseTLS = true
-			address = strings.TrimPrefix(address, "tls://")
-		}
-		request.addresses = append(request.addresses, addressKV{address: address, tls: shouldUseTLS})
-	}
+	for _, addr := range request.Address {
+		tls := false
+		// check if the connection should be encrypted
+		if strings.HasPrefix(addr, "tls://") {
+			tls = true
+			addr = strings.TrimPrefix(addr, "tls://")
+		}
+		request.addresses = append(request.addresses, addressKV{address: addr, tls: tls})
+	}

internal/pdcp/writer.go (1)

187-195: Bug: current line is dropped when buffer flushes on size boundary

When buff.Len()+len(line) > MaxChunkSize, you flush but never append line to the now-empty buffer, losing data. This can silently drop results.

Apply this diff:

-			if buff.Len()+len(line) > MaxChunkSize {
-				// flush existing buffer
-				if err := u.uploadChunk(buff); err != nil {
-					u.Logger.Error().Msgf("Failed to upload scan results on cloud: %v", err)
-				}
-			} else {
-				buff.WriteString(line)
-			}
+			if buff.Len()+len(line) > MaxChunkSize {
+				// flush existing buffer
+				if err := u.uploadChunk(buff); err != nil {
+					u.Logger.Error().Msgf("Failed to upload scan results on cloud: %v", err)
+				}
+				// after flush, attempt to write the current line
+				if len(line) > MaxChunkSize {
+					// line itself is too big: upload it directly
+					tmp := bytes.NewBuffer(nil)
+					tmp.WriteString(line)
+					if err := u.uploadChunk(tmp); err != nil {
+						u.Logger.Error().Msgf("Failed to upload oversized scan results line: %v", err)
+					}
+					tmp.Reset()
+				} else {
+					buff.WriteString(line)
+				}
+			} else {
+				buff.WriteString(line)
+			}

pkg/js/libs/ssh/ssh.go (1)

160-165: Guard against nil connection in Close to avoid panic

c.connection.Close() will panic when Close() is called before Connect*. Add a nil check.

 func (c *SSHClient) Close() (bool, error) {
-    if err := c.connection.Close(); err != nil {
+    if c.connection == nil {
+        return true, nil
+    }
+    if err := c.connection.Close(); err != nil {
         return false, err
     }
     return true, nil
 }

pkg/templates/parser_validate.go (1)

32-34: Update tests in pkg/templates to align with errors.Join output

The existing tests in pkg/templates/parser_test.go assert on the old wrapper format (e.g. "cause=\"Could not load template …\""), which no longer matches the direct newline-separated output from errors.Join. Please update them as follows:

• pkg/templates/parser_test.go:44 & 55
  • Remove the hard-coded errors.New("cause=…") lines and replace with either:
  – A single equality check against the joined message:
  diff - expectedErr: errors.New("cause=\"Could not load template emptyTemplate: cause=\\\"mandatory 'name' field is missing\\\"\\ncause=\\\"mandatory 'author' field is missing\\\"\\ncause=\\\"mandatory 'id' field is missing\\\"\""), + require.EqualError(t, err, + "mandatory 'name' field is missing\n"+ + "mandatory 'author' field is missing\n"+ + "mandatory 'id' field is missing", + )
  – Or use targeted assertions to check each sub-error (preferred for resilience):
  go require.ErrorContains(t, err, "mandatory 'name' field is missing") require.ErrorContains(t, err, "mandatory 'author' field is missing") require.ErrorContains(t, err, "mandatory 'id' field is missing")
• pkg/templates/parser_test.go:152
  • The existing require.ErrorContains(t, err, "invalid field format for 'id' (…)") already aligns with the new joiner output; verify it still passes and adjust only if the regex changes.

pkg/protocols/headless/engine/page_actions.go (1)

531-541: Harden local-file-access path check; avoid naive prefix checks and handle relative paths

Using strings.HasPrefix(to, cwd) can be bypassed with crafted paths and doesn’t account for relative paths or symlinks. Resolve absolute paths and use filepath.Rel to verify cwd containment.

