--nonBlockedAsPassed incorrectly counts 404s on positive tests as blocked?

[dankegel]

If you run gotestwaf on a dummy web server that returns OK to every request, it should get zero false positives. This works, of course.

As I understand it, --nonBlockedAsPassed is a convenience; it lets you set up a waf in front of a dummy
server without bothering to make the dummy server actually return OK for every request.

But when I tried the option, it said that all the positive tests had failed; evidently -nonBlockedAsPassed treats 404s as false positives.

It seems the logic in internal/db/statistics.go related to nonBlockedAsPassed does the wrong thing in the isPositive case....?