projectdiscovery · dogancanbakir · Mar 24, 2026 · Mar 23, 2026 · coderabbitai · Mar 23, 2026
diff --git a/pkg/protocols/code/code.go b/pkg/protocols/code/code.go
@@ -277,6 +277,9 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicVa
 			Stderr: buff,
 		}
 	}
+	if err != nil {
+		gologger.Warning().Msgf("[%s] Could not execute code: %s", request.options.TemplateID, err)
+	}
 	gologger.Verbose().Msgf("[%s] Executed code on local machine %v", request.options.TemplateID, input.MetaInput.Input)
 
 	if vardump.EnableVarDump {
@@ -352,6 +355,9 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicVa
 		if request.options.Options.Debug || request.options.Options.DebugResponse {
 			gologger.Debug().Msg(msg)
 			gologger.Print().Msgf("%s\n\n", responsehighlighter.Highlight(event.OperatorsResult, dataOutputString, request.options.Options.NoColor, false))
+			if gOutput.Stderr.Len() > 0 {
+				gologger.Debug().Msgf("[%s] Code Stderr:\n%s", request.options.TemplateID, gOutput.Stderr.String())
+			}
 		}
 		if request.options.Options.StoreResponse {
 			request.options.Output.WriteStoreDebugData(input.MetaInput.Input, request.options.TemplateID, request.Type().String(), fmt.Sprintf("%s\n%s", msg, dataOutputString))

diff --git a/pkg/protocols/code/code_test.go b/pkg/protocols/code/code_test.go
@@ -15,27 +15,68 @@ import (
 	"github.com/projectdiscovery/nuclei/v3/pkg/testutils"
 )
 
-func TestCodeProtocol(t *testing.T) {
-	options := testutils.DefaultOptions
+func newTestRequest(t *testing.T, engine []string, source string) (*Request, *testutils.TemplateInfo) {
+	t.Helper()
+	info := &testutils.TemplateInfo{
+		ID:   "testing-code",
+		Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
+	}
+	return &Request{Engine: engine, Source: source}, info
+}
 
+func executeRequest(t *testing.T, request *Request, info *testutils.TemplateInfo) (output.InternalEvent, error) {
+	t.Helper()
+	options := testutils.DefaultOptions
 	testutils.Init(options)
-	templateID := "testing-code"
-	request := &Request{
-		Engine: []string{"sh"},
-		Source: "echo test",
-	}
-	executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
-		ID:   templateID,
-		Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
-	})
+
+	executerOpts := testutils.NewMockExecuterOptions(options, info)
 	err := request.Compile(executerOpts)
 	require.Nil(t, err, "could not compile code request")
 
 	var gotEvent output.InternalEvent
 	ctxArgs := contextargs.NewWithInput(context.Background(), "")
-	err = request.ExecuteWithResults(ctxArgs, nil, nil, func(event *output.InternalWrappedEvent) {
+	execErr := request.ExecuteWithResults(ctxArgs, nil, nil, func(event *output.InternalWrappedEvent) {
 		gotEvent = event.InternalEvent
 	})
+	return gotEvent, execErr
+}
+
+func TestCodeProtocol(t *testing.T) {
+	request, info := newTestRequest(t, []string{"sh"}, "echo test")
+	gotEvent, err := executeRequest(t, request, info)
 	require.Nil(t, err, "could not run code request")
 	require.NotEmpty(t, gotEvent, "could not get event items")
 }
+
+func TestCodeProtocolSuccessResponse(t *testing.T) {
+	request, info := newTestRequest(t, []string{"sh"}, "echo hello-world")
+	gotEvent, err := executeRequest(t, request, info)
+	require.Nil(t, err)
+	require.Equal(t, "hello-world", gotEvent["response"])
+	_, hasStderr := gotEvent["stderr"]
+	require.False(t, hasStderr, "stderr should not be present on success")
+}
+
+func TestCodeProtocolStderrCapture(t *testing.T) {
+	request, info := newTestRequest(t, []string{"sh"}, "echo error-output >&2")
+	gotEvent, err := executeRequest(t, request, info)
+	require.Nil(t, err)
+	require.Contains(t, gotEvent["stderr"], "error-output")
+}
+
+func TestCodeProtocolFailingScript(t *testing.T) {
+	request, info := newTestRequest(t, []string{"sh"}, "echo fail-message >&2; exit 1")
+	gotEvent, err := executeRequest(t, request, info)
+	require.Nil(t, err, "ExecuteWithResults should not return an error for non-zero exit codes")
+	require.NotEmpty(t, gotEvent, "event should still be generated on script failure")
+	require.Contains(t, gotEvent["stderr"], "fail-message")
+	require.Empty(t, gotEvent["response"], "stdout should be empty when script only writes to stderr")
+}
+
+func TestCodeProtocolMixedOutput(t *testing.T) {
+	request, info := newTestRequest(t, []string{"sh"}, "echo stdout-data; echo stderr-data >&2")
+	gotEvent, err := executeRequest(t, request, info)
+	require.Nil(t, err)
+	require.Equal(t, "stdout-data", gotEvent["response"])
+	require.Contains(t, gotEvent["stderr"], "stderr-data")
+}