Hi @cfi, I reported this because I noticed some outputs containing the double quotes literally without being interpreted. I’m not sure if it always happens. I’ll test more and respond back to you later.
Mhhh, there might be the chance that something changed in our software stack since the creation of that VT back then in 2015 related to the interpretation of these strings (all recent/newer VTs are usually using single quotes).
Happy to hear about your additional testing results, afterwards we could still update that VT in question to use single quotes for consistency / style reasons
My takeaway from this is that while the VT in question could make use of single instead of double quotes it is not absolutely mandatory:
The data is represented correctly in most cases and only security_message() seems to behave a little bit differently when used via openvas-nasl (which would be something to discuss outside of the Vulnerability Tests category and with the responsible team working on the scanner component).