Hi @cfi, I reported this because I noticed some outputs containing the double quotes literally without being interpreted. I’m not sure if it always happens. I’ll test more and respond back to you later.
Mhhh, there might be the chance that something changed in our software stack since the creation of that VT back then in 2015 related to the interpretation of these strings (all recent/newer VTs are usually using single quotes).
Happy to hear about your additional testing results, afterwards we could still update that VT in question to use single quotes for consistency / style reasons
The VT sw_apc_default_telnet_credentials.nasl is just an example, I noticed that there are some other VTs that place escape strings in between double quotes like this.
I noticed that the output looks like one from openvas-nasl which is not always behaving the same like doing a “full” scan / having an output how it ends up in the final report presented to the user.
Thus i did an own test on a 21.4.6 setup with a slight modified test case which had added the following to the very beginning of find_service.nasl:
My takeaway from this is that while the VT in question could make use of single instead of double quotes it is not absolutely mandatory:
The data is represented correctly in most cases and only security_message() seems to behave a little bit differently when used via openvas-nasl (which would be something to discuss outside of the Vulnerability Tests category and with the responsible team working on the scanner component).