chore: golangci-lint run --fix ./...#7018
Merged
dogancanbakir merged 2 commits intodevfrom Mar 4, 2026
Merged
Conversation
Neo - PR Security ReviewNo security issues found Highlights
Comment |
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review infoConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
💤 Files with no reviewable changes (1)
WalkthroughReplaces numerous Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 7
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (6)
pkg/tmplexec/flow/vm.go (1)
58-71:⚠️ Potential issue | 🟡 MinorLogging stream mismatch (stdout vs stderr).
logis documented as stdout butgologger.DefaultLogger.Print()writes to stderr. For correct piping/redirects, either switch toSilent()or update the description to say stderr.✅ Suggested fix (stdout)
- gologger.DefaultLogger.Print().Msgf("[%v] %v", aurora.BrightCyan("JS"), value) + gologger.DefaultLogger.Silent().Msgf("[%v] %v", aurora.BrightCyan("JS"), value)Based on learnings, "In projectdiscovery/gologger, the Print() function writes to stderr and Silent() writes to stdout. During reviews, ensure code uses Print() for error/output going to stderr and Silent() for stdout; verify the chosen function matches the intended destination and that logs are directed to the correct stream for proper piping/redirects."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/tmplexec/flow/vm.go` around lines 58 - 71, The "log" template function (Name: "log", FuncDecl) claims to write to stdout but currently uses gologger.DefaultLogger.Print(), which outputs to stderr; update the implementation to use gologger.DefaultLogger.Silent() for all branches (string, map[string]any, default) so logs go to stdout, or alternatively change the Description text to indicate stderr if you intend to keep Print(); ensure every call site inside the FuncDecl is changed consistently (replace Print() calls) and keep the aurora and vardump usage the same.pkg/utils/insertion_ordered_map.go (1)
36-59:⚠️ Potential issue | 🟡 MinorReset
keyswhen unmarshalling to avoid stale ordering.
valuesis reinitialized butkeysis not, so reusing the same instance can append new keys after old ones and produce duplicates.🛠️ Suggested fix
func (insertionOrderedStringMap *InsertionOrderedStringMap) UnmarshalYAML(unmarshal func(any) error) error { var data yaml.MapSlice if err := unmarshal(&data); err != nil { return err } insertionOrderedStringMap.values = make(map[string]any) + insertionOrderedStringMap.keys = make([]string, 0, len(data)) for _, v := range data { if v.Key == nil { continue } insertionOrderedStringMap.Set(v.Key.(string), toString(v.Value)) } return nil } func (insertionOrderedStringMap *InsertionOrderedStringMap) UnmarshalJSON(data []byte) error { var dataMap map[string]any if err := json.Unmarshal(data, &dataMap); err != nil { return err } insertionOrderedStringMap.values = make(map[string]any) + insertionOrderedStringMap.keys = make([]string, 0, len(dataMap)) for k, v := range dataMap { insertionOrderedStringMap.Set(k, toString(v)) } return nil }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/utils/insertion_ordered_map.go` around lines 36 - 59, UnmarshalYAML and UnmarshalJSON reinitialize insertionOrderedStringMap.values but don't reset the keys slice, causing old keys to persist and produce duplicates; update both methods (UnmarshalYAML and UnmarshalJSON on InsertionOrderedStringMap) to reset insertionOrderedStringMap.keys (e.g., assign nil or make([]string,0)) before calling Set so the ordering is rebuilt from the unmarshalled data.pkg/js/libs/rsync/memo.rsync.go (1)
1-1:⚠️ Potential issue | 🟠 MajorUpdate the memogen template to use
anyinstead ofinterface{}.The memo.*.go files were updated via
go fix ./...to useanyinstead ofinterface{}, but the generator template (cmd/memogen/function.tplline 16) still emitsinterface{}. The next invocation ofmake memogenwill silently revert this change.Update
cmd/memogen/function.tplline 16 from:v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) {to:
v, err, _ := protocolstate.Memoizer.Do(hash, func() (any, error) {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/js/libs/rsync/memo.rsync.go` at line 1, The memogen generator template still emits interface{} for the Memoizer.Do callback return type; update the template (cmd/memogen/function.tpl) so the generated line uses (any, error) instead of (interface{}, error): change the anonymous function signature in the emitted code where you produce "v, err, _ := protocolstate.Memoizer.Do(hash, func() (... ) {" to return (any, error), ensuring generated files no longer revert to interface{} for the Memoizer.Do callback.pkg/js/devtools/tsgen/scrape.go (1)
49-55:⚠️ Potential issue | 🟡 MinorRemove redundant variable shadows in range-over-func loops.