- cwd, err := os.Getwd()
- if err != nil {
-     return errkit.Wrap(err, "could not get current working directory")
- }
-
- if !strings.HasPrefix(to, cwd) {
-     // writing outside of cwd requires -lfa flag
-     return ErrLFAccessDenied
- }
+ cwd, err := os.Getwd()
+ if err != nil {
+     return errkit.Wrap(err, "could not get current working directory")
+ }
+ absTo, err := filepath.Abs(to)
+ if err != nil {
+     return errkit.Wrap(err, "could not resolve output screenshot path")
+ }
+ // optional: resolve symlinks; best-effort
+ if resolved, _ := filepath.EvalSymlinks(absTo); resolved != "" {
+     absTo = resolved
+ }
+ rel, err := filepath.Rel(cwd, absTo)
+ if err != nil || strings.HasPrefix(rel, ".."+string(filepath.Separator)) || rel == ".." {
+     // writing outside of cwd requires -allow-local-file-access
+     return ErrLFAccessDenied
+ }

pkg/catalog/loader/ai_loader.go (1)

69-83: Avoid os.Exit(0) inside library code; return a typed sentinel and let the caller decide.

Exiting here kills embedding apps/tools unexpectedly and is non-recoverable. Return a sentinel error or a flag so the CLI can exit gracefully, while SDK users can handle it.

Apply this diff:

-		options.Logger.Debug().Msgf("\n%s", template)
-		// FIXME:
-		// we should not be exiting the program here
-		// but we need to find a better way to handle this
-		os.Exit(0)
+		options.Logger.Debug().Msgf("\n%s", template)
+		return nil, ErrTemplateDisplayed

Add this sentinel (outside the selected range, near the top of the file):

var ErrTemplateDisplayed = errkit.New("ai-loader: displayed generated template")

Document in the caller to treat ErrTemplateDisplayed as a success path (exit 0) if desired.

♻️ Duplicate comments (17)

pkg/fuzz/component/path.go (1)

120-131: Don’t PathDecode the whole path without preserving RawPath — encoded slashes (%2F) get broken

Decoding the entire rebuiltPath will turn any “%2F” within a segment into “/”, changing segment boundaries. Since RawPath is only set on UpdateRelPath error, encoded slashes are lost on success paths. This reintroduces the exact bug that prevents targeting literals containing “/”.

Fix: keep a copy of the pre-decoded string for RawPath, pass only the decoded string to UpdateRelPath, and restore RawPath when the original contains “%2F” (any case). Also fall back to RawPath on UpdateRelPath error.

Apply:

-    // Join the segments back into a path
-    rebuiltPath := strings.Join(rebuiltSegments, "/")
+    // Join the segments back into a path
+    rebuiltPath := strings.Join(rebuiltSegments, "/")
+    // Preserve the verbatim encoded form for RawPath when needed (e.g., %2F).
+    rawRebuiltPath := rebuiltPath
@@
-    if unescaped, err := urlutil.PathDecode(rebuiltPath); err == nil {
+    if unescaped, err := urlutil.PathDecode(rebuiltPath); err == nil {
         // this is handle the case where anyportion of path has url encoded data
         // by default the http/request official library will escape/encode special characters in path
         // to avoid double encoding we unescape/decode already encoded value
         //
         // if there is a invalid url encoded value like %99 then it will still be encoded as %2599 and not %99
         // the only way to make sure it stays as %99 is to implement raw request and unsafe for fuzzing as well
-        rebuiltPath = unescaped
+        rebuiltPath = unescaped
     }
@@
-    if err := cloned.UpdateRelPath(rebuiltPath, true); err != nil {
-        cloned.RawPath = rebuiltPath
-    }
+    if err := cloned.UpdateRelPath(rebuiltPath, true); err != nil {
+        // On failure, fall back to verbatim.
+        cloned.RawPath = rawRebuiltPath
+    } else if strings.Contains(strings.ToLower(rawRebuiltPath), "%2f") {
+        // Preserve encoded slashes so segment boundaries remain intact.
+        cloned.RawPath = rawRebuiltPath
+    }

This keeps one round of escaping while preserving literal “/” inside segments for the wire format. Add a focused unit test (see test suggestions) to lock this behavior.

Also applies to: 133-137

pkg/testutils/fuzzplayground/sqli_test.go (1)

3-10: Fix invalid URLs: encode the dynamic path segment and build the request path deterministically

Concatenating ts.URL with a path containing spaces/quotes produces an invalid URL; these cases will fail before hitting the server. Model the dynamic :id segment explicitly, percent-encode it with url.PathEscape (RFC 3986, encodes spaces as %20), and compose the path deterministically. This also aligns the test with the PR’s path-segment encoding changes (PathEncode/PathDecode) and the template behavior.

