Hi, thanks for the feedback. I don't see how that code path (the else statement) could get triggered unless the value were not valid. What is the actual code of your fingerprint?

An example of a bad fingerprint that your code would simply pass through would be ignore_404 = "false", severity = -1

Hello @dmiller-nmap.
The else statement is executed whenever the value is valid.
A hardcoded value is set there, ignoring the value set on the fingerprint's definition.

My case was that I had to identify a web application that was expected to not return a 200 nor a 404 HTTP response. I noticed the doc block of http-fingerprints.lua mentioning ignore_404 that seemed to allow what I needed.
Setting the value to true did nothing, unless I did that change you see in this commit.

Thanks for this patch. I have no idea what I was thinking earlier: your fix is clearly correct. I think nobody noticed it earlier because none of the existing fingerprints uses either severity or ignore_404. Applied in r37625.