Fix humble scanner output if target not available

[manuel-sommer]

I am using v 1.30 of Humble and tried out the JSON output.

In case the target is not reachable, the output of "Missing Security Headers" should be empty. Right now the output indicates that the target is available.

See at the following output example:

https://github.com/DefectDojo/django-DefectDojo/pull/8989/files#diff-ff6a401d1d37c4f253ab3df1e2c0963f254bb27a23d687542eaf105766f9608d

[rfc-st]

Hi there!,

The main problems seems to be that this function is not even reached: https://github.com/rfc-st/humble/blob/cd35be6a36f54a75a70223242d60e7fc7d86b1b8/humble.py#L911

The controls I had implemented to detect HTTP 404 codes, URLs without schema, etc ... no longer work: https://github.com/rfc-st/humble/blob/cd35be6a36f54a75a70223242d60e7fc7d86b1b8/humble.py#L1059

And I think it's all related to this commit: https://github.com/rfc-st/humble/commit/57a9125b56bdd7371722bec4582e3011a37ab040

I have to check it calmly and fix it.

Thanks for reporting it!.

[rfc-st]

Hi there!,

Have a look at: https://github.com/rfc-st/humble/commit/bf288d2fc75dffc3e9f016cce6c3a4ec193542c7

Now, in case the URL does not exist or its scheme is incorrect (ex: http///, https//) the concrete error message is indicated, without generating any file including incorrect information.

I think this is the correct approach ... if the URL is incorrect nothing should be exported to any file in any case.

Please take a look at it, to confirm that I can close this issue.

Thank you!

[manuel-sommer]

Works fine again, thank you :-)