fix: handle comma-separated entries in -l/-list and stdin input

[Gengyscan]

Description

Fixes #859 — -l/-list and stdin input now correctly handle comma-separated targets on a single line, matching the existing -u flag behavior.

Problem

When using -u host1,host2,host3, targets are correctly split by comma via CommaSeparatedStringSliceOptions in goflags. However, when using -l file.txt where the file contains comma-separated targets on a single line, the entire line is treated as one target, causing connection failures.

Root Cause

In normalizeAndQueueInputs, the bufio scanner reads each line and passes it directly to processInputItem without splitting on commas. The -u flag gets comma-splitting for free from goflags, but file/stdin inputs bypass that.

Fix

Split each scanned line on commas (with trimming) before passing to processInputItem, in both the file-input and stdin-input code paths.

Changes

• internal/runner/runner.go: Added strings.Split(text, ",") loop with strings.TrimSpace in both the -l file scanner and the stdin scanner blocks of normalizeAndQueueInputs.

Testing

• Build passes (go build -buildvcs=false ./cmd/tlsx/)
• No new dependencies added (strings was already imported)
• Comma splitting is safe for all valid target types (IP, CIDR, FQDN, ASN) as none contain commas

/claim #859

Summary by CodeRabbit

Release Notes

• New Features

  • Input processing now supports comma-separated values on a single line, queuing each item individually for more flexible formatting across file and standard input.

• Bug Fixes

  • Improved error handling and clearer error messages when reading input from files and stdin.

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Adds comma-separated input parsing to -l/-list flag and stdin, matching existing -u flag behavior
• Uses strings.Split() and strings.TrimSpace() for parsing - standard library functions with no injection risk
• Input flows through existing validation paths (url.Parse, net.SplitHostPort, net.JoinHostPort)

_{Comment @pdneo help for available commands. · Open in Neo}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a7378383-feba-4c23-a826-4f552954fc8c

📥 Commits

Reviewing files that changed from the base of the PR and between c28ca65 and c135e77.

📒 Files selected for processing (1)

• internal/runner/runner.go

🚧 Files skipped from review as they are similar to previous changes (1)

• internal/runner/runner.go

---

Walkthrough

Input parsing in the runner was changed to split each input line by commas, trim whitespace, and enqueue each non-empty segment as a separate input. Errors reading input files and stdin are now wrapped and returned with descriptive messages.

Changes

Cohort / File(s)	Summary
Input processing & error handling internal/runner/runner.go	Changed per-line processing to split on commas and queue each trimmed, non-empty item individually. Added wrapped error returns for failures reading input files and stdin. Public APIs unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble lines and find the bits,
Commas split into perfect fits,
Trimmed and queued, they hop away,
Multiple prefixes save the day! 🥕✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: handling comma-separated entries in -l/-list and stdin input, matching the core functionality fix in the PR.
Linked Issues check	✅ Passed	The PR directly addresses issue #859 by implementing comma-splitting in normalizeAndQueueInputs for both file and stdin input paths, achieving parity with -u flag behavior.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing comma-separated input parsing in internal/runner/runner.go with added error handling, directly addressing the linked issue requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/runner/runner.go`:
- Around line 439-449: The scanner loops that read from file and stdin use
bufio.NewScanner(file) / bufio.NewScanner(os.Stdin) and call
r.processInputItem(...) for each token but never check scanner.Err(); after each
loop (the file-scanner loop around the call to r.processInputItem and the
stdin-scanner loop) call scanner.Err(), and if non-nil return or propagate that
error (or wrap it with context) instead of silently returning nil so token-size
or I/O errors are not swallowed; update the function to handle and surface these
errors where the scanner variables are defined.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 96b26ef1-e5a1-4bde-8d26-2de2cbc0439b

📥 Commits

Reviewing files that changed from the base of the PR and between d13b67f and c28ca65.

📒 Files selected for processing (1)

• internal/runner/runner.go