DAST 5 is failing with a stacktrace
Summary
A customer reported a failing DAST scan (internal ticket). It started after they switched to version 4. BBA is throwing a stacktrace:
2024-05-07T23:32:25.834 INF MAIN crawl of target application complete
2024-05-07T23:32:25.834 INF MAIN active scan started timeout_in="2h59m59.999s"
panic: runtime error: index out of range [-1]
goroutine 535 [running]:
gitlab.com/browserker/scanner/plugin/vulnerabilities/active_check.(*HeaderValueInjectionLocation).Modify(0xc00ce01c00, {0xf9bf38, 0xc00ce3c000}, {0xf946e0, 0xc00ce0ee40})
/go/builds/scanner/plugin/vulnerabilities/active_check/header_value_injection_location.go:44 +0x505
gitlab.com/browserker/scanner/plugin/vulnerabilities/active_check.(*AttackRequestFactory).Build(0xc00012cda0, {0xf976a0, 0xc00c4e47e0}, 0xc00cb59e00, {0xf96400, 0xc00ce01c00}, {0xf946e0, 0xc00ce0ee40}, {0xf92fd8, 0xc00c4a3fb0}, ...)
/go/builds/scanner/plugin/vulnerabilities/active_check/attack_request_factory.go:50 +0x436
gitlab.com/browserker/scanner/plugin/vulnerabilities/active_check.(*MatchResponseAttack).Attack(0xc00c4e47e0, {0xf96808, 0xc00cbbf6d0}, 0xc00cb59e00, 0xc00ce171f0, {0xf96400, 0xc00ce01c00})
/go/builds/scanner/plugin/vulnerabilities/active_check/match_response_attack.go:50 +0x13f
gitlab.com/browserker/scanner/plugin/vulnerabilities.(*ActiveCheck).RunAttacks.func1()
/go/builds/scanner/plugin/vulnerabilities/active_check.go:133 +0x107
gitlab.com/browserker/scanner/command.(*RelatedTasks).Run.func1()
/go/builds/scanner/command/related_tasks.go:76 +0x56
created by gitlab.com/browserker/scanner/command.(*RelatedTasks).Run in goroutine 533
/go/builds/scanner/command/related_tasks.go:73 +0xabSteps to reproduce
N/A
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com