Apply:

@@
 import (
-	"fmt"
+	"fmt"
+	"io"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"testing"
 
 	"github.com/stretchr/testify/require"
 )
@@
-	tests := []struct {
-		name           string
-		path           string
-		expectedStatus int
-		shouldContainAdmin bool
-	}{
+	tests := []struct {
+		name               string
+		id                 string // dynamic :id path segment
+		expectedStatus     int
+		shouldContainAdmin bool
+	}{
@@
-		{
-			name:           "Normal request",
-			path:           "/user/75/profile", // User 75 exists and has role 'user'
-			expectedStatus: 200,
-			shouldContainAdmin: false,
-		},
+		{
+			name:               "Normal request",
+			id:                 "75", // User 75 exists and has role 'user'
+			expectedStatus:     200,
+			shouldContainAdmin: false,
+		},
@@
-		{
-			name:           "SQL injection with OR 1=1",
-			path:           "/user/75 OR 1=1/profile",
-			expectedStatus: 200, // Should work but might return first user (admin)
-			shouldContainAdmin: true, // Should return admin user data
-		},
+		{
+			name:               "SQL injection with OR 1=1",
+			id:                 "75 OR 1=1",
+			expectedStatus:     200, // Should work but might return first user (admin)
+			shouldContainAdmin: true, // Should return admin user data
+		},
@@
-		{
-			name:           "SQL injection with UNION",
-			path:           "/user/1 UNION SELECT 1,'admin',30,'admin'/profile",
-			expectedStatus: 200,
-			shouldContainAdmin: true,
-		},
+		{
+			name:               "SQL injection with UNION",
+			id:                 "1 UNION SELECT 1,'admin',30,'admin'",
+			expectedStatus:     200,
+			shouldContainAdmin: true,
+		},
@@
-		{
-			name:           "Template payload test - OR True with 75",
-			path:           "/user/75 OR True/profile", // What the template actually sends
-			expectedStatus: 200, // Actually works!
-			shouldContainAdmin: true, // Let's see if it returns admin
-		},
+		{
+			name:               "Template payload test - OR True with 75",
+			id:                 "75 OR True", // What the template actually sends
+			expectedStatus:     200, // Actually works!
+			shouldContainAdmin: true, // Let's see if it returns admin
+		},
@@
-		{
-			name:           "Template payload test - OR True with 55 (non-existent)",
-			path:           "/user/55 OR True/profile", // What the template should actually send
-			expectedStatus: 200, // Should work due to SQL injection
-			shouldContainAdmin: true, // Should return admin due to OR True
-		},
+		{
+			name:               "Template payload test - OR True with 55 (non-existent)",
+			id:                 "55 OR True", // What the template should actually send
+			expectedStatus:     200, // Should work due to SQL injection
+			shouldContainAdmin: true, // Should return admin due to OR True
+		},
@@
-		{
-			name:           "Test original user 55 issue",
-			path:           "/user/55/profile", // This should fail because user 55 doesn't exist  
-			expectedStatus: 500,
-			shouldContainAdmin: false,
-		},
+		{
+			name:               "Test original user 55 issue",
+			id:                 "55", // This should fail because user 55 doesn't exist
+			expectedStatus:     500,
+			shouldContainAdmin: false,
+		},
@@
-		{
-			name:           "Invalid ID - non-existent",
-			path:           "/user/999/profile",
-			expectedStatus: 500, // Should error due to no such user
-			shouldContainAdmin: false,
-		},
+		{
+			name:               "Invalid ID - non-existent",
+			id:                 "999",
+			expectedStatus:     500, // Should error due to no such user
+			shouldContainAdmin: false,
+		},
@@
-			resp, err := http.Get(ts.URL + tt.path)
+			escapedID := url.PathEscape(tt.id)
+			reqURL := fmt.Sprintf("%s/user/%s/profile", ts.URL, escapedID)
+			resp, err := http.Get(reqURL)
 			require.NoError(t, err)

Optional alternative: you can use url.JoinPath to avoid manual string formatting:

• reqURL, joinErr := url.JoinPath(ts.URL, "user", escapedID, "profile")
• require.NoError(t, joinErr)
• resp, err := http.Get(reqURL)

Also applies to: 17-22, 23-64, 69-71

go.mod (1)

23-23: fastdialer v0.4.6: re-verify breaking symbol removals before merging.

As noted previously, v0.4.6 removed/renamed symbols your code referenced (SniName, IP, ErrDialTimeout). Ensure all usages are updated, or this won’t compile.