The
field := fieldassignments on lines 50 and 121 are unnecessary. Since Go 1.22, loop variables in range statements are uniquely scoped per iteration, making these self-assignments dead code. The same redundant pattern appears inpkg/js/devtools/bindgen/generator.go:400.Suggested cleanup
- for field := range namedStruct.Fields() { - field := field + for field := range namedStruct.Fields() { fieldName := field.Name()- for field := range t.Fields() { - field := field + for field := range t.Fields() { if field.Exported() {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/js/devtools/tsgen/scrape.go` around lines 49 - 55, Remove the redundant self-assignments that shadow the loop variable in the range loops: delete the unnecessary "field := field" inside the loop iterating namedStruct.Fields() in pkg/js/devtools/tsgen/scrape.go (the loop that calls recursiveScrapeType(nil, fieldName, field.Type(), d)) and the similar redundant "field := field" at the other occurrence in pkg/js/devtools/bindgen/generator.go around line 400; rely on Go's per-iteration scoped loop variable and keep using field.Name(), field.Exported(), and field.Type() directly.pkg/reporting/trackers/jira/jira.go (1)
282-309:⚠️ Potential issue | 🔴 CriticalType assertion for
map[any]anywill silently skip custom fields loaded from JSON/YAML.When configurations are unmarshalled from JSON or YAML, Go produces
map[string]interface{}(equivalent tomap[string]any), notmap[any]any. The code at line 285 assertsvalue.(map[any]any), which fails for JSON-sourced configs becausemap[string]anycannot be asserted tomap[any]anyin Go's type system. Custom fields from JSON/YAML will silently be skipped with no warning beyond the existing log message for nested value errors.Normalize both map types before iteration:
🔧 Suggested fix
- for name, value := range i.options.CustomFields { - if valueMap, ok := value.(map[any]any); ok { - // Iterate over nested map - for nestedName, nestedValue := range valueMap { + for name, value := range i.options.CustomFields { + var valueMap map[string]any + switch v := value.(type) { + case map[string]any: + valueMap = v + case map[any]any: + valueMap = make(map[string]any, len(v)) + for k, nv := range v { + ks, ok := k.(string) + if !ok { + return nil, fmt.Errorf(`custom field %q has non-string key: %v`, name, k) + } + valueMap[ks] = nv + } + default: + continue + } + + // Iterate over nested map + for nestedName, nestedValue := range valueMap { fmtNestedValue, ok := nestedValue.(string) if !ok { return nil, fmt.Errorf(`couldn't iterate on nested item "%s": %s`, nestedName, nestedValue) } @@ - } - } + } }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/reporting/trackers/jira/jira.go` around lines 282 - 309, The loop that processes i.options.CustomFields currently asserts value.(map[any]any) which will fail for typical JSON/YAML unmarshalling (map[string]any); update the handling in the block that builds customFields so it accepts both map[string]any and map[any]any (or normalizes the map) before iterating: detect the concrete type, convert keys to string as needed, then iterate nestedName/nestedValue and call i.evaluateCustomFieldValue as before, preserving the existing switch cases for "id"/"name"/"freeform" and fallback behavior; reference the same variables and functions (i.options.CustomFields, customFields, nestedName, nestedValue, i.evaluateCustomFieldValue) so the change is localized and avoids silently skipping JSON/YAML-provided custom fields.pkg/protocols/common/generators/options.go (1)
12-12:⚠️ Potential issue | 🟡 MinorStale comment — update
map[string]interface{}tomap[string]any.The
sync.Mapannotation on Line 12 still references the old type spelling after the migration.📝 Proposed fix
-var optionsPayloadMap sync.Map // map[*types.Options]map[string]interface{} +var optionsPayloadMap sync.Map // map[*types.Options]map[string]any🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/common/generators/options.go` at line 12, Update the stale type spelling in the inline comment for the sync.Map variable: change the comment on optionsPayloadMap (currently "// map[*types.Options]map[string]interface{}") to use the new alias "// map[*types.Options]map[string]any" so the annotation matches the migrated type naming; locate the variable optionsPayloadMap declared with sync.Map and replace only the comment text accordingly.
♻️ Duplicate comments (9)
pkg/protocols/headless/operators_test.go (7)
173-175: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 173 - 175, Duplicate modernization: the test assigns data = map[string]any{"data": invalidJSON} but this should match the earlier type used at lines 34–36; update the assignment for the variable data to use the same type as the earlier declaration (e.g., map[string]interface{} if that is used previously) so the test is consistent with the existing type usage for variable names data and invalidJSON in operators_test.go.
482-484: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 482 - 484, This is a duplicate modernization: the local variable data := map[string]any{"data": htmlContent} repeats the same type change already applied earlier; remove this redundant declaration and reuse the previously declared variable or the earlier typed pattern, or revert this duplicate to match the original type usage so there's only one consistent modernization for the variable named data (refer to the data variable and htmlContent in operators_test.go to locate the duplicated change).
216-218: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 216 - 218, The map modernization for the local variable "data" is a duplicate of an earlier change; revert or remove this duplicate by restoring the original type usage where "data" is defined (either remove this second declaration and reuse the earlier "data" variable or change it back from map[string]any to the original map type used elsewhere, referencing the "data" variable and "htmlContent" to locate the code). Ensure only the single intended modernization remains to avoid redundant edits.
294-298: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 294 - 298, The map literal for variable data uses map[string]any which is a duplicate of an earlier modernization change; update this declaration to use the same map type used at the earlier occurrence (lines 34–36) for consistency—i.e., change the type of data from map[string]any to the identical type alias used previously in this file (matching the other declarations that reference htmlContent and jsonContent).
368-370: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 368 - 370, The test uses a duplicate type modernization for the local variable "data"; replace the current map[string]any literal with the same type used earlier in this file (use map[string]interface{} for the "data" variable constructed from "jsonContent") so the test's type style is consistent with the earlier declaration around lines 34–36; update the "data" assignment accordingly.
250-254: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 250 - 254, The map literal creating variable "data" is a duplicate of the earlier type-modernization; remove this redundant declaration and either reuse the previously declared "data" variable or rename/merge this usage so you don't shadow or redefine it. Locate the "data" map literal in operators_test.go and align it with the earlier modernization pattern (use the same map type and single declaration) to eliminate the duplicate.
