fix: route warning messages to stderr instead of stdout

[jyoti369]

Summary

Fixes #7314

Warning messages using Logger.Print() with manually formatted [WRN] labels were being written to stdout instead of stderr, corrupting JSON output when using the -j flag.

Root Cause

In gologger, Print() creates events at LevelSilent, which the CLI writer routes to os.Stdout. This means any warning message using Print().Msgf("[%v] ...", BrightYellow("WRN"), ...) ends up in stdout, mixing with structured scan output.

Warning() creates events at LevelWarning, which the CLI writer routes to os.Stderr (the correct destination for diagnostic messages).

Changes

Replaced all Logger.Print() calls that manually format [WRN] labels with Logger.Warning(), which:

• Routes output to stderr via gologger's LevelWarning
• Automatically adds the [WRN] label prefix
• Prevents warning text from corrupting -j JSON output on stdout

Files changed (4 files, 8 instances):

File	Warning Message
internal/runner/runner.go	Rate limit deprecation warning
internal/runner/runner.go	Concurrency > max-host-error warning
internal/runner/runner.go	No DAST templates warning
internal/runner/runner.go	Unsigned templates warning
pkg/catalog/disk/find.go	Deprecated template paths warning
pkg/templates/compile.go	Unsigned/tampered template warning (2 instances)
pkg/fuzz/component/value.go	Unknown value type warning

Not Changed

• cmd/nuclei/main.go:812 — Print().Msg(warning) for the interactive reset prompt. This is intentional stdout output before a user confirmation prompt, not a warning message.

Testing

• go build ./cmd/nuclei/ — compiles successfully
• go vet — no issues

Summary by CodeRabbit

• Refactor
  • Standardized warning log formatting across the application for more consistent output presentation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 93ce1e4c-e1bc-4e9b-a09f-7953b4b486d1

📥 Commits

Reviewing files that changed from the base of the PR and between a2fb27a and 5939192.

📒 Files selected for processing (4)

• internal/runner/runner.go
• pkg/catalog/disk/find.go
• pkg/fuzz/component/value.go
• pkg/templates/compile.go

---

Walkthrough

The PR replaces deprecated Logger.Print() calls with Logger.Warning() methods across four files, ensuring warning messages are properly routed to stderr instead of stdout. The changes also remove the github.com/logrusorgru/aurora dependency for colorization, with no alterations to control flow or conditions.

Changes

Cohort / File(s)	Summary
Logger method migration internal/runner/runner.go, pkg/catalog/disk/find.go, pkg/fuzz/component/value.go, pkg/templates/compile.go	Replaced Logger.Print().Msgf() and Logger.Print().Msg() calls with Logger.Warning() variants for warning-level messages. Removed github.com/logrusorgru/aurora imports used for colorized WRN/WARN prefixes. All control flow and emission conditions remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 With paws upon the keyboard, I hop with glee,
Warnings now to stderr flow, not stdout's sea!
JSON stays pristine, no corruption in sight,
Aurora fades away—logs route just right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: converting warning messages from Logger.Print() (which routes to stdout) to Logger.Warning() (which routes to stderr).
Linked Issues check	✅ Passed	The PR addresses all coding requirements from issue #7314: replacing eight Logger.Print() warning calls with Logger.Warning() across four files to route warnings to stderr instead of stdout.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing warning message routing; no unrelated modifications were introduced beyond the stated objective.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dwisiswant0]

Closing this since it's already being handled over at #7316.

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

Caution

Neo couldn't finish analyzing this pull request during this run. Please run the review again.

_{Comment @pdneo help for available commands. · Open in Neo}