From 534d2605fd1e0fcd075a2596c5174227e043edea Mon Sep 17 00:00:00 2001 From: Celeste Hickenlooper Date: Fri, 2 Jan 2026 22:56:06 -0800 Subject: [PATCH] fix: data races and slice preallocation in dirlist and dnslist add mutex protection for concurrent slice appends, preallocate result slices with reasonable capacity, use logger instead of direct file i/o --- pkg/scan/dirlist.go | 6 ++++-- pkg/scan/dnslist.go | 15 +++++++-------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/pkg/scan/dirlist.go b/pkg/scan/dirlist.go index 8830448..2c50554 100644 --- a/pkg/scan/dirlist.go +++ b/pkg/scan/dirlist.go @@ -99,9 +99,10 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir } var wg sync.WaitGroup + var mu sync.Mutex wg.Add(threads) - results := []DirectoryResult{} + results := make([]DirectoryResult, 0, 64) for thread := 0; thread < threads; thread++ { go func(thread int) { defer wg.Done() @@ -119,7 +120,6 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir } if resp.StatusCode != 404 && resp.StatusCode != 403 { - // log url, directory, and status code dirlog.Infof("%s [%s]", styles.Status.Render(strconv.Itoa(resp.StatusCode)), styles.Highlight.Render(directory)) if logdir != "" { logger.Write(sanitizedURL, logdir, fmt.Sprintf("%s [%s]\n", strconv.Itoa(resp.StatusCode), directory)) @@ -129,7 +129,9 @@ func Dirlist(size string, url string, timeout time.Duration, threads int, logdir Url: resp.Request.URL.String(), StatusCode: resp.StatusCode, } + mu.Lock() results = append(results, result) + mu.Unlock() } } }(thread) diff --git a/pkg/scan/dnslist.go b/pkg/scan/dnslist.go index ba9b758..816ecce 100644 --- a/pkg/scan/dnslist.go +++ b/pkg/scan/dnslist.go @@ -93,9 +93,10 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir } var wg sync.WaitGroup + var mu sync.Mutex wg.Add(threads) - urls := []string{} + urls := make([]string, 0, 64) for thread := 0; thread < threads; thread++ { go func(thread int) { defer wg.Done() @@ -110,17 +111,13 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir if err != nil { log.Debugf("Error %s: %s", domain, err) } else { + mu.Lock() urls = append(urls, resp.Request.URL.String()) + mu.Unlock() dnslog.Infof("%s %s.%s", styles.Status.Render("[http]"), styles.Highlight.Render(domain), sanitizedURL) if logdir != "" { - f, err := os.OpenFile(logdir+"/"+sanitizedURL+".log", os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666) - if err != nil { - log.Errorf("Error creating log file: %s", err) - return - } - defer f.Close() - f.WriteString(fmt.Sprintf("[http] %s.%s\n", domain, sanitizedURL)) + logger.Write(sanitizedURL, logdir, fmt.Sprintf("[http] %s.%s\n", domain, sanitizedURL)) } } @@ -128,7 +125,9 @@ func Dnslist(size string, url string, timeout time.Duration, threads int, logdir if err != nil { log.Debugf("Error %s: %s", domain, err) } else { + mu.Lock() urls = append(urls, resp.Request.URL.String()) + mu.Unlock() dnslog.Infof("%s %s.%s", styles.Status.Render("[https]"), styles.Highlight.Render(domain), sanitizedURL) if logdir != "" { logger.Write(sanitizedURL, logdir, fmt.Sprintf("[https] %s.%s\n", domain, sanitizedURL))