107-109: Duplicate of earlier type modernization. Same rationale as Line 34–36.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/operators_test.go` around lines 107 - 109, The test declares data with map[string]any which duplicates a previous type-modernization; make this declaration consistent with the earlier change (lines 34–36) by using the same type as used there—e.g., change the data := map[string]any{ "data": jsonContent } to use map[string]interface{} (or to map[string]any if the earlier lines use any) so the variable name data and its use of jsonContent match the project's chosen type convention.pkg/workflows/workflows.go (1)
55-55: Same JSON compatibility concern forName.This is the same
omitemptyremoval issue asTags—please confirm the behavior change is intended or revert to keep compatibility.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/workflows/workflows.go` at line 55, The struct field Name (type stringslice.StringSlice) lost the `omitempty` JSON tag which changes serialization behavior and can break compatibility; either restore the original `json:"name,omitempty"` tag on the Name field in workflows.go to preserve previous behavior or explicitly document and update callers/tests if the intent is to remove `omitempty`. Locate the Name field declaration (Name stringslice.StringSlice) and revert/add the `omitempty` in the json struct tag to match how Tags was handled or confirm the intentional change and update changelog/tests accordingly.pkg/js/devtools/tsgen/scrape.go (1)
120-125: Same pattern as Lines 49–55.Both the
Fields()call-style concern and the redundantfield := fieldshadow on Line 121 are identical to the issues raised above for Lines 49–55; the proposed fix diff above already covers this site.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/js/devtools/tsgen/scrape.go` around lines 120 - 125, The loop over t.Fields() is using "for field := range t.Fields()" which iterates indices (and then shadows the variable with "field := field"); change it to iterate values with "for _, field := range t.Fields()" and remove the redundant shadowing so calls to field.Name() and field.Type() in recursiveScrapeType(nil, field.Name(), field.Type(), nestedExtObject) use the actual field value; keep the Exported() check as-is.
🧹 Nitpick comments (6)
pkg/protocols/http/signer/signer.go (1)
51-51: Nit: remove stale comment.
// type ctxkey stringis a leftover from a previous refactor and is never used. Consider removing it to keep the file tidy.🧹 Proposed cleanup
- // type ctxkey string ctx := context.WithValue(context.Background(), SignerArg("service"), service)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/http/signer/signer.go` at line 51, Remove the stale commented declaration "// type ctxkey string" from signer.go; locate the commented line (the unused ctxkey identifier) near the top of the file and delete it so the file no longer contains this leftover comment from the previous refactor.pkg/reporting/trackers/linear/jsonutil/jsonutil.go (1)
200-203: Nit: commented-out code still references deprecatedreflect.Ptr.
go fixdoesn't rewrite comments, so this TODO block was left with the old name. If the comment is ever uncommented, it would need updating too.🧹 Proposed cleanup
- //if v.Kind() == reflect.Ptr && v.IsNil() { + //if v.Kind() == reflect.Pointer && v.IsNil() {🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/reporting/trackers/linear/jsonutil/jsonutil.go` around lines 200 - 203, The commented TODO block inside jsonutil.go still uses the deprecated reflect.Ptr identifier (in the lines referencing v.Kind() == reflect.Ptr and reflect.New), so update or remove the comment to avoid misleading future uncommenting: either change reflect.Ptr to the current name reflect.Pointer in the comment and any example code (references: v.Kind(), v.IsNil(), v.Set(reflect.New(v.Type().Elem()))), or delete the commented block entirely if it’s stale; if you keep it, also update the TODO to state the exact behavior to test (initializing nil pointers via reflect.Pointer/new) so it won’t reintroduce the deprecated symbol.pkg/protocols/common/helpers/responsehighlighter/hexdump.go (1)
35-40: Avoid temporary concatenation inside the Builder.
WriteStringcurrently receives a pre-concatenated string, which still allocates per-iteration. You can eliminate that intermediate allocation by writing each part directly.♻️ Proposed refactor
for i := 0; i < hexDump.len(); i++ { - result.WriteString(hexDump.index[i] + hexDump.hex[i] + "|" + hexDump.ascii[i] + "|\n") + result.WriteString(hexDump.index[i]) + result.WriteString(hexDump.hex[i]) + result.WriteString("|") + result.WriteString(hexDump.ascii[i]) + result.WriteString("|\n") }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/common/helpers/responsehighlighter/hexdump.go` around lines 35 - 40, The String method of HighlightableHexDump currently concatenates per-iteration with "+", causing temporary allocations; change the loop in HighlightableHexDump.String() to write each piece directly into the strings.Builder (e.g., call result.WriteString(hexDump.index[i]), result.WriteString(hexDump.hex[i]), result.WriteByte('|'), result.WriteString(hexDump.ascii[i]), result.WriteString("|\n") in sequence) and optionally call result.Grow(...) before the loop to preallocate capacity based on hexDump.len() to avoid per-iteration allocations.internal/runner/runner.go (1)
987-987: Staleinterface{}reference in doc comment.The function parameter type was updated to
any, but the doc comment on line 987 still referencesinterface{}.♻️ Proposed fix
-// The interface{} passed to the function should be a pointer to a struct or a struct. +// The any value passed to the function should be a pointer to a struct or a struct.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@internal/runner/runner.go` at line 987, Update the stale doc comment that still mentions "interface{}" to use "any" to match the changed parameter type; locate the comment above the function in internal/runner/runner.go (the comment at line ~987) that explains the parameter must be "a pointer to a struct or a struct" and replace "interface{}" with "any" while preserving the rest of the description so it accurately documents the function signature that now accepts any.pkg/js/compiler/pool.go (1)
232-232: LGTM on thereflect.Ptr→reflect.Pointerupdate.
