fix(templates): segfault in workflow parsing with global-matchers templates

[dwisiswant0]

Proposed changes

fix(templates): segfault in workflow parsing with global-matchers templates

Add nil guard in parseWorkflowTemplate to handle
global-matchers templates returning nil,
preventing panic on dereference.

Fixes #6751

Proof

dev:

$ git cherry-pick 75e931f17e35cb7ed4bd2afc29964a470a46908f # add test case
$ go test -v -run ^Test_ParseWorkflowWithGlobalMatchers$ ./pkg/templates
=== RUN   Test_ParseWorkflowWithGlobalMatchers
--- FAIL: Test_ParseWorkflowWithGlobalMatchers (0.05s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered, repanicked]
[signal SIGSEGV: segmentation violation code=0x1 addr=0x230 pc=0x237f44e]

goroutine 34 [running]:
testing.tRunner.func1.2({0x2775820, 0x5b9bf80})
	/usr/local/go/src/testing/testing.go:1872 +0x237
testing.tRunner.func1()
	/usr/local/go/src/testing/testing.go:1875 +0x35b
panic({0x2775820?, 0x5b9bf80?})
	/usr/local/go/src/runtime/panic.go:783 +0x132
github.com/projectdiscovery/nuclei/v3/pkg/templates.parseWorkflowTemplate(0xc000572ee0, {0x0, 0x0}, 0xc0015f6508, {0x39656e8, 0xc00039a090}, 0x0)
	/home/dw1/Development/PD/nuclei/pkg/templates/workflows.go:80 +0x1ce
github.com/projectdiscovery/nuclei/v3/pkg/templates.parseWorkflow({0x0, 0x0}, 0xc000572ee0, 0xc0015f6508, {0x39656e8, 0xc00039a090})
	/home/dw1/Development/PD/nuclei/pkg/templates/workflows.go:34 +0xc9
github.com/projectdiscovery/nuclei/v3/pkg/templates.compileWorkflow({0x2c6d0f5, 0x23}, {0x0, 0x0}, 0xc0015f6508, 0x0?, {0x39656e8, 0xc00039a090})
	/home/dw1/Development/PD/nuclei/pkg/templates/workflows.go:17 +0xd8
github.com/projectdiscovery/nuclei/v3/pkg/templates.parseFromSource({0x2c6d0f5, 0x23}, {0x0, 0x0}, 0xc0015f6288, 0xc0004d0d20)
	/home/dw1/Development/PD/nuclei/pkg/templates/compile.go:142 +0x267
github.com/projectdiscovery/nuclei/v3/pkg/templates.Parse({0x2c6d0f5?, 0x23?}, {0x0?, 0x0?}, 0xc0015f6288?)
	/home/dw1/Development/PD/nuclei/pkg/templates/compile.go:238 +0x405
github.com/projectdiscovery/nuclei/v3/pkg/templates_test.Test_ParseWorkflowWithGlobalMatchers(0xc001880540)
	/home/dw1/Development/PD/nuclei/pkg/templates/compile_test.go:199 +0xc5
testing.tRunner(0xc001880540, 0x3645178)
	/usr/local/go/src/testing/testing.go:1934 +0xea
created by testing.(*T).Run in goroutine 1
	/usr/local/go/src/testing/testing.go:1997 +0x465
FAIL	github.com/projectdiscovery/nuclei/v3/pkg/templates	0.165s
FAIL

this patch:

$ go test -v -run ^Test_ParseWorkflowWithGlobalMatchers$ ./pkg/templates
=== RUN   Test_ParseWorkflowWithGlobalMatchers
--- PASS: Test_ParseWorkflowWithGlobalMatchers (0.03s)
PASS
ok  	github.com/projectdiscovery/nuclei/v3/pkg/templates	0.146s

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Summary by CodeRabbit

• Bug Fixes

  • Improved stability when processing workflows by guarding against nil templates and handling global matcher edge cases.

• Tests

  • Added test coverage for parsing workflows with global matchers to ensure correct compilation behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added a nil-check when iterating parsed workflow templates to skip nil templates and avoid nil dereferences; added a test that enables global matchers, parses a workflow containing a global-matcher template, and asserts the compiled workflow structure and executer configuration.

Changes

Cohort / File(s)	Summary
Core Logic Fix pkg/templates/workflows.go	Added if template == nil { continue } after parsing to skip nil templates and prevent subsequent nil pointer dereferences during workflow validation/collection.
Test Coverage pkg/templates/compile_test.go	Added import of globalmatchers and new test Test_ParseWorkflowWithGlobalMatchers that temporarily enables global matchers, initializes executerOpts.GlobalMatchers, parses a workflow with a global-matcher template, asserts compiled workflow counts and executer presence, and restores prior state.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through templates, careful and spry,
A tiny nil-check saved the sky,
Global matchers tuned with gentle care,
Workflows now parse with room to spare,
🍃 A rabbit's cheer for code made fair.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main bug fix: preventing a segmentation fault in workflow parsing when global-matchers templates are used, which directly relates to the code changes.
Linked Issues check	✅ Passed	The PR adds a nil-check guard in parseWorkflowTemplate and includes a test that reproduces and validates the fix for issue #6751, addressing the segfault crash when workflows use global-matcher templates.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the segfault: a nil-check in workflows.go and a corresponding test in compile_test.go to validate the fix, with no extraneous modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}