Don't report X-Content-Type-Options for non 200 OK responses sullo#803

JefriReynaldi · Dec 30, 2023 · b11e74c · b11e74c
1 parent 7e3eae4
commit b11e74c
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/program/plugins/nikto_headers.plugin b/program/plugins/nikto_headers.plugin
@@ -147,7 +147,9 @@ sub nikto_headers_postfetch {
     }
 
     # Look for X-Frame-Options
-    if (!$XFRAME{ $mark->{hostname} }{ $mark->{port} } && defined $result->{'whisker'}->{'code'} && $result->{'whisker'}->{'code'} == 200) {
+    if (!$XFRAME{ $mark->{hostname} }{ $mark->{port} } 
+	&& defined $result->{'whisker'}->{'code'} 
+	&& $result->{'whisker'}->{'code'} == 200) {
         if (defined $result->{'x-frame-options'}) {
                 add_vulnerability(
                     $mark,
@@ -387,7 +389,8 @@ sub nikto_headers_postfetch {
 
     # X-Content-Type-Options
     if (!$HEADERS_XCTO{ $mark->{hostname} }{ $mark->{port} }
-        && defined $result->{'whisker'}->{'code'}) {
+        && defined $result->{'whisker'}->{'code'}
+	&& $result->{'whisker'}->{'code'} == 200) {
         if (!defined $result->{'x-content-type-options'}) {
             add_vulnerability(
                 $mark,