fix: support comma-separated inputs in list file (-l option)

[zhaog100]

Summary

Fixes #859

The -u option correctly handles comma-separated targets (e.g., ./tlsx -u 192.168.1.0/24,192.168.2.0/24) via CommaSeparatedStringSliceOptions, but the -l option treated each line as a single target.

Changes

• Modified internal/runner/runner.go to split each line by comma when reading from the input list file, matching the behavior of the -u option.

Testing

• Build passes: go build ./...

Summary by CodeRabbit

• New Features
  • Enhanced input file processing to support comma-separated values. Users can now specify multiple input items on a single line by separating them with commas, providing improved flexibility in structuring input files and reducing the need for multiple lines when handling related inputs.

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Adds comma-separated input support to the -l (list file) option, matching existing -u option behavior
• Simple string splitting operation on file input lines before routing to existing processInputItem handlers

Hardening Notes

• Consider adding input length validation in processInputItem to prevent resource exhaustion from extremely long comma-separated lists in internal/runner/runner.go:491
• Add explicit whitespace trimming with strings.TrimSpace(item) around line 444 in internal/runner/runner.go to handle inputs like 'host1, host2' with spaces after commas

_{Comment @pdneo help for available commands. · Open in Neo}

[coderabbitai]

Walkthrough

The normalizeAndQueueInputs function in the runner was updated to split comma-separated values within each line of an input file, allowing multiple inputs per line to be processed individually instead of treating the entire line as a single input.

Changes

Cohort / File(s)	Summary
Input Processing Logic internal/runner/runner.go	Modified line parsing in normalizeAndQueueInputs to split non-empty lines by commas and enqueue each segment individually, enabling support for comma-separated inputs within a single file line.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A line split by commas, now each one takes flight,
Multiple prefixes in one, processed just right,
From single to many, the input now flows,
With just five small lines, the feature grows! 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding support for comma-separated inputs in the list file (-l option), which is the primary objective of this PR.
Linked Issues check	✅ Passed	The PR directly addresses issue #859 by implementing comma-separated input parsing in the list file (-l option) to match -u behavior.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the comma-separated input handling in the list file feature; no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/runner/runner.go`:
- Around line 443-447: When splitting comma-separated targets in the input
handling loop, trim whitespace from each token before calling r.processInputItem
so tokens like " 192.168.2.0/24" are normalized (use strings.TrimSpace on each
item); additionally propagate and return any errors encountered while scanning
files instead of swallowing them—update the code paths that call file scanning
(the scanner loop around r.processInputItem and any file-read helpers) to
capture scan errors and return a wrapped error using the ProjectDiscovery
utils/errors package and consistent logging with gologger (reference
r.processInputItem and the file scan/scan loop) so failures are surfaced to the
caller.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9216d0b8-a6f1-48e8-9185-7c4b7fde39be

📥 Commits

Reviewing files that changed from the base of the PR and between d13b67f and 0860f9d.

📒 Files selected for processing (1)

• internal/runner/runner.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Trim comma-split targets and surface scan failures.

Line 443 splits by comma but keeps surrounding whitespace, so entries like 192.168.1.0/24, 192.168.2.0/24 still send an invalid leading-space token to processInputItem. Also, file scan errors are not returned, so input processing can fail silently.

💡 Proposed fix

 		scanner := bufio.NewScanner(file)
 		for scanner.Scan() {
-			text := scanner.Text()
-			if text != "" {
-				for _, item := range strings.Split(text, ",") {
-					if item != "" {
-						r.processInputItem(item, inputs)
-					}
-				}
-			}
+			text := strings.TrimSpace(scanner.Text())
+			if text == "" {
+				continue
+			}
+			for _, item := range strings.Split(text, ",") {
+				item = strings.TrimSpace(item)
+				if item == "" {
+					continue
+				}
+				r.processInputItem(item, inputs)
+			}
 		}
+		if err := scanner.Err(); err != nil {
+			return errkit.Wrap(err, "could not read input file")
+		}
 	}

As per coding guidelines, "Use ProjectDiscovery libraries (dnsx, fastdialer, goflags, gologger) and ProjectDiscovery's utils/errors for consistent error handling patterns".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	for _, item := range strings.Split(text, ",") {
	if item != "" {
	r.processInputItem(item, inputs)
	}
	}
	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
	text := strings.TrimSpace(scanner.Text())
	if text == "" {
	continue
	}
	for _, item := range strings.Split(text, ",") {
	item = strings.TrimSpace(item)
	if item == "" {
	continue
	}
	r.processInputItem(item, inputs)
	}
	}
	if err := scanner.Err(); err != nil {
	return errkit.Wrap(err, "could not read input file")
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/runner/runner.go` around lines 443 - 447, When splitting
comma-separated targets in the input handling loop, trim whitespace from each
token before calling r.processInputItem so tokens like " 192.168.2.0/24" are
normalized (use strings.TrimSpace on each item); additionally propagate and
return any errors encountered while scanning files instead of swallowing
them—update the code paths that call file scanning (the scanner loop around
r.processInputItem and any file-read helpers) to capture scan errors and return
a wrapped error using the ProjectDiscovery utils/errors package and consistent
logging with gologger (reference r.processInputItem and the file scan/scan loop)
so failures are surfaced to the caller.