fix: do not perform success code condition checks for authenticated strategies in http plugin (fixes #84)

evilsocket · evilsocket · commit b6d1c1596c24 · 2025-09-16T11:57:24.000+02:00
diff --git a/src/plugins/http/http_test.rs b/src/plugins/http/http_test.rs
@@ -916,11 +916,7 @@ mod tests {
 
         let result = http.check_dot_false_positives(&opts, false).await;
         assert!(result.is_err());
-        assert!(
-            result
-                .unwrap_err()
-                .contains("aborting due to likely false positives")
-        );
+        assert!(result.unwrap_err().contains("likely false positives"));
     }
 
     // Tests for check_false_positives
@@ -997,11 +993,7 @@ mod tests {
 
         let result = http.check_false_positives(&opts, false).await;
         assert!(result.is_err());
-        assert!(
-            result
-                .unwrap_err()
-                .contains("aborting due to likely false positives")
-        );
+        assert!(result.unwrap_err().contains("likely false positives"));
     }
 
     #[tokio::test]
diff --git a/src/plugins/http/mod.rs b/src/plugins/http/mod.rs
@@ -474,7 +474,7 @@ impl HTTP {
                 ));
             } else {
                 return Err(format!(
-                    "aborting due to likely false positives for {}: validates success condition for a non existent page: {:?}",
+                    "likely false positives for {}: validates success condition for a non existent page: {:?}",
                     target, success
                 ));
             }
@@ -513,7 +513,7 @@ impl HTTP {
                 ));
             } else {
                 return Err(format!(
-                    "aborting due to likely false positives for {}: validates success condition for a non existent page starting with a dot: {:?}",
+                    "likely false positives for {}: validates success condition for a non existent page starting with a dot: {:?}",
                     target, success
                 ));
             }
@@ -942,7 +942,11 @@ impl Plugin for HTTP {
                 .map_err(|e| e.to_string())?
         };
 
-        self.validate_success_condition(opts).await
+        // do not perform check if we expect authentication
+        match self.strategy {
+            Strategy::BasicAuth | Strategy::NLTMv1 | Strategy::NLTMv2 => Ok(()),
+            _ => self.validate_success_condition(opts).await,
+        }
     }
 
     async fn attempt(