reflect.Pointeris the preferred name since Go 1.18 and has the same underlying value asreflect.Ptr.As a side note (pre-existing, not introduced by this PR), the condition on line 232 relies on
&&binding tighter than||for correct behavior. While this works as intended, adding explicit parentheses would improve readability:🔧 Optional: clarify precedence with explicit parentheses
- if kind == reflect.Struct || kind == reflect.Pointer && reflect.ValueOf(value).Elem().Kind() == reflect.Struct { + if kind == reflect.Struct || (kind == reflect.Pointer && reflect.ValueOf(value).Elem().Kind() == reflect.Struct) {Also applies to: 247-248
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/js/compiler/pool.go` at line 232, The boolean expression using reflect.Kind checks (e.g., the condition "if kind == reflect.Struct || kind == reflect.Pointer && reflect.ValueOf(value).Elem().Kind() == reflect.Struct") relies on && binding tighter than ||; make the precedence explicit by adding parentheses around the pointer case like "(kind == reflect.Pointer && ...)" so the intention is clear, and apply the same parenthesization to the analogous conditions around lines 247-248 (search for the similar reflect.Kind checks in the same function in pkg/js/compiler/pool.go) to improve readability.pkg/fuzz/dataformat/json.go (1)
14-16: Stalemap[string]interface{}reference in the TODO comment.The struct doc (unchanged by
go fix) still readsmap[string]interface{}, which is now inconsistent with themap[string]anyused throughout this file and the broader codebase.📝 Suggested comment update
// TODO: Support arrays + other JSON oddities by -// adding more attributes to the map[string]interface{} +// adding more attributes to the map[string]any🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/fuzz/dataformat/json.go` around lines 14 - 16, Update the stale TODO comment above the JSON struct: change the textual reference from "map[string]interface{}" to "map[string]any" so the comment matches the types used in this file and the codebase; locate the comment near the JSON struct declaration (type JSON struct{}) and edit the comment text only—no code changes required.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@pkg/fuzz/dataformat/dataformat_test.go`:
- Around line 44-46: The test's failure message is stale after the any
migration: update the t.Fatal call in the type assertion block that checks
fooMap, ok := fooValue.(map[string]any) to reference the correct type name
(`map[string]any`) instead of `map[string]interface{}`; locate the assertion
around fooValue and fooMap in the test and change the message string to
something like "type assertion to map[string]any failed" so it matches the
actual asserted type.
In `@pkg/fuzz/dataformat/multipart_test.go`:
- Around line 237-239: The assertion message for the type check uses "Expected
[]interface{} for documents" but the code casts to []any; update the assertion
message in the documents type-check (the require.True call that checks
documents.([]any) and the variable documentsArray) to say "Expected []any for
documents" so the message matches the actual type used.
- Around line 230-232: The test assertion message is inconsistent: it says
"Expected []interface{} for profile_picture" while the code uses profileArray,
profilePicture and type []any; update the require.True call's message to
reference "[]any" (or "[]any for profile_picture") so the diagnostic matches the
actual type check for profileArray/profilePicture in multipart_test.go.
In `@pkg/js/libs/oracle/memo.oracle.go`:
- Line 14: Update the generator template that emits memoized function signatures
so it uses the new Go alias type `any` instead of `interface{}`: locate the
template file named function.tpl and change the anonymous function return type
from `func() (interface{}, error)` to `func() (any, error)` so future runs of
the memogen generator will produce memo.*.go files with `any` and avoid
regressing the recent change.
In `@pkg/model/model.go`:
- Line 35: The JSON struct tags for Authors, Tags, SeverityHolder, CVEID, and
CWEID were modified to remove `omitempty`—restore `omitempty` on the JSON tag
for each of these fields in the model struct (look for the `Authors`, `Tags`,
`SeverityHolder`, `CVEID`, `CWEID` field declarations in pkg/model/model.go) so
empty values are omitted from JSON output; update the tag strings to include
`omitempty` (e.g., `json:"author,omitempty"`) for each named field and run tests
(including TestInfoJsonMarshal) to ensure compatibility.
In `@pkg/protocols/http/http.go`:
- Line 70: The JSON struct tags for the AttackType, Method, and Signature fields
are missing the omitempty option (while their YAML tags include it), causing
inconsistent serialization; update the struct field tags for AttackType
(generators.AttackTypeHolder), Method, and Signature to include `omitempty` in
their `json:"..."` tags so JSON omits empty values just like YAML—locate the
fields by name in the struct and add `omitempty` to each corresponding json tag.
In `@pkg/workflows/workflows.go`:
- Line 33: The Tags struct tag lost `omitempty`, which changes JSON output by
emitting empty values and may break clients; restore `omitempty` in the Tags
field tag (the Tags field on the struct named Tags stringslice.StringSlice)
unless this API change is intentional, or else add versioned documentation to
mark the breaking change; after updating the struct tag, run go fmt ./... and go
vet ./... to ensure formatting and static analysis pass.
---
Outside diff comments:
In `@pkg/js/devtools/tsgen/scrape.go`:
- Around line 49-55: Remove the redundant self-assignments that shadow the loop
variable in the range loops: delete the unnecessary "field := field" inside the
loop iterating namedStruct.Fields() in pkg/js/devtools/tsgen/scrape.go (the loop
that calls recursiveScrapeType(nil, fieldName, field.Type(), d)) and the similar
redundant "field := field" at the other occurrence in
pkg/js/devtools/bindgen/generator.go around line 400; rely on Go's per-iteration
scoped loop variable and keep using field.Name(), field.Exported(), and
field.Type() directly.
