This plugin flags errors on systems it cannot log into. I don’t understand NASL well enough to understand why, but it seems pretty clear that ‘r’ in the second ‘if’ statement below should instead be ‘res’.
port = get_http_port(default:80);
for( i = 0; file[i]; i++) {
url = file[i];
pat = res[i];
req = http_get(item:url, port:port);
res = http_keepalive_send_recv(data:req, port:port);
if(!res)
continue;
if(pat >< r) {
report = report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
}