Run from repo root:

#!/bin/bash
# Verify no lingering references to removed fastdialer symbols
rg -nP -C2 '\bfastdialer\.(SniName|IP|ErrDialTimeout)\b' -g '!**/vendor/**' || echo "OK: no references found"

internal/runner/proxy.go (1)

53-53: Avoid duplicating the error text in Wrapf; include the proxy value instead

Wrapping with a message that also formats err duplicates the error in logs. Use the proxy string for context.

-		return errkit.Wrapf(err, "failed to parse proxy got %v", err)
+		return errkit.Wrapf(err, "failed to parse proxy %q", aliveProxy)

pkg/js/gojs/set.go (1)

86-86: Wrap the sentinel instead of returning a fresh formatted error

Returning a new error breaks errkit.Is(err, ErrInvalidFuncOpts) checks. Wrap the sentinel with details to keep matchability.

-        return errkit.Newf("invalid function options: name: %s, signatures: %v, description: %s", opts.Name, opts.Signatures, opts.Description)
+        return errkit.Wrapf(ErrInvalidFuncOpts, "name: %s, signatures: %v, description: %s", opts.Name, opts.Signatures, opts.Description)

pkg/protocols/common/interactsh/interactsh.go (1)

240-247: Wrap the original error, not the sentinel (duplicate of prior feedback)

Wrapping ErrInteractshClientNotInitialized around err makes the sentinel the cause and discards the real one. Wrap the original error with context; return the sentinel directly only when the client is nil.

-    return "", errkit.Wrap(ErrInteractshClientNotInitialized, err.Error())
+    return "", errkit.Wrap(err, "interactsh client not initialized")

cmd/integration-test/http.go (2)

631-647: Bug: returns the wrong variable; should return errx, not err

When parameter mismatches are detected, errors are accumulated into errx, but the function returns err from RunNuclei instead, losing the assertion details.

Apply:

- if errx != nil {
-   return err
- }
+ if errx != nil {
+   return errx
+ }

---

1028-1050: Incorrect errkit.New usage: format string not applied; use Newf or structured fields

errkit.New doesn’t format messages. The "%v" placeholder will not be resolved and the slice becomes an unkeyed kv. Prefer Newf (formatted text) or New with proper key/value pairs.

Choose one:

• Formatted text:

- return errkit.New("expected requests to be sent to `/one` and `/two` endpoints but were sent to `%v`", gotReqToEndpoints, "filePath", filePath)
+ return errkit.Newf("expected requests to be sent to `/one` and `/two` endpoints but were sent to `%v`", gotReqToEndpoints)

• Structured fields (recommended if consumers read fields):

- return errkit.New("expected requests to be sent to `/one` and `/two` endpoints but were sent to `%v`", gotReqToEndpoints, "filePath", filePath)
+ return errkit.New("unexpected endpoints visited", "expected", []string{"/one", "/two", "/one", "/two"}, "got", gotReqToEndpoints, "filePath", filePath)

pkg/protocols/http/build_request.go (2)

58-61: WithTag ignores its tag parameter

The tag argument is dropped, so no tag is actually attached. Attach it as structured metadata (if supported) when wrapping.

-func (w wrapperError) WithTag(tag string) error {
-  return errkit.Wrap(w.err, w.template.format)
-}
+func (w wrapperError) WithTag(tag string) error {
+  return errkit.Wrap(w.err, w.template.format, "tag", tag)
+}

If unsure whether errkit.Wrap supports kvs, search for its usage with extra args:

#!/bin/bash
rg -nP 'errkit\.Wrap\([^)]*,\s*[^,]+,\s*"[^"]+"\s*,\s*' -C2 -g '!**/vendor/**'
rg -n 'errkit\.WithTag\(' -g '!**/vendor/**' -C2

---

388-392: Avoid duplicating err in Wrapf format and as cause

The format string includes the error again (“got %v”) while also wrapping err, resulting in repeated content.

- return nil, errkit.Wrapf(err, "failed to create request with url %v got %v", rawRequestData.FullURL, err)
+ return nil, errkit.Wrapf(err, "failed to create request with url %v", rawRequestData.FullURL)

CLAUDE.md (1)

72-72: Trim trailing double-space for cleaner Markdown

Remove the extra two spaces at the end of the line.

Apply:

- - YAML format with info, requests, and operators sections  
+ - YAML format with info, requests, and operators sections

pkg/protocols/ssl/ssl.go (2)

171-173: Preserve cause when tlsx.New fails

Return a wrapped error instead of a fresh one.