In `@pkg/js/libs/rsync/memo.rsync.go`:
- Line 1: The memogen generator template still emits interface{} for the
Memoizer.Do callback return type; update the template (cmd/memogen/function.tpl)
so the generated line uses (any, error) instead of (interface{}, error): change
the anonymous function signature in the emitted code where you produce "v, err,
_ := protocolstate.Memoizer.Do(hash, func() (... ) {" to return (any, error),
ensuring generated files no longer revert to interface{} for the Memoizer.Do
callback.
In `@pkg/protocols/common/generators/options.go`:
- Line 12: Update the stale type spelling in the inline comment for the sync.Map
variable: change the comment on optionsPayloadMap (currently "//
map[*types.Options]map[string]interface{}") to use the new alias "//
map[*types.Options]map[string]any" so the annotation matches the migrated type
naming; locate the variable optionsPayloadMap declared with sync.Map and replace
only the comment text accordingly.
In `@pkg/reporting/trackers/jira/jira.go`:
- Around line 282-309: The loop that processes i.options.CustomFields currently
asserts value.(map[any]any) which will fail for typical JSON/YAML unmarshalling
(map[string]any); update the handling in the block that builds customFields so
it accepts both map[string]any and map[any]any (or normalizes the map) before
iterating: detect the concrete type, convert keys to string as needed, then
iterate nestedName/nestedValue and call i.evaluateCustomFieldValue as before,
preserving the existing switch cases for "id"/"name"/"freeform" and fallback
behavior; reference the same variables and functions (i.options.CustomFields,
customFields, nestedName, nestedValue, i.evaluateCustomFieldValue) so the change
is localized and avoids silently skipping JSON/YAML-provided custom fields.
In `@pkg/tmplexec/flow/vm.go`:
- Around line 58-71: The "log" template function (Name: "log", FuncDecl) claims
to write to stdout but currently uses gologger.DefaultLogger.Print(), which
outputs to stderr; update the implementation to use
gologger.DefaultLogger.Silent() for all branches (string, map[string]any,
default) so logs go to stdout, or alternatively change the Description text to
indicate stderr if you intend to keep Print(); ensure every call site inside the
FuncDecl is changed consistently (replace Print() calls) and keep the aurora and
vardump usage the same.
In `@pkg/utils/insertion_ordered_map.go`:
- Around line 36-59: UnmarshalYAML and UnmarshalJSON reinitialize
insertionOrderedStringMap.values but don't reset the keys slice, causing old
keys to persist and produce duplicates; update both methods (UnmarshalYAML and
UnmarshalJSON on InsertionOrderedStringMap) to reset
insertionOrderedStringMap.keys (e.g., assign nil or make([]string,0)) before
calling Set so the ordering is rebuilt from the unmarshalled data.
---
Duplicate comments:
In `@pkg/js/devtools/tsgen/scrape.go`:
- Around line 120-125: The loop over t.Fields() is using "for field := range
t.Fields()" which iterates indices (and then shadows the variable with "field :=
field"); change it to iterate values with "for _, field := range t.Fields()" and
remove the redundant shadowing so calls to field.Name() and field.Type() in
recursiveScrapeType(nil, field.Name(), field.Type(), nestedExtObject) use the
actual field value; keep the Exported() check as-is.
In `@pkg/protocols/headless/operators_test.go`:
- Around line 173-175: Duplicate modernization: the test assigns data =
map[string]any{"data": invalidJSON} but this should match the earlier type used
at lines 34–36; update the assignment for the variable data to use the same type
as the earlier declaration (e.g., map[string]interface{} if that is used
previously) so the test is consistent with the existing type usage for variable
names data and invalidJSON in operators_test.go.
- Around line 482-484: This is a duplicate modernization: the local variable
data := map[string]any{"data": htmlContent} repeats the same type change already
applied earlier; remove this redundant declaration and reuse the previously
declared variable or the earlier typed pattern, or revert this duplicate to
match the original type usage so there's only one consistent modernization for
the variable named data (refer to the data variable and htmlContent in
operators_test.go to locate the duplicated change).
- Around line 216-218: The map modernization for the local variable "data" is a
duplicate of an earlier change; revert or remove this duplicate by restoring the
original type usage where "data" is defined (either remove this second
declaration and reuse the earlier "data" variable or change it back from
map[string]any to the original map type used elsewhere, referencing the "data"
variable and "htmlContent" to locate the code). Ensure only the single intended
modernization remains to avoid redundant edits.
- Around line 294-298: The map literal for variable data uses map[string]any
which is a duplicate of an earlier modernization change; update this declaration
to use the same map type used at the earlier occurrence (lines 34–36) for
consistency—i.e., change the type of data from map[string]any to the identical
type alias used previously in this file (matching the other declarations that
reference htmlContent and jsonContent).
- Around line 368-370: The test uses a duplicate type modernization for the
local variable "data"; replace the current map[string]any literal with the same
type used earlier in this file (use map[string]interface{} for the "data"
variable constructed from "jsonContent") so the test's type style is consistent
with the earlier declaration around lines 34–36; update the "data" assignment
accordingly.
- Around line 250-254: The map literal creating variable "data" is a duplicate
of the earlier type-modernization; remove this redundant declaration and either
reuse the previously declared "data" variable or rename/merge this usage so you
don't shadow or redefine it. Locate the "data" map literal in operators_test.go
and align it with the earlier modernization pattern (use the same map type and
single declaration) to eliminate the duplicate.
