fix(fuzz): use normalized path parameter for frequency dedupe

[juzigu40-ui]

Summary

• use normalized path parameter (actualParameter) in fuzz frequency checks
• prevents numeric path index keys from bypassing the per-parameter frequency tracker
• add unit test coverage for the numeric-path case

Validation

• go test ./pkg/fuzz -run TestExecWithInputUsesActualParameterForFrequency -count=1

Ref: #6398

Summary by CodeRabbit

• Bug Fixes

  • Improved parameter frequency evaluation in fuzzing to correctly assess which requests should be skipped based on actual parameter characteristics during execution.

• Tests

  • Added test coverage verifying parameter frequency tracking functions correctly during fuzzing operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d771daa and ce02529.

📒 Files selected for processing (2)

• pkg/fuzz/parts.go
• pkg/fuzz/parts_frequency_test.go

---

Walkthrough

A frequency checking mechanism in the HTTP fuzzing execution logic was updated to evaluate actual parameter values instead of raw parameter values when determining if a request should be skipped. A corresponding test was added to verify this behavior.

Changes

Cohort / File(s)	Summary
Parameter Frequency Evaluation pkg/fuzz/parts.go	Modified frequency check in execWithInput to use actualParameter instead of parameter for determining skip behavior.
Test Coverage pkg/fuzz/parts_frequency_test.go	Added TestExecWithInputUsesActualParameterForFrequency to verify that frequency-based parameter tracking correctly skips requests when normalized path parameters are marked as frequent.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A parameter swap, precise and clean,
From raw to actual, a change unseen,
Frequency tracking now knows the way,
Testing confirms it works today!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: using the normalized path parameter for frequency deduplication in the fuzz module.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

Caution

Review could not be completed

Review could not be completed. Please retry with @neo review.

Suggestion: Try again with @neo review.

_{Comment @neo help for available commands.}