fix(http): isolate project cache keys by scheme & host

[dwisiswant0]

Proposed changes

Prev. project keyed cache lookups from dumped HTTP
request bytes alone. For eq requests, this allowed
"http" and "https" targets to collide and reuse
cached responses across schemes.

Derive a scoped cache key by prefixing normalized
scheme://host before projectfile.{Get,Set}
keying input in the HTTP protocol path.

Close #6866

Proof

Patch is in http package because only HTTP knows the missing context (scheme and effective host:port) at request-build time. projectfile is a generic byte-key store so if it guessed scope from raw bytes, it would duplicate protocol parsing logic and risk breaking non-HTTP callers. (HTTP adds the scope before Get/Set, and projectfile remains protocol-agnostic and reusable, maybe, for future use).

$ go test -v -run ^TestGetHTTPProjectCacheScope_SeparatesSchemeAndPort$ ./pkg/protocols/http
=== RUN   TestGetHTTPProjectCacheScope_SeparatesSchemeAndPort
--- PASS: TestGetHTTPProjectCacheScope_SeparatesSchemeAndPort (0.00s)
PASS
ok  	github.com/projectdiscovery/nuclei/v3/pkg/protocols/http	0.235s

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Summary by CodeRabbit

• Improvements

  • Refined HTTP request handling to prevent cache conflicts by implementing more specific scoping for request caching across different configurations.

• Tests

  • Added test coverage for HTTP request cache scoping logic to verify correct behavior across different request types.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 72b6919 and 205674f.

📒 Files selected for processing (3)

• pkg/protocols/http/request.go
• pkg/protocols/http/utils.go
• pkg/protocols/http/utils_test.go

---

Walkthrough

This change implements scheme and host-scoped cache keys for HTTP requests in the project cache system. Previously, the cache key was based solely on the dumped request, causing responses from HTTPS requests to be incorrectly reused for HTTP requests and vice versa. The fix computes a new cache key that combines the request dump with scheme and host information when available.

Changes

Cohort / File(s)	Summary
Cache Key Scoping pkg/protocols/http/request.go	Introduces projectCacheKey derived from dumped request combined with URL scheme and host; replaces dumpedRequest in cache Get and Set operations to ensure scheme/host-specific caching.
Cache Scope Helper pkg/protocols/http/utils.go	Adds getHTTPProjectCacheScope() private helper function that builds a scoped cache key by concatenating scheme, host, and request dump; returns original dump if scheme or host is unavailable.
Cache Scope Tests pkg/protocols/http/utils_test.go	Introduces test validating that different schemes (HTTP vs HTTPS) generate distinct cache scopes while preserving the original request bytes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit hops through caches deep,
Where schemes and hosts their secrets keep,
No more shall HTTPS and HTTP blend,
Each protocol gets its own cache friend! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: isolating project cache keys by scheme and host to fix cross-scheme cache collisions.
Linked Issues check	✅ Passed	The PR directly addresses issue #6866 by implementing scheme and host-based cache key scoping to prevent HTTPS responses from being reused for HTTP requests and vice versa.
Out of Scope Changes check	✅ Passed	All changes are in-scope: a new helper function getHTTPProjectCacheScope, modifications to cache key logic in request.go, and corresponding unit tests—all directly addressing the cache isolation issue.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dwisiswant0/fix/http/isolate-project-cache-keys-by-scheme-host

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}