From 0b5b86eedd23ebd4c11308623497fca133335ee3 Mon Sep 17 00:00:00 2001 From: Mzack9999 Date: Wed, 20 May 2026 01:20:43 +0200 Subject: [PATCH 1/3] add wappalyzer() DSL function --- dsl.go | 2 + dsl_test.go | 1 + go.mod | 18 +++--- go.sum | 14 +++++ wappalyzer.go | 127 ++++++++++++++++++++++++++++++++++++++ wappalyzer_test.go | 151 +++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 304 insertions(+), 9 deletions(-) create mode 100644 wappalyzer.go create mode 100644 wappalyzer_test.go diff --git a/dsl.go b/dsl.go index 6eaf631..a876046 100644 --- a/dsl.go +++ b/dsl.go @@ -1634,6 +1634,8 @@ func init() { }), ) + registerWappalyzerFunction() + DefaultHelperFunctions = HelperFunctions() FunctionNames = GetFunctionNames(DefaultHelperFunctions) } diff --git a/dsl_test.go b/dsl_test.go index 4429357..2403628 100644 --- a/dsl_test.go +++ b/dsl_test.go @@ -332,6 +332,7 @@ func TestGetPrintableDslFunctionSignatures(t *testing.T) { url_decode(arg1 interface{}) interface{} url_encode(s string, optionalEncodeAllSpecialChars bool) string wait_for(seconds uint) + wappalyzer(headers, body string) []string xor(args ...interface{}) interface{} zip(file_entry string, content string, ... ) []byte zlib(arg1 interface{}) interface{} diff --git a/go.mod b/go.mod index 205f28f..92eef4a 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/projectdiscovery/dsl -go 1.24.1 - -toolchain go1.24.2 +go 1.25.0 require ( github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057 @@ -24,9 +22,11 @@ require ( github.com/stretchr/testify v1.11.1 github.com/vulncheck-oss/go-exploit v1.51.0 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b - golang.org/x/text v0.32.0 + golang.org/x/text v0.36.0 ) +require github.com/projectdiscovery/wappalyzergo v0.2.81 // indirect + require ( github.com/STARRY-S/zip v0.2.3 // indirect github.com/andybalholm/brotli v1.2.0 // indirect @@ -67,10 +67,10 @@ require ( github.com/xdg-go/pbkdf2 v1.0.0 // indirect go.uber.org/multierr v1.11.0 // indirect go4.org v0.0.0-20230225012048-214862532bf5 // indirect - golang.org/x/mod v0.30.0 // indirect - golang.org/x/net v0.48.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.41.0 // indirect - golang.org/x/tools v0.39.0 // indirect + golang.org/x/mod v0.34.0 // indirect + golang.org/x/net v0.53.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/tools v0.43.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 52b1c75..2cd9e1c 100644 --- a/go.sum +++ b/go.sum @@ -164,6 +164,8 @@ github.com/projectdiscovery/mapcidr v1.1.97 h1:7FkxNNVXp+m1rIu5Nv/2SrF9k4+LwP8Qu github.com/projectdiscovery/mapcidr v1.1.97/go.mod h1:9dgTJh1SP02gYZdpzMjm6vtYFkEHQHoTyaVNvaeJ7lA= github.com/projectdiscovery/utils v0.11.0 h1:CxImZSRyj9spy1wpB9HKJopr5MsIPm2r5iS8uyhAMoQ= github.com/projectdiscovery/utils v0.11.0/go.mod h1:q2mZngH1s4WDO3knYxG7iyP1KcxoRSORJCWSpCKFc1s= +github.com/projectdiscovery/wappalyzergo v0.2.81 h1:E+lOy8Xhb5ALEGrXFq64dgbkoVa0JWJw7nU6+yGnAz0= +github.com/projectdiscovery/wappalyzergo v0.2.81/go.mod h1:qMRkcU6PkpfglNpvddSztt+1GxdSeOB0jVjzbK17veU= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= @@ -256,6 +258,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= +golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -276,6 +280,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -291,6 +297,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -316,6 +324,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -328,6 +338,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -358,6 +370,8 @@ golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= +golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/wappalyzer.go b/wappalyzer.go new file mode 100644 index 0000000..03602c4 --- /dev/null +++ b/wappalyzer.go @@ -0,0 +1,127 @@ +package dsl + +import ( + "bufio" + "errors" + "fmt" + "net/textproto" + "sort" + "strings" + "sync" + + wappalyzer "github.com/projectdiscovery/wappalyzergo" +) + +// Lazy singleton: wappalyzergo loads its embedded fingerprint database on +// construction and is safe for concurrent reads thereafter. Initializing +// on first use keeps the cost off the import path for callers that never +// touch the wappalyzer helper. +var ( + wappalyzerOnce sync.Once + wappalyzerInstance *wappalyzer.Wappalyze + wappalyzerInitErr error +) + +func getWappalyzer() (*wappalyzer.Wappalyze, error) { + wappalyzerOnce.Do(func() { + wappalyzerInstance, wappalyzerInitErr = wappalyzer.New() + }) + return wappalyzerInstance, wappalyzerInitErr +} + +// parseHeadersForWappalyzer turns a raw HTTP header block into the +// map[string][]string shape wappalyzergo wants. It accepts the textual +// form template authors typically have on hand (the contents of nuclei's +// {{header}} variable). Header names are kept as written - wappalyzergo +// lowercases them internally. +func parseHeadersForWappalyzer(raw string) (map[string][]string, error) { + raw = strings.TrimLeft(raw, "\r\n") + if raw == "" { + return map[string][]string{}, nil + } + if !strings.HasSuffix(raw, "\r\n\r\n") { + if !strings.HasSuffix(raw, "\r\n") { + raw += "\r\n" + } + raw += "\r\n" + } + tp := textproto.NewReader(bufio.NewReader(strings.NewReader(raw))) + mh, err := tp.ReadMIMEHeader() + if err != nil { + return nil, fmt.Errorf("invalid header block: %w", err) + } + return mh, nil +} + +func toHeadersAndBody(args []interface{}) (map[string][]string, []byte, error) { + if len(args) != 2 { + return nil, nil, ErrInvalidDslFunction + } + var headerRaw string + switch v := args[0].(type) { + case string: + headerRaw = v + case []byte: + headerRaw = string(v) + case nil: + default: + return nil, nil, errors.New("first argument (headers) must be a string") + } + var body []byte + switch v := args[1].(type) { + case string: + body = []byte(v) + case []byte: + body = v + case nil: + default: + return nil, nil, errors.New("second argument (body) must be a string or bytes") + } + headers, err := parseHeadersForWappalyzer(headerRaw) + if err != nil { + return nil, nil, err + } + return headers, body, nil +} + +// fingerprintsAsSortedSlice returns the technology names in a stable +// alphabetical order so that callers (and the DSL result cache) see a +// deterministic value for identical inputs. +func fingerprintsAsSortedSlice(m map[string]struct{}) []string { + out := make([]string, 0, len(m)) + for k := range m { + out = append(out, k) + } + sort.Strings(out) + return out +} + +// registerWappalyzerFunction installs the wappalyzer(headers, body) +// helper. It is called from dsl.go's init so the function is present +// before DefaultHelperFunctions is materialized. +// +// wappalyzer(headers, body) []string +// +// Runs wappalyzergo's fingerprint engine against the provided +// response headers and body and returns the detected technology +// names. headers may be the raw HTTP header block as a string (the +// most common form in nuclei templates) or a pre-built byte slice +// with the same content. +func registerWappalyzerFunction() { + MustAddFunction(NewWithSingleSignature( + "wappalyzer", + "(headers, body string) []string", + true, + func(args ...interface{}) (interface{}, error) { + headers, body, err := toHeadersAndBody(args) + if err != nil { + return nil, err + } + w, err := getWappalyzer() + if err != nil { + return nil, fmt.Errorf("wappalyzer init: %w", err) + } + return fingerprintsAsSortedSlice(w.Fingerprint(headers, body)), nil + }, + )) +} diff --git a/wappalyzer_test.go b/wappalyzer_test.go new file mode 100644 index 0000000..f762651 --- /dev/null +++ b/wappalyzer_test.go @@ -0,0 +1,151 @@ +package dsl + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +// callWappalyzer invokes the registered "wappalyzer" DSL helper and +// returns the sorted slice of detected technology names. +func callWappalyzer(t *testing.T, headers, body string) []string { + t.Helper() + fn, ok := DefaultHelperFunctions["wappalyzer"] + require.True(t, ok, "wappalyzer DSL function must be registered") + got, err := fn(headers, body) + require.NoError(t, err) + techs, ok := got.