Apply:

-    if err != nil {
-        return errkit.New("could not create tlsx service")
-    }
+    if err != nil {
+        return errkit.Wrap(err, "could not create tlsx service")
+    }

---

181-182: Wrap operator compile error instead of formatting into a new error

This keeps the original compile error in the chain.

Apply:

-        if err := compiled.Compile(); err != nil {
-            return errkit.Newf("could not compile operators got %v", err)
-        }
+        if err := compiled.Compile(); err != nil {
+            return errkit.Wrap(err, "could not compile operators")
+        }

pkg/templates/compile.go (1)

482-484: Use options.TemplatePath instead of template.Path in error message

At this point, template.Path is not set yet. Use options.TemplatePath (already set to filePath earlier in Parse) to ensure the error contains the actual source path. This was flagged previously and remains applicable.

Apply this diff:

-        return nil, errkit.Wrapf(err, "failed to parse %s", template.Path)
+        return nil, errkit.Wrapf(err, "failed to parse %s", options.TemplatePath)

pkg/catalog/loader/loader.go (1)

241-242: Critical: Wrapf with a nil err returns nil — returns (nil, nil) when remoteTemplates is empty

This replicates a known pitfall. If err == nil and len(remoteTemplates) == 0, Wrapf(nil, ...) returns nil, causing a false-success path.

-        if err != nil || len(remoteTemplates) == 0 {
-            return nil, errkit.Wrapf(err, "Could not load template %s: got %v", uri, remoteTemplates)
-        }
+        if err != nil || len(remoteTemplates) == 0 {
+            if err != nil {
+                return nil, errkit.Wrapf(err, "Could not load template %s", uri)
+            }
+            return nil, errkit.Newf("Could not load template %s: got %v", uri, remoteTemplates)
+        }

pkg/catalog/loader/ai_loader.go (1)

45-46: Use Wrap/Wrapf when attaching context to an existing error (avoid losing cause).

These returns use Newf("...: %v", err), which drops the original error as a cause and duplicates it in the message. Prefer Wrap/Wrapf with concise context.

Apply these diffs:

-		return nil, errkit.Newf("Failed to generate template: %v", err)
+		return nil, errkit.Wrap(err, "failed to generate template")

-		return nil, errkit.Newf("Failed to create pdcp template directory: %v", err)
+		return nil, errkit.Wrapf(err, "failed to create pdcp template directory %q", pdcpTemplateDir)

-		return nil, errkit.Newf("Failed to generate template: %v", err)
+		return nil, errkit.Wrapf(err, "failed to write template file %q", templateFile)

-		return "", "", errkit.Newf("Failed to marshal request body: %v", err)
+		return "", "", errkit.Wrap(err, "failed to marshal request body")

-	return "", "", errkit.Newf("Failed to create HTTP request: %v", err)
+	return "", "", errkit.Wrapf(err, "failed to create HTTP request to %s", aiTemplateGeneratorAPIEndpoint)

-		return "", "", errkit.Newf("Failed to get PDCP credentials: %v", err)
+		return "", "", errkit.Wrap(err, "failed to get PDCP credentials")

-		return "", "", errkit.Newf("Failed to send HTTP request: %v", err)
+		return "", "", errkit.Wrapf(err, "failed to send HTTP request to %s", aiTemplateGeneratorAPIEndpoint)

-	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
-		return "", "", errkit.Newf("Failed to decode API response: %v", err)
+	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		return "", "", errkit.Wrap(err, "failed to decode API response")

#!/bin/bash
# Ensure no remaining "Newf(...: %v", err)" patterns in this file
rg -nP 'Newf\("[^"]*%v"\s*,\s*err\)' pkg/catalog/loader/ai_loader.go -C2

Also applies to: 50-51, 56-57, 94-95, 99-100, 105-106, 117-118, 134-135

lib/sdk.go (1)

101-101: Don’t duplicate the wrapped error in Wrapf message.

Wrap/Wrapf already carries the cause; embedding err again is redundant. Use Wrap with concise context.

Apply these diffs:

-		return errkit.Wrapf(err, "Could not create workflow loader: %s", err)
+		return errkit.Wrap(err, "Could not create workflow loader")

-		return errkit.Wrapf(err, "Could not create loader client: %s", err)
+		return errkit.Wrap(err, "Could not create loader client")

Also applies to: 107-107

[tarunKoyalwar]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved.