Customer scan caused DAST Browser crash on PersistNavigationResultsAuthenticationObserver with nil NavigationResult

Problem

A customers scan that uses MultiStep authentication crashes if the navigation result is empty.

Stack trace:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xb3f342]

goroutine 1 [running]:
gitlab.com/browserker/scanner/auth.(*PersistNavigationResultsAuthenticationObserver).NotifyOfStep(0xc0004c1000, 0x2, {0xead108, 0xc000288000}, 0x0, {0xd6e6ac, 0xc}, {0xc0001e6f30, 0x9})
	/go/builds/scanner/auth/persist_navigation_results_authentication_observer.go:31 +0x22
gitlab.com/browserker/scanner/auth.(*CompositeAuthenticationObserver).NotifyOfStep(0xc00bf5b500, 0xc00b09f950, {0xead108, 0xc000288000}, 0xead108, {0xd6e6ac, 0xc}, {0xc0001e6f30, 0x9})
	/go/builds/scanner/auth/composite_authentication_observer.go:15 +0xf7
gitlab.com/browserker/scanner/auth.(*Service).attemptLogin(0xc0000f9340, 0xc00b09f998, {0xead108, 0xc000288000}, 0xc00cfa2000)
	/go/builds/scanner/auth/service.go:159 +0xe3
gitlab.com/browserker/scanner/auth.(*Service).processLoginSteps(0xc0000f9340, 0xc000544bd0, {0xead108, 0xc000288000})
	/go/builds/scanner/auth/service.go:103 +0x85
gitlab.com/browserker/scanner/auth.(*Service).Login(0xc0000f9340, 0xc000544a80, {0xead108, 0xc000288000})
	/go/builds/scanner/auth/service.go:74 +0x16f
gitlab.com/browserker/scanner.(*Browserk).initPipelinedBrowser(0xc0000d4460, {0xead108, 0xc000288000}, {0xe97b38, 0xc0000a0840})
	/go/builds/scanner/browserk_scanner.go:430 +0x254
gitlab.com/browserker/scanner.(*Browserk).validateAuth(0xc0000d4460)
	/go/builds/scanner/browserk_scanner.go:228 +0x107
gitlab.com/browserker/scanner.(*Browserk).Start(0xc0000d4460)
	/go/builds/scanner/browserk_scanner.go:195 +0xcc
gitlab.com/browserker/clicmds.(*BrowserkRunner).Run(0xc0000f93b0)
	/go/builds/clicmds/runner.go:69 +0x142
main.main.func2(0xc0001c6480)
	/go/builds/main.go:44 +0x45
github.com/urfave/cli/v2.(*Command).Run(0xc000105320, 0xc0004deb00)
	/go/pkg/mod/github.com/urfave/cli/v2@v2.2.0/command.go:164 +0x64a
github.com/urfave/cli/v2.(*App).RunContext(0xc0000de780, {0xe97b70, 0xc0000360f0}, {0xc000030080, 0x8, 0x8})
	/go/pkg/mod/github.com/urfave/cli/v2@v2.2.0/app.go:306 +0x926
github.com/urfave/cli/v2.(*App).Run(...)
	/go/pkg/mod/github.com/urfave/cli/v2@v2.2.0/app.go:215
main.main()
	/go/builds/main.go:71 +0x7df

It appears the PersistNavigationResultsAuthenticationObserver does not account for navigationResult.Navigation being nil, causing the panic.

This is most likely due to the auth.Service running the login sequence, and potentially returning an error, but still calling s.authenticationObserver.NotifyOfStep with the potentially nil result regardless of error condition.

func (s *Service) attemptLogin(loginCtx *browserk.Context, browser browserk.Browser, loginPage *authenticator.LoginPage) error {
	var err error

	s.AuthContext, err = s.authenticator.Login(loginCtx, s.crawler, browser, loginPage) // <-- error could occur here

	s.authenticationObserver.NotifyOfStep(loginCtx, browser, loginPage.LoginSubmittedResult(), "Login submit", s.cfg.AuthDetails.Password) // <-- yet we still notify of step with loginPage.LoginSubmittedResult() which maybe nil

	if err != nil {
		s.state.Store(stateLoggedOut)
		s.logger.Info().Err(err).Msg(browserk.LogAuthentication, "Login attempt failed")
		return err
	}
	return nil
}

References:

Zendesk Ticket: https://gitlab.zendesk.com/agent/tickets/281506