From 6efffce8a9da12e852acd8bf78e5b6f70aeab0f3 Mon Sep 17 00:00:00 2001
From: tomsellers <tomsellers@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 7 Mar 2013 02:05:23 +0000
Subject: [PATCH] Address an false positive issue caused http-git interacting
 with HTTP servers that report 200 OK to all requests.

---
 scripts/http-git.nse | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/http-git.nse b/scripts/http-git.nse
index b7a95630c..56d06f0e2 100644
--- a/scripts/http-git.nse
+++ b/scripts/http-git.nse
@@ -91,10 +91,12 @@ function action(host, port)
       root = "/" .. root
     end
 
-    -- If we can't get /.git/HEAD, don't even bother continuing
+    -- If we can't get a valid /.git/HEAD, don't even bother continuing
     -- We could try for /.git/, but we will not get a 200 if directory
     -- listings are disallowed.
-    if http.get(host, port, root .. ".git/HEAD").status == STATUS_OK then
+    local resp = http.get(host, port, root .. ".git/HEAD")
+    local sha1_pattern = "^%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x"
+    if resp.status == STATUS_OK and ( resp.body:match("^ref: ") or resp.body:match(sha1_pattern) ) then
       out = out or {}
       local replies = {}
       -- This function returns true if we got a 200 OK when