PR

Summary

Fixes #5567 - Template Profile Improvements

This PR implements all three features requested for template profile improvements with a type-safe, robust approach that addresses gaps in the competing implementation (PR #6804).

Changes

Feature 1: Profile Metadata Fields

  • Added ProfileID, ProfileName, ProfilePurpose, ProfileDescription to Options struct
  • These fields are parsed from profile YAML but ignored during execution
  • Allows profiles to include descriptive metadata without parse errors

Feature 2: Inline Target Lists

  • Added TargetsInline field (list: in YAML) for embedded target list content
  • Supports YAML multiline syntax: list: |
  • Robust implementation using a dedicated field (not fragile newline detection like PR #6804)
  • Inline targets are processed alongside file-based targets

Feature 3: Inline Secrets Support

  • Added InlineSecrets field with proper InlineSecretsConfig type (not interface{} like PR #6804)
  • Supports both static and dynamic secrets sections
  • Integrates with existing authx system by converting to temp file only once
  • Temp file is automatically cleaned up when runner closes

Critical Bug Fixes vs PR #6804

  1. Options.Copy() copies all new fields - PR #6804 forgot to copy InlineSecrets in the Copy method, causing secrets to be lost when options are cloned
  2. Type-safe secrets handling - Using *InlineSecretsConfig instead of interface{} for better compile-time safety
  3. Robust inline target detection - Using dedicated TargetsInline field instead of checking for newlines in file paths
  4. Proper initialization order - Secrets file is created before auth template store is initialized

Testing

  • Added comprehensive test suite for all three features
  • Tests for profile metadata parsing
  • Tests for inline targets (single and multiple)
  • Tests for inline secrets (static and dynamic)
  • Tests for complete profile with all features combined
  • Critical test for Options.Copy() to ensure new fields are copied

Example Profile

# Profile metadata (Feature 1)

id: projectdiscovery-scan

name: "PD Infrastructure Scan"

purpose: "Security assessment"

description: "Complete configuration for PD targets"



# Inline targets (Feature 2)

list: |

  cve.projectdiscovery.io

  chaos.projectdiscovery.io

  api.projectdiscovery.io



# Standard nuclei options

timeout: 30

retries: 2



type:

  - http

  - tcp



severity:

  - critical

  - high



# Inline secrets (Feature 3)

secrets:

  static:

    - type: header

      domains:

        - api.projectdiscovery.io

      headers:

        - key: x-pdcp-key

          value: <api-key>

  dynamic:

    - template: custom-oauth-flow.yaml

      variables:

        - name: username

          value: pdteam

Checklist

  • Code follows project style guidelines
  • All features implemented and tested
  • No breaking changes to existing functionality
  • Options.Copy() correctly copies all new fields
  • Type-safe implementation (no interface{})
  • Documentation included in comments

/claim #5567

Summary by CodeRabbit

  • New Features

    • Support for inline targets in profile YAML (multiline) with automatic splitting and deduplication.
    • Support for inline secrets (static and dynamic) defined in profile configuration; these are now included alongside file-based secrets.
    • Profile metadata fields (ID, name, purpose, description) added for better organization.

  • Tests

    • New tests validating profile parsing, inline targets, and inline secrets handling.

Claim

Total prize pool $152
Total paid $0
Status Pending
Submitted February 03, 2026
Last updated February 03, 2026

Contributors

SI

Simplereally

@Simplereally

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$150
ST

starmovie12

@starmovie12

$2