fix: prevent nil panic for unsafe HEAD requests

[tal7aouy]

Description:

• Problem: When running httpx with --unsafe and sending a HEAD request, Do() could panic due to dereferencing err when it was nil (err.Error() was called even on success).
• Fix: Guard the err.Error() call by requiring err != nil before accessing it.
• Testing: Verified by running go test tools. (all tests pass).

Summary by CodeRabbit

• Bug Fixes
  • Improved error handling robustness in HTTP request processing for enhanced stability.

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Fixes nil pointer dereference panic when using --unsafe with HEAD requests
• Adds proper nil check before calling err.Error() on line 227

_{Comment @pdneo help for available commands. · Open in Neo}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ed678018-3351-4755-a534-567f8e102696

📥 Commits

Reviewing files that changed from the base of the PR and between 0045108 and 8ae53cb.

📒 Files selected for processing (1)

• common/httpx/httpx.go

---

Walkthrough

The change refactors error handling logic in the unsafe HEAD request path by replacing a switch case guard with a direct if condition that explicitly checks for non-nil errors while excluding i/o timeout errors. This prevents potential nil pointer dereference when the error is nil.

Changes

Cohort / File(s)	Summary
Error Handling Safety common/httpx/httpx.go	Replaced switch case guard with direct if condition adding explicit nil-check (err != nil) for unsafe HEAD request path while retaining i/o timeout error exclusion. Sets shouldIgnoreErrors and shouldIgnoreBodyErrors only when error is non-nil and not an i/o timeout.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A rabbit hops through error's way,
With nil-checks guarding every day,
No more dereferences cause dismay,
The code now safe in every play! 🐰✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: preventing a nil panic in unsafe HEAD requests by fixing error handling logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can scan for known vulnerabilities in your dependencies using OSV Scanner.

OSV Scanner will automatically detect and report security vulnerabilities in your project's dependencies. No additional configuration is required.