- Around line 107-109: The test declares data with map[string]any which
duplicates a previous type-modernization; make this declaration consistent with
the earlier change (lines 34–36) by using the same type as used there—e.g.,
change the data := map[string]any{ "data": jsonContent } to use
map[string]interface{} (or to map[string]any if the earlier lines use any) so
the variable name data and its use of jsonContent match the project's chosen
type convention.
In `@pkg/workflows/workflows.go`:
- Line 55: The struct field Name (type stringslice.StringSlice) lost the
`omitempty` JSON tag which changes serialization behavior and can break
compatibility; either restore the original `json:"name,omitempty"` tag on the
Name field in workflows.go to preserve previous behavior or explicitly document
and update callers/tests if the intent is to remove `omitempty`. Locate the Name
field declaration (Name stringslice.StringSlice) and revert/add the `omitempty`
in the json struct tag to match how Tags was handled or confirm the intentional
change and update changelog/tests accordingly.
---
Nitpick comments:
In `@internal/runner/runner.go`:
- Line 987: Update the stale doc comment that still mentions "interface{}" to
use "any" to match the changed parameter type; locate the comment above the
function in internal/runner/runner.go (the comment at line ~987) that explains
the parameter must be "a pointer to a struct or a struct" and replace
"interface{}" with "any" while preserving the rest of the description so it
accurately documents the function signature that now accepts any.
In `@pkg/fuzz/dataformat/json.go`:
- Around line 14-16: Update the stale TODO comment above the JSON struct: change
the textual reference from "map[string]interface{}" to "map[string]any" so the
comment matches the types used in this file and the codebase; locate the comment
near the JSON struct declaration (type JSON struct{}) and edit the comment text
only—no code changes required.
In `@pkg/js/compiler/pool.go`:
- Line 232: The boolean expression using reflect.Kind checks (e.g., the
condition "if kind == reflect.Struct || kind == reflect.Pointer &&
reflect.ValueOf(value).Elem().Kind() == reflect.Struct") relies on && binding
tighter than ||; make the precedence explicit by adding parentheses around the
pointer case like "(kind == reflect.Pointer && ...)" so the intention is clear,
and apply the same parenthesization to the analogous conditions around lines
247-248 (search for the similar reflect.Kind checks in the same function in
pkg/js/compiler/pool.go) to improve readability.
In `@pkg/protocols/common/helpers/responsehighlighter/hexdump.go`:
- Around line 35-40: The String method of HighlightableHexDump currently
concatenates per-iteration with "+", causing temporary allocations; change the
loop in HighlightableHexDump.String() to write each piece directly into the
strings.Builder (e.g., call result.WriteString(hexDump.index[i]),
result.WriteString(hexDump.hex[i]), result.WriteByte('|'),
result.WriteString(hexDump.ascii[i]), result.WriteString("|\n") in sequence) and
optionally call result.Grow(...) before the loop to preallocate capacity based
on hexDump.len() to avoid per-iteration allocations.
In `@pkg/protocols/http/signer/signer.go`:
- Line 51: Remove the stale commented declaration "// type ctxkey string" from
signer.go; locate the commented line (the unused ctxkey identifier) near the top
of the file and delete it so the file no longer contains this leftover comment
from the previous refactor.
In `@pkg/reporting/trackers/linear/jsonutil/jsonutil.go`:
- Around line 200-203: The commented TODO block inside jsonutil.go still uses
the deprecated reflect.Ptr identifier (in the lines referencing v.Kind() ==
reflect.Ptr and reflect.New), so update or remove the comment to avoid
misleading future uncommenting: either change reflect.Ptr to the current name
reflect.Pointer in the comment and any example code (references: v.Kind(),
v.IsNil(), v.Set(reflect.New(v.Type().Elem()))), or delete the commented block
entirely if it’s stale; if you keep it, also update the TODO to state the exact
behavior to test (initializing nil pointers via reflect.Pointer/new) so it won’t
reintroduce the deprecated symbol.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (216)
