pscanrules: Improve version detection in Server Header Info Leak rule (10036)

[LakshmiSHR]

Enhancement: Improve detection of version information in HTTP Server header

This PR is related to Issue zaproxy/zaproxy#9160 by enhancing the version-detection logic in ServerHeaderInfoLeakScanRule.

Key Improvements:

• Replaced weak version check (.*\d.*) with stricter regex: \d+\.\d+(?:\.\d+)?
  • Now accurately detects version-like patterns (e.g., 2.4, 1.8.0, 2.4.49)
• Changed matches() to find() to correctly identify versions inside strings such as:
  • Apache/2.4.49 (Unix)
  • nginx/1.21.6
• Preserved existing behavior:
  • At LOW threshold → still alerts for presence of Server header
  • Raises version-leak alert only when version information is present

---

Let me know if further expansion is needed (e.g., detecting more header types or enhancing severity levels).

Thank you!

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[LakshmiSHR]

i have read the CLA Document and I hereby sign the CLA

[kingthorin]

The CHANGELOG.md should also be updated. Add a bullet under the "Unreleased" header, you can check older entries for inspiration.

It might also be worth adding/updating unit tests.

[psiinon]

Checkmarx One – Scan Summary & Details – 29470b26-d75f-4b21-8bd5-2cd00fed500e

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2025-13466	Npm-body-parser-1.20.3

---

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

[LakshmiSHR]

@Checkmarx These scan issues are related to workflow configuration files (codeql.yml),
which I did not modify. My changes are only in the Java code and CHANGELOG.md.
Please let me know if any action is required from my side.

[kingthorin]

You can ignore the Checkmarx report. Thanks for your diligence though.

[thc202]

The build is failing and it's missing a unit test for the change done.

[thc202]

@LakshmiSHR do you still plan to work on this?

Build failing, test(s) requested