From 95a72cfd50758d70b359177d26875a3362da709f Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sat, 27 Sep 2025 13:34:28 +0700 Subject: [PATCH 1/6] fix(templates): suppress warn code flag not found on validate. fixes #6498 Signed-off-by: Dwi Siswanto --- pkg/templates/workflows.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/templates/workflows.go b/pkg/templates/workflows.go index 50029af18..2f1881cbe 100644 --- a/pkg/templates/workflows.go +++ b/pkg/templates/workflows.go @@ -94,7 +94,14 @@ func parseWorkflowTemplate(workflow *workflows.WorkflowTemplate, preprocessor Pr if len(template.RequestsCode) > 0 { if !options.Options.EnableCodeTemplates { - gologger.Warning().Msgf("`-code` flag not found, skipping code template from workflow: %v\n", path) + // NOTE(dwisiswant0): It is safe to continue here during + // validation mode, because the template has already been parsed + // and syntax-validated by templates.Parse() above. It only + // prevents adding to workflow's executer list and suppresses + // warning messages. + if !options.Options.Validate { + gologger.Warning().Msgf("`-code` flag not found, skipping code template from workflow: %v\n", path) + } continue } else if !template.Verified { // unverfied code templates are not allowed in workflows From 7d450507f79e5b23f06c6f50cbcb2a7632599efe Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sat, 27 Sep 2025 15:20:45 +0700 Subject: [PATCH 2/6] feat(config): adds known misc directories and excludes em in IsTemplate func. Signed-off-by: Dwi Siswanto --- pkg/catalog/config/template.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkg/catalog/config/template.go b/pkg/catalog/config/template.go index 3d7b33de5..7dff222e7 100644 --- a/pkg/catalog/config/template.go +++ b/pkg/catalog/config/template.go @@ -12,7 +12,10 @@ import ( stringsutil "github.com/projectdiscovery/utils/strings" ) -var knownConfigFiles = []string{"cves.json", "contributors.json", "TEMPLATES-STATS.json"} +var ( + knownConfigFiles = []string{"cves.json", "contributors.json", "TEMPLATES-STATS.json"} + knownMiscDirectories = []string{".git/", ".github/", "helpers/"} +) // TemplateFormat type TemplateFormat uint8 @@ -47,6 +50,11 @@ func IsTemplate(filename string) bool { if stringsutil.ContainsAny(filename, knownConfigFiles...) { return false } + + if stringsutil.ContainsAny(filename, knownMiscDirectories...) { + return false + } + return stringsutil.EqualFoldAny(filepath.Ext(filename), GetSupportTemplateFileExtensions()...) } From ca11a2fad6382930d2d568230b4e3bf9588d72b1 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sat, 27 Sep 2025 15:21:21 +0700 Subject: [PATCH 3/6] fix(disk): uses `config.IsTemplate` instead fixes #6499 Signed-off-by: Dwi Siswanto --- pkg/catalog/disk/find.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/catalog/disk/find.go b/pkg/catalog/disk/find.go index 7a70c1bc1..0a89ba54c 100644 --- a/pkg/catalog/disk/find.go +++ b/pkg/catalog/disk/find.go @@ -257,7 +257,7 @@ func (c *DiskCatalog) findDirectoryMatches(absPath string, processed map[string] if err != nil { return nil } - if !d.IsDir() && config.GetTemplateFormatFromExt(path) != config.Unknown { + if !d.IsDir() && config.IsTemplate(path) { if _, ok := processed[path]; !ok { results = append(results, path) processed[path] = struct{}{} @@ -281,7 +281,7 @@ func (c *DiskCatalog) findDirectoryMatches(absPath string, processed map[string] if err != nil { return nil } - if !d.IsDir() && config.GetTemplateFormatFromExt(path) != config.Unknown { + if !d.IsDir() && config.IsTemplate(path) { if _, ok := processed[path]; !ok { results = append(results, path) processed[path] = struct{}{} From 3ef581c5e8c2ce23de283f2d070f442a6136c862 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sat, 27 Sep 2025 15:25:25 +0700 Subject: [PATCH 4/6] chore(make): rm unnecessary flag on template-validate Signed-off-by: Dwi Siswanto --- Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Makefile b/Makefile index bfb0b5a64..d0d995bfc 100644 --- a/Makefile +++ b/Makefile @@ -147,8 +147,6 @@ template-validate: build template-validate: ./bin/nuclei -ut ./bin/nuclei -validate \ - -et .github/ \ - -et helpers/payloads/ \ -et http/technologies \ -t dns \ -t ssl \ @@ -157,7 +155,5 @@ template-validate: -ept code ./bin/nuclei -validate \ -w workflows \ - -et .github/ \ - -et helpers/payloads/ \ -et http/technologies \ -ept code \ No newline at end of file From b5291250311d9f373c8fb9975ce350b5288f27c7 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sat, 27 Sep 2025 16:02:12 +0700 Subject: [PATCH 5/6] refactor(confif): update known misc dirs & improve IsTemplate func Signed-off-by: Dwi Siswanto --- pkg/catalog/config/template.go | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/pkg/catalog/config/template.go b/pkg/catalog/config/template.go index 7dff222e7..7e8296849 100644 --- a/pkg/catalog/config/template.go +++ b/pkg/catalog/config/template.go @@ -14,7 +14,7 @@ import ( var ( knownConfigFiles = []string{"cves.json", "contributors.json", "TEMPLATES-STATS.json"} - knownMiscDirectories = []string{".git/", ".github/", "helpers/"} + knownMiscDirectories = []string{".git", ".github", "helpers"} ) // TemplateFormat @@ -26,6 +26,20 @@ const ( Unknown ) +// GetKnownConfigFiles returns known config files +func GetKnownConfigFiles() []string { + return knownConfigFiles +} + +func GetKnownMiscDirectories() []string { + trailedSlashDirs := make([]string, 0, len(knownMiscDirectories)) + for _, dir := range knownMiscDirectories { + trailedSlashDirs = append(trailedSlashDirs, dir+string(os.PathSeparator)) + } + + return trailedSlashDirs +} + // GetTemplateFormatFromExt returns template format func GetTemplateFormatFromExt(filePath string) TemplateFormat { fileExt := strings.ToLower(filepath.Ext(filePath)) @@ -44,18 +58,21 @@ func GetSupportTemplateFileExtensions() []string { return []string{extensions.YAML, extensions.JSON} } -// IsTemplate is a callback function used by goflags to decide if given file should be read -// if it is not a nuclei-template file only then file is read -func IsTemplate(filename string) bool { - if stringsutil.ContainsAny(filename, knownConfigFiles...) { +// IsTemplate returns true if the file is a template based on its path. +// It used by goflags and other places to filter out non-template files. +func IsTemplate(fpath string) bool { + fname := filepath.Base(fpath) + fext := strings.ToLower(filepath.Ext(fpath)) + + if stringsutil.ContainsAny(fname, GetKnownConfigFiles()...) { return false } - if stringsutil.ContainsAny(filename, knownMiscDirectories...) { + if stringsutil.ContainsAny(fpath, GetKnownMiscDirectories()...) { return false } - return stringsutil.EqualFoldAny(filepath.Ext(filename), GetSupportTemplateFileExtensions()...) + return stringsutil.EqualFoldAny(fext, GetSupportTemplateFileExtensions()...) } type template struct { From c903da3a0c89d4301fd19cd202458881742a5006 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 30 Sep 2025 00:40:47 +0700 Subject: [PATCH 6/6] fix(config): normalize `fpath` in `IsTemplate` * normalize file `fpath` in `IsTemplate` using filepath.FromSlash to ensure consistent matching across platforms. * update `GetKnownMiscDirectories` docs to clarify that trailing slashes prevent false positives, since `IsTemplate` compares against normalized full paths. Signed-off-by: Dwi Siswanto --- pkg/catalog/config/template.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/catalog/config/template.go b/pkg/catalog/config/template.go index 7e8296849..2f7999184 100644 --- a/pkg/catalog/config/template.go +++ b/pkg/catalog/config/template.go @@ -26,11 +26,16 @@ const ( Unknown ) -// GetKnownConfigFiles returns known config files +// GetKnownConfigFiles returns known config files. func GetKnownConfigFiles() []string { return knownConfigFiles } +// GetKnownMiscDirectories returns known misc directories with trailing slashes. +// +// The trailing slash ensures that directory matching is explicit and avoids +// falsely match files with similar names (e.g. "helpers" matching +// "some-helpers.yaml"), since [IsTemplate] checks against normalized full paths. func GetKnownMiscDirectories() []string { trailedSlashDirs := make([]string, 0, len(knownMiscDirectories)) for _, dir := range knownMiscDirectories { @@ -61,6 +66,7 @@ func GetSupportTemplateFileExtensions() []string { // IsTemplate returns true if the file is a template based on its path. // It used by goflags and other places to filter out non-template files. func IsTemplate(fpath string) bool { + fpath = filepath.FromSlash(fpath) fname := filepath.Base(fpath) fext := strings.ToLower(filepath.Ext(fpath))