fix(fuzz): data race in evaluateVarsWithInteractsh

[yusei-wy]

Summary

Clone the data map before modification in evaluateVarsWithInteractsh to prevent race conditions when multiple goroutines call this function concurrently with a shared map.

Closes #6827

Changes

• Added maps.Clone(data) at the beginning of the interactsh processing block
• Added a test case that reproduces the race condition (passes with -race flag after fix)

Before

$ go test -race -run TestEvaluateVarsWithInteractsh_RaceCondition ./pkg/fuzz/
WARNING: DATA RACE
Write at 0x00c0006380f0 by goroutine 24:
  github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).evaluateVarsWithInteractsh()
      pkg/fuzz/execute.go:252 +0x5d0
...

After

$ go test -race -run TestEvaluateVarsWithInteractsh_RaceCondition -count=5 ./pkg/fuzz/
PASS
ok  github.com/projectdiscovery/nuclei/v3/pkg/fuzz  2.421s

Testing

• go test -race ./pkg/fuzz/... passes
• make vet passes
• make build succeeds

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Enhanced data integrity and system reliability by preventing unintended modifications to input data during variable evaluation operations, significantly reducing potential side effects on the caller's data and operations

• Tests

  • Added comprehensive race condition testing to thoroughly validate and ensure that variable evaluation with Interactsh integration operates safely, correctly, and reliably under concurrent access scenarios

[coderabbitai]

Walkthrough

This change fixes a concurrent map write race condition in evaluateVarsWithInteractsh by cloning the data map before modification when Interactsh options are configured, and includes a race condition test to verify the fix.

Changes

Cohort / File(s)	Summary
Race Condition Fix pkg/fuzz/execute.go	Added maps package import and map cloning logic in evaluateVarsWithInteractsh to prevent concurrent writes to the shared data map when Interactsh is configured.
Race Condition Test pkg/fuzz/execute_race_test.go	Added TestEvaluateVarsWithInteractsh_RaceCondition test that launches 10 concurrent goroutines executing variable evaluation with Interactsh to verify race-condition safety.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A fuzzy tale of maps that clone,
Where race conditions once were shown,
Now data copies guard the way,
Safe concurrent runs by day! 🗺️✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The PR fully addresses the requirements from issue #6827 by cloning the data map using maps.Clone() before modifications and adding a race condition test.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the concurrent map writes issue described in issue #6827. No unrelated or out-of-scope modifications are present.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: fixing a data race condition in the evaluateVarsWithInteractsh function by cloning the data map to prevent concurrent modifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dogancanbakir]

@yusei-wy tests are failing

[yusei-wy]

@dogancanbakir

Investigation Report: Integration Test Failure

I investigated the failing integration tests and here are my findings:

Failing Test

• protocols/http/interactsh-requests-mc-and.yaml
• Expected: 1 match result
• Actual: 0 matches

Root Cause Analysis

From the CI logs:

[ERR] Could not unmarshal interaction data interaction:
server.Interaction.Protocol: ReadString: invalid control character found

The test failure is caused by corrupted response from the external Interactsh server, not by the code changes in this PR.

• The Interactsh server returned binary data mixed into the JSON response
• JSON parsing failed
• The Interactsh matcher couldn't detect the interaction, resulting in 0 matches

Analysis of PR Changes

The maps.Clone(data) addition is correct:

• It prevents concurrent map writes (the original issue this PR addresses)
• Shallow copy is sufficient since only value types are modified
• Performance impact is negligible

This change does not cause the test failure. The test exercises the modified code path, but the failure is due to external Interactsh server communication issues (flaky test).

Recommendation

Could you please re-run the CI? This appears to be a transient issue with the external Interactsh server communication, not a problem with this PR's changes.