cmd/integration-test/exporters.gocmd/integration-test/http.gocmd/integration-test/integration-test.gocmd/integration-test/javascript.gocmd/nuclei/main.gocmd/tmc/main.gocmd/tmc/types.gointernal/colorizer/colorizer.gointernal/runner/lazy.gointernal/runner/options_test.gointernal/runner/runner.gointernal/server/nuclei_sdk.gopkg/authprovider/authx/dynamic.gopkg/catalog/config/constants.gopkg/catalog/config/nucleiconfig.gopkg/catalog/config/template.gopkg/catalog/index/filter.gopkg/catalog/index/filter_test.gopkg/catalog/index/index_test.gopkg/fuzz/analyzers/analyzers.gopkg/fuzz/analyzers/time/analyzer.gopkg/fuzz/component/body.gopkg/fuzz/component/body_test.gopkg/fuzz/component/component.gopkg/fuzz/component/cookie.gopkg/fuzz/component/cookie_test.gopkg/fuzz/component/headers.gopkg/fuzz/component/headers_test.gopkg/fuzz/component/path.gopkg/fuzz/component/path_test.gopkg/fuzz/component/query.gopkg/fuzz/component/query_test.gopkg/fuzz/component/value.gopkg/fuzz/component/value_test.gopkg/fuzz/dataformat/dataformat_test.gopkg/fuzz/dataformat/json.gopkg/fuzz/dataformat/kv.gopkg/fuzz/dataformat/multipart.gopkg/fuzz/dataformat/multipart_test.gopkg/fuzz/dataformat/raw.gopkg/fuzz/execute.gopkg/fuzz/execute_race_test.gopkg/fuzz/fuzz.gopkg/fuzz/fuzz_test.gopkg/fuzz/parts.gopkg/fuzz/stats/simple.gopkg/fuzz/type.gopkg/input/formats/formats.gopkg/input/formats/openapi/downloader.gopkg/input/formats/openapi/downloader_test.gopkg/input/formats/openapi/examples.gopkg/input/formats/openapi/generator.gopkg/input/formats/swagger/downloader.gopkg/input/formats/swagger/downloader_test.gopkg/input/formats/yaml/multidoc_test.gopkg/input/formats/yaml/ytt.gopkg/input/provider/interface.gopkg/input/types/http.gopkg/installer/template.gopkg/js/compiler/compiler.gopkg/js/compiler/pool.gopkg/js/devtools/bindgen/generator.gopkg/js/devtools/bindgen/output.gopkg/js/devtools/tsgen/astutil.gopkg/js/devtools/tsgen/parser.gopkg/js/devtools/tsgen/scrape.gopkg/js/global/scripts.gopkg/js/gojs/gojs.gopkg/js/gojs/set.gopkg/js/libs/ldap/utils.gopkg/js/libs/mssql/memo.mssql.gopkg/js/libs/mysql/memo.mysql.gopkg/js/libs/mysql/memo.mysql_private.gopkg/js/libs/mysql/mysql.gopkg/js/libs/net/net.gopkg/js/libs/oracle/memo.oracle.gopkg/js/libs/pop3/memo.pop3.gopkg/js/libs/postgres/memo.postgres.gopkg/js/libs/rdp/memo.rdp.gopkg/js/libs/redis/memo.redis.gopkg/js/libs/redis/redis.gopkg/js/libs/rsync/memo.rsync.gopkg/js/libs/smb/memo.smb.gopkg/js/libs/smb/memo.smb_private.gopkg/js/libs/smb/memo.smbghost.gopkg/js/libs/ssh/memo.ssh.gopkg/js/libs/structs/structs.gopkg/js/libs/telnet/memo.telnet.gopkg/js/libs/vnc/memo.vnc.gopkg/js/utils/nucleijs.gopkg/js/utils/util.gopkg/model/model.gopkg/model/model_test.gopkg/model/types/severity/severities.gopkg/model/types/severity/severity.gopkg/model/types/severity/severity_test.gopkg/model/types/stringslice/stringslice.gopkg/model/types/stringslice/stringslice_raw.gopkg/model/types/userAgent/user_agent.gopkg/operators/cache/cache_test.gopkg/operators/common/dsl/dsl.gopkg/operators/common/dsl/dsl_test.gopkg/operators/extractors/extract.gopkg/operators/extractors/extract_test.gopkg/operators/extractors/extractor_types.gopkg/operators/matchers/match.gopkg/operators/matchers/match_test.gopkg/operators/matchers/matchers_types.gopkg/operators/matchers/validate.gopkg/operators/operators.gopkg/operators/operators_test.gopkg/output/output.gopkg/progress/progress.gopkg/projectfile/httputil.gopkg/protocols/code/code.gopkg/protocols/common/contextargs/contextargs.gopkg/protocols/common/contextargs/variables.gopkg/protocols/common/expressions/expressions.gopkg/protocols/common/expressions/expressions_test.gopkg/protocols/common/expressions/variables.gopkg/protocols/common/generators/attack_types.gopkg/protocols/common/generators/env.gopkg/protocols/common/generators/generators.gopkg/protocols/common/generators/generators_test.gopkg/protocols/common/generators/load.gopkg/protocols/common/generators/load_test.gopkg/protocols/common/generators/maps.gopkg/protocols/common/generators/maps_bench_test.gopkg/protocols/common/generators/maps_test.gopkg/protocols/common/generators/options.gopkg/protocols/common/generators/options_test.gopkg/protocols/common/generators/slice.gopkg/protocols/common/generators/validate.gopkg/protocols/common/helpers/responsehighlighter/hexdump.gopkg/protocols/common/hosterrorscache/hosterrorscache_test.gopkg/protocols/common/interactsh/interactsh.gopkg/protocols/common/protocolstate/headless.gopkg/protocols/common/protocolstate/memguardian_test.gopkg/protocols/common/replacer/replacer.gopkg/protocols/common/replacer/replacer_test.gopkg/protocols/common/uncover/uncover.gopkg/protocols/common/variables/variables.gopkg/protocols/common/variables/variables_bench_test.gopkg/protocols/common/variables/variables_test.gopkg/protocols/dns/dns.gopkg/protocols/dns/dns_test.gopkg/protocols/dns/dns_types.gopkg/protocols/dns/operators.gopkg/protocols/dns/request.gopkg/protocols/file/operators.gopkg/protocols/headless/engine/action_types.gopkg/protocols/headless/engine/page.gopkg/protocols/headless/engine/util.gopkg/protocols/headless/headless.gopkg/protocols/headless/operators.gopkg/protocols/headless/operators_test.gopkg/protocols/headless/request.gopkg/protocols/http/build_request.gopkg/protocols/http/build_request_test.gopkg/protocols/http/http.gopkg/protocols/http/http_method_types.gopkg/protocols/http/http_test.gopkg/protocols/http/httputils/misc.gopkg/protocols/http/operators.gopkg/protocols/http/operators_test.gopkg/protocols/http/request.gopkg/protocols/http/