Replace panic with error handling in template loader

[teredasites]

Proposed Changes

Replace both panic() calls in the template loader's LoadTemplatesWithTags function with proper error returns, allowing callers to handle missing dialers and wait group failures gracefully instead of crashing.

Changes:

• LoadTemplatesWithTags and LoadTemplates now return ([]*templates.Template, error) instead of just []*templates.Template
• Store.Load() now returns error instead of nothing
• Both panic("dialers with executionId ... not found") and panic("could not create wait group") replaced with fmt.Errorf() error returns
• Moved the executionId/dialers check before the waitgroup creation to avoid unnecessary allocation on early error
• Inlined the dialers variable (was only used for the nil check)
• All 7 callers updated to handle and propagate the new error:
  • internal/runner/runner.go
  • internal/runner/lazy.go
  • internal/server/nuclei_sdk.go
  • lib/sdk.go
  • lib/multi.go
  • cmd/integration-test/library.go
  • pkg/protocols/common/automaticscan/util.go
• Benchmark tests updated to handle the two-value return and fail fast on errors

Proof

Before

When dialers are not initialized, the application panics with an unrecoverable crash:

panic: dialers with executionId abc123 not found

goroutine 1 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/catalog/loader.(*Store).LoadTemplatesWithTags(...)
    pkg/catalog/loader/loader.go:720
...

After

Errors are returned and propagated up the call chain:

error: could not load templates: dialers with executionId abc123 not found

Callers receive the error and can handle it (log, retry, return) instead of crashing.

Compilation verified

go build ./...  # passes cleanly

All function signatures maintain backward-compatible behavior: callers already checked for nil/empty template slices, and now additionally check the error return.

Checklist

• PR created against the correct branch (dev)
• All callers updated to handle new error return
• Benchmark tests updated for new signatures
• No behavioral changes for the normal flow where dialers are properly initialized

Fixes #6674

/claim #6674

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Template loading errors are now properly captured and reported throughout the system. Operations fail early when templates cannot be loaded, preventing execution with incomplete or missing templates.

• Tests

  • Updated template loading benchmarks to handle error cases explicitly.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9142eae and 5246805.

📒 Files selected for processing (9)

• cmd/integration-test/library.go
• internal/runner/lazy.go
• internal/runner/runner.go
• internal/server/nuclei_sdk.go
• lib/multi.go
• lib/sdk.go
• pkg/catalog/loader/loader.go
• pkg/catalog/loader/loader_bench_test.go
• pkg/protocols/common/automaticscan/util.go

---

Walkthrough

This change adds comprehensive error handling to template loading operations across the codebase. The core loader package public API methods—Load(), LoadTemplates(), and LoadTemplatesWithTags()—now return errors instead of silently failing. All callers are updated to handle these errors appropriately.

Changes

Cohort / File(s)	Summary
Core Loader Implementation pkg/catalog/loader/loader.go	Updated public API signatures to return errors. Load(), LoadTemplates(), and LoadTemplatesWithTags() now propagate errors from template loading, dialer validation, and wait-group creation. Added early error returns and wrapped errors with contextual messages instead of panics.
Loader Benchmarks pkg/catalog/loader/loader_bench_test.go	Replaced silent error ignoring with explicit error checks in all benchmark subtests. Each LoadTemplates call now captures and asserts errors instead of discarding them with blank identifiers.
Internal Runner Callers internal/runner/lazy.go, internal/runner/runner.go	Added error capturing around template loading calls in lazy authentication and enumeration workflows. Both now check for load errors and return wrapped error messages if loading fails.
Library and SDK Callers lib/sdk.go, lib/multi.go	Added error handling around store.Load() and template loading calls. Both now capture errors, wrap them with descriptive messages, and return early on failure.
Integration and Server Callers cmd/integration-test/library.go, internal/server/nuclei_sdk.go	Added guarded error handling around store.Load() calls to capture and propagate load failures with wrapped error messages.
Automatic Scan Utility pkg/protocols/common/automaticscan/util.go	Added error capturing for LoadTemplatesWithTags() result. Now checks for errors before proceeding with template processing and validation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 No more panics in the night,
Errors caught and wrapped up tight,
Dialers checked, templates blessed,
Callers handle all the rest,
Graceful fails, a rabbit's delight! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly describes the main change: replacing panic calls with proper error handling in the template loader.
Linked Issues check	✅ Passed	The PR successfully addresses all objectives from issue #6674: panic calls replaced with error returns, loader signatures updated to propagate errors, all seven callers updated to handle errors, and dialers validation moved before wait group creation.
Out of Scope Changes check	✅ Passed	All changes are directly in scope. The PR focuses on replacing panics with error handling in the template loader and updating related callers as specified in issue #6674.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Replaces panic() calls with proper error returns in LoadTemplatesWithTags and LoadTemplates functions
• Adds error handling for missing dialers and wait group creation failures
• Updates all 7 callers to handle and propagate the new error returns gracefully

_{Comment @neo help for available commands. · Open in Neo}