([]string) + require.True(t, ok, "wappalyzer must return []string, got %T", got) + return techs +} + +// TestWappalyzerRegistered pins the function's public surface so a +// rename/regression is caught before consumers do. +func TestWappalyzerRegistered(t *testing.T) { + require.Contains(t, FunctionNames, "wappalyzer") + _, ok := DefaultHelperFunctions["wappalyzer"] + require.True(t, ok) +} + +// TestWappalyzerDetectsNginx covers the most basic header-only match. +// The Server response header is the canonical wappalyzergo trigger for +// nginx detection. +func TestWappalyzerDetectsNginx(t *testing.T) { + techs := callWappalyzer(t, "Server: nginx/1.25.3\r\n", "") + require.Contains(t, techs, "Nginx:1.25.3") +} + +// TestWappalyzerDetectsFromBody confirms the body path also feeds the +// fingerprint engine. The generator meta tag is a stable WordPress +// indicator. +func TestWappalyzerDetectsFromBody(t *testing.T) { + body := `` + techs := callWappalyzer(t, "", body) + require.NotEmpty(t, techs) + requireHasPrefix(t, techs, "WordPress") +} + +// TestWappalyzerEmptyInputs documents that no headers and no body +// produce an empty slice instead of an error, so templates can call +// the helper unconditionally without guarding against missing data. +func TestWappalyzerEmptyInputs(t *testing.T) { + techs := callWappalyzer(t, "", "") + require.Equal(t, []string{}, techs) +} + +// TestWappalyzerHeadersAcceptBytes confirms the helper accepts both +// string and []byte for both arguments, matching how nuclei substitutes +// template variables (sometimes string, sometimes raw bytes for body). +func TestWappalyzerHeadersAcceptBytes(t *testing.T) { + fn := DefaultHelperFunctions["wappalyzer"] + got, err := fn([]byte("Server: nginx\r\n"), []byte("")) + require.NoError(t, err) + require.Contains(t, got.([]string), "Nginx") +} + +// TestWappalyzerNilArgs treats nil arguments as empty input, mirroring +// the behavior of unset nuclei variables. +func TestWappalyzerNilArgs(t *testing.T) { + fn := DefaultHelperFunctions["wappalyzer"] + got, err := fn(nil, nil) + require.NoError(t, err) + require.Equal(t, []string{}, got) +} + +// TestWappalyzerRejectsWrongTypes guarantees we don't silently +// fingerprint bogus inputs (e.g. an integer where the body should be). +func TestWappalyzerRejectsWrongTypes(t *testing.T) { + fn := DefaultHelperFunctions["wappalyzer"] + _, err := fn(42, "body") + require.Error(t, err) + _, err = fn("Server: nginx\r\n", 42) + require.Error(t, err) +} + +// TestWappalyzerArgCount checks the function rejects the wrong arity. +func TestWappalyzerArgCount(t *testing.T) { + fn := DefaultHelperFunctions["wappalyzer"] + _, err := fn("Server: nginx\r\n") + require.Error(t, err) + _, err = fn("Server: nginx\r\n", "", "extra") + require.Error(t, err) +} + +// TestWappalyzerReturnsSorted pins the deterministic ordering used by +// the DSL result cache and downstream comparisons. Multiple fingerprint +// hits must come back sorted in ascending alphabetical order. +func TestWappalyzerReturnsSorted(t *testing.T) { + // Two independent fingerprints to force a non-trivial set. + headers := "Server: nginx/1.25.3\r\nX-Powered-By: PHP/8.2.0\r\n" + techs := callWappalyzer(t, headers, "") + require.Greater(t, len(techs), 1, "need at least two hits to verify ordering") + for i := 1; i < len(techs); i++ { + require.LessOrEqual(t, techs[i-1], techs[i], "expected sorted output, got %v", techs) + } +} + +// TestWappalyzerHeaderParsingTolerant covers header blocks that have