request_fuzz.gopkg/protocols/http/request_generator.gopkg/protocols/http/request_generator_test.gopkg/protocols/http/request_test.gopkg/protocols/http/signature.gopkg/protocols/http/signer/aws-sign.gopkg/protocols/http/signer/signer.gopkg/protocols/javascript/js.gopkg/protocols/network/network.gopkg/protocols/network/network_input_types.gopkg/protocols/network/operators.gopkg/protocols/network/request.gopkg/protocols/network/request_test.gopkg/protocols/offlinehttp/operators.gopkg/protocols/offlinehttp/operators_test.gopkg/protocols/protocols.gopkg/protocols/ssl/ssl.gopkg/protocols/utils/variables.gopkg/protocols/utils/variables_test.gopkg/protocols/websocket/websocket.gopkg/protocols/whois/whois.gopkg/reporting/exporters/sarif/sarif.gopkg/reporting/format/format_utils.gopkg/reporting/format/format_utils_test.gopkg/reporting/trackers/jira/jira.gopkg/reporting/trackers/linear/jsonutil/jsonutil.gopkg/reporting/trackers/linear/linear.gopkg/scan/charts/echarts.gopkg/templates/cluster.gopkg/templates/compile.gopkg/templates/preprocessors.gopkg/templates/tag_filter.gopkg/templates/tag_filter_test.gopkg/templates/templates.gopkg/templates/types/types.gopkg/testutils/fuzzplayground/server.gopkg/testutils/integration.gopkg/tmplexec/flow/builtin/dedupe.gopkg/tmplexec/flow/flow_executor.gopkg/tmplexec/flow/util.gopkg/tmplexec/flow/vm.gopkg/tmplexec/generic/exec.gopkg/tmplexec/multiproto/multi.gopkg/types/interfaces.gopkg/utils/insertion_ordered_map.gopkg/utils/insertion_ordered_map_test.gopkg/utils/telnetmini/telnet.gopkg/utils/utils.gopkg/utils/yaml/yaml_decode_wrapper.gopkg/workflows/workflows.go
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
pkg/protocols/headless/engine/rules.go (1)
129-129: Optional: inline the"HTTP/1.1"literal into the format string.Passing a compile-time constant as a
%sargument is a residual artifact of the mechanical linter fix. Embedding it directly is cleaner.♻️ Suggested simplification
- fmt.Fprintf(&rawReq, "%s %s %s\n", e.Request.Method, e.Request.URL, "HTTP/1.1") + fmt.Fprintf(&rawReq, "%s %s HTTP/1.1\n", e.Request.Method, e.Request.URL)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/protocols/headless/engine/rules.go` at line 129, The format call to fmt.Fprintf in rules.go passes the compile-time constant "HTTP/1.1" as a %s argument; simplify by inlining that literal into the format string so the call becomes a two-argument format for e.Request.Method and e.Request.URL (i.e., update the fmt.Fprintf invocation that references e.Request.Method and e.Request.URL to include HTTP/1.1 directly in the format string).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@pkg/protocols/headless/engine/rules.go`:
- Line 129: The format call to fmt.Fprintf in rules.go passes the compile-time
constant "HTTP/1.1" as a %s argument; simplify by inlining that literal into the
format string so the call becomes a two-argument format for e.Request.Method and
e.Request.URL (i.e., update the fmt.Fprintf invocation that references
e.Request.Method and e.Request.URL to include HTTP/1.1 directly in the format
string).
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (11)
internal/runner/healthcheck.golib/sdk_private.gopkg/fuzz/analyzers/time/time_delay.gopkg/js/devtools/scrapefuncs/main.gopkg/js/devtools/tsgen/cmd/tsgen/main.gopkg/js/libs/ldap/utils.gopkg/js/libs/mysql/mysql_private.gopkg/protocols/common/helpers/responsehighlighter/hexdump.gopkg/protocols/headless/engine/rules.gopkg/reporting/reporting.gopkg/utils/utils.go
✅ Files skipped from review due to trivial changes (1)
- pkg/fuzz/analyzers/time/time_delay.go
🚧 Files skipped from review as they are similar to previous changes (2)
- pkg/protocols/common/helpers/responsehighlighter/hexdump.go
- pkg/js/libs/ldap/utils.go
dogancanbakir
approved these changes
Feb 26, 2026
Member
|
@neo-by-projectdiscovery-dev create an issue to track failing tests |
Signed-off-by: Dwi Siswanto <git@dw1.io>
dwisiswant0
force-pushed
the
dwisiswant0/chore/go-fix
branch
from
659a452 to
c27c474
Compare
4 tasks
Drop global Chrome process sweeping from browser shutdown. The `previousPIDs` snapshot + delta kill logic is unsafe on shared/parallel runners: a test can classify another test's Chrome as "new" and kill it during `(*Browser).Close()`, triggering intermittent Rod panics (use of closed network connection). Signed-off-by: Dwi Siswanto <git@dw1.io>
Member
Author
|
@coderabbitai resolve |
Contributor
✅ Actions performedComments resolved. Auto-approval is disabled; enable |
dogancanbakir
approved these changes
Mar 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes
Run
golangci-lint run --fix ./...(from go1.26.0)Proof
This is verifiable through GolangCI Lint action.
As of
projectdiscovery/actions/golangci-lint/v2usesgolangci/golangci-lint-action@v8and it uses golangci-lint >= v2.9.0 (analyzer bump), hence the adjustment is requried.Checklist
Summary by CodeRabbit
Relates to #7047