### Problem User is encountering `panic: runtime error: index out of range` error when running DAST scanner: ``` 2024-05-07T23:32:25.834 INF MAIN active scan started timeout_in="2h59m59.999s" panic: runtime error: index out of range [-1] goroutine 535 [running]: gitlab.com/browserker/scanner/plugin/vulnerabilities/active_check.(*HeaderValueInjectionLocation).Modify(0xc00ce01c00, {0xf9bf38, 0xc00ce3c000}, {0xf946e0, 0xc00ce0ee40}) /go/builds/scanner/plugin/vulnerabilities/active_check/header_value_injection_location.go:44 +0x505 gitlab.com/browserker/scanner/plugin/vulnerabilities/active_check.(*AttackRequestFactory).Build(0xc00012cda0, {0xf976a0, 0xc00c4e47e0}, 0xc00cb59e00, {0xf96400, 0xc00ce01c00}, {0xf946e0, 0xc00ce0ee40}, {0xf92fd8, 0xc00c4a3fb0}, ...) /go/builds/scanner/plugin/vulnerabilities/active_check/attack_request_factory.go:50 +0x436 gitlab.com/browserker/scanner/plugin/vulnerabilities/active_check.(*MatchResponseAttack).Attack(0xc00c4e47e0, {0xf96808, 0xc00cbbf6d0}, 0xc00cb59e00, 0xc00ce171f0, {0xf96400, 0xc00ce01c00}) /go/builds/scanner/plugin/vulnerabilities/active_check/match_response_attack.go:50 +0x13f gitlab.com/browserker/scanner/plugin/vulnerabilities.(*ActiveCheck).RunAttacks.func1() /go/builds/scanner/plugin/vulnerabilities/active_check.go:133 +0x107 gitlab.com/browserker/scanner/command.(*RelatedTasks).Run.func1() /go/builds/scanner/command/related_tasks.go:76 +0x56 created by gitlab.com/browserker/scanner/command.(*RelatedTasks).Run in goroutine 533 /go/builds/scanner/command/related_tasks.go:73 +0xab ``` ## Analysis The [Header Value Injection](https://gitlab.com/gitlab-org/security-products/analyzers/browserker/-/blob/e255e7586d7965d440d1f0e6426aea9ffd61cc34/scanner/plugin/vulnerabilities/active_check/header_value_injection_location.go) type is responsible for finding header values in a crawled HTTP request. These header values are then replaced by attack payloads during the active check phase of the scan. During the `FindHeaderValueInjectionLocation()`, request `Headers.Each` is called. When there is only one value for the header, the index of the value is `-1`. This -1 value is passed to the `HeaderValueInjectionLocation` as `headerValueIndex`, and during `Modify`, would normally not be a problem because the value index is not used when the attack request also has a single value. The problem occurs when the crawled HTTP request has a single header value (headerValueIndex: -1) and the attack request has more than one header. The index is used to substitute into the header value array, which fails with `error: index out of range`. It is feasible that an attack request header value has a different number of header values to the original request, after all, this could be exactly what the attack is designed to do. Error occurs here: https://gitlab.com/gitlab-org/security-products/analyzers/browserker/-/blob/e255e7586d7965d440d1f0e6426aea9ffd61cc34/scanner/plugin/vulnerabilities/active_check/header_value_injection_location.go#L44 ## Proposal - In `HeaderValueInjectionLocation.Modify`, when `headerValueIndex` is -1, replace the entire header with header.Upsert (assume there is only one header value). - Add a unit test to cover the situation. - Add a changelog entry. - Change `Header.Each` so it doesn't return `-1` when there is a single value, it should return `0`. ## Related issues Similar to [existing issue (fixed)](https://gitlab.com/gitlab-org/gitlab/-/issues/444418 '"panic: runtime error: index out of range" running DAST scanner').