or +// lack the standard "\r\n\r\n" terminator, so template authors don't +// have to think about framing. +func TestWappalyzerHeaderParsingTolerant(t *testing.T) { + for _, raw := range []string{ + "Server: nginx", + "Server: nginx\r\n", + "Server: nginx\r\n\r\n", + "\r\nServer: nginx\r\n", + } { + t.Run(raw, func(t *testing.T) { + techs := callWappalyzer(t, raw, "") + require.Contains(t, techs, "Nginx") + }) + } +} + +// TestWappalyzerInvalidHeaderBlockSurfacesError makes sure obviously +// malformed input is reported instead of silently dropped, so template +// authors get a useful signal when the header variable is corrupt. +func TestWappalyzerInvalidHeaderBlockSurfacesError(t *testing.T) { + fn := DefaultHelperFunctions["wappalyzer"] + _, err := fn("this line has no colon\r\n", "") + require.Error(t, err) +} + +// TestWappalyzerCached confirms the helper participates in the DSL +// result cache (IsCacheable: true). We can't easily inspect the cache +// from outside the package, but we can pin that repeated invocations +// with identical inputs return equal results. +func TestWappalyzerCached(t *testing.T) { + a := callWappalyzer(t, "Server: nginx/1.25.3\r\n", "") + b := callWappalyzer(t, "Server: nginx/1.25.3\r\n", "") + require.Equal(t, a, b) +} + +func requireHasPrefix(t *testing.T, techs []string, prefix string) { + t.Helper() + for _, tech := range techs { + if len(tech) >= len(prefix) && tech[:len(prefix)] == prefix { + return + } + } + t.Fatalf("expected a tech with prefix %q in %v", prefix, techs) +} From 459edf57b4f27a692cb87cb61f4a4f6541c36ddf Mon Sep 17 00:00:00 2001 From: Mzack9999 Date: Wed, 20 May 2026 01:24:53 +0200 Subject: [PATCH 2/3] ci: use golangci-lint v2 for Go 1.25 support --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 560aa09..f266d4c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/checkout@v4 - uses: projectdiscovery/actions/setup/go@v1 - - uses: projectdiscovery/actions/golangci-lint@v1 + - uses: projectdiscovery/actions/golangci-lint/v2@v1 tests: name: Test Builds From e5e7560d6310e1238276e4b8a77cdbe8ef9a1cc4 Mon Sep 17 00:00:00 2001 From: Mzack9999 Date: Wed, 20 May 2026 01:32:59 +0200 Subject: [PATCH 3/3] silence govet inline and replace WriteString(Sprintf) with Fprintf --- .golangci.yml | 11 +++++++++++ dsl.go | 2 +- dsl_benchmark_test.go | 2 +- util.go | 2 +- 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 .golangci.yml diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..7d8e306 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,11 @@ +version: "2" + +linters: + settings: + govet: + # The 'inline' analyzer (new in Go 1.25 via golang.org/x/tools) reports + # generic call sites that it cannot statically inline. maps.Clone and a + # few other generic helpers trigger this even though the code is + # correct, so we disable it until type-parameter inference is supported. + disable: + - inline diff --git a/dsl.go b/dsl.go index a876046..d8be979 100644 --- a/dsl.go +++ b/dsl.go @@ -510,7 +510,7 @@ func init() { result.WriteRune(c) } else { for _, b := range []byte(string(c)) { - result.WriteString(fmt.Sprintf("%%%02X", b)) + fmt.Fprintf(&result, "%%%02X", b) } } } diff --git a/dsl_benchmark_test.go b/dsl_benchmark_test.go index e897f5c..59cf06a 100644 --- a/dsl_benchmark_test.go +++ b/dsl_benchmark_test.go @@ -132,7 +132,7 @@ func BenchmarkDSLFunctionHash(b *testing.B) { _, _ = sb.WriteString("-") for i, arg := range args { - _, _ = sb.WriteString(fmt.Sprintf("%v", arg)) + _, _ = fmt.Fprintf(&sb, "%v", arg) if i < len(args)-1 { _, _ = sb.WriteString(",") } diff --git a/util.go b/util.go index 6fb1c38..069f397 100644 --- a/util.go +++ b/util.go @@ -373,7 +373,7 @@ func strToNumEntities(s string) string { } r := rune(escaped[i]) - result.WriteString(fmt.Sprintf("&#%d;", int(r))) + fmt.Fprintf(&result, "&#%d;", int(r)) i++ }