Add active and passive profiles

This MR adds active and passive profiles for on-demand DAST API scans

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78492
EE: true

ee/app/models/dast_scanner_profile.rb

@@ -25,18 +25,22 @@ class DastScannerProfile < ApplicationRecord
     []
   end
 
-  def ci_variables
+  def ci_variables(dast_site_profile: nil)
     ::Gitlab::Ci::Variables::Collection.new.tap do |variables|
       variables.append(key: 'DAST_SPIDER_MINS', value: String(spider_timeout)) if spider_timeout
       variables.append(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(target_timeout)) if target_timeout
-      variables.append(key: 'DAST_FULL_SCAN_ENABLED', value: String(full_scan_enabled?))
       variables.append(key: 'DAST_USE_AJAX_SPIDER', value: String(use_ajax_spider))
       variables.append(key: 'DAST_DEBUG', value: String(show_debug_messages))
-    end
-  end
+      variables.append(key: 'DAST_FULL_SCAN_ENABLED', value: String(active?))
 
-  def full_scan_enabled?
-    scan_type == 'active'
+      next unless dast_site_profile&.api?
+
+      if active?
+        variables.append(key: 'DAST_API_PROFILE', value: 'Quick-Active')
+      else
+        variables.append(key: 'DAST_API_PROFILE', value: 'Quick')
+      end
+    end
   end
 
   def referenced_in_security_policies

ee/app/models/ee/ci/build.rb

@@ -198,13 +198,13 @@ module EE
         ::Gitlab::Ci::Variables::Collection.new.tap do |collection|
           break collection unless (dast_configuration = options[:dast_configuration])
 
-          if dast_configuration[:site_profile] && dast_site_profile
+          if (site_profile = dast_configuration[:site_profile] && dast_site_profile)
             collection.concat(dast_site_profile.ci_variables)
             collection.concat(dast_site_profile.secret_ci_variables(user))
           end
 
           if dast_configuration[:scanner_profile] && dast_scanner_profile
-            collection.concat(dast_scanner_profile.ci_variables)
+            collection.concat(dast_scanner_profile.ci_variables(dast_site_profile: site_profile))
           end
         end
       end

ee/app/services/app_sec/dast/scan_configs/build_service.rb

@@ -24,7 +24,7 @@ module AppSec
         private
 
         def active_scan_allowed?
-          return true unless dast_scanner_profile&.full_scan_enabled?
+          return true unless dast_scanner_profile&.active?
 
           url_base = DastSiteValidation.get_normalized_url_base(dast_site&.url)
 

ee/spec/models/ci/build_spec.rb

@@ -207,6 +207,20 @@ RSpec.describe Ci::Build, :saas do
 
               subject
             end
+
+            context 'when dast_site_profile target_type is website' do
+              it_behaves_like 'it includes variables' do
+                let(:expected_variables) { dast_scanner_profile.ci_variables(dast_site_profile: dast_site_profile) }
+              end
+            end
+
+            context 'when dast_site_profile target_type is api' do
+              let_it_be(:dast_site_profile) { create(:dast_site_profile, project: project, target_type: 'api') }
+
+              it_behaves_like 'it includes variables' do
+                let(:expected_variables) { dast_scanner_profile.ci_variables(dast_site_profile: dast_site_profile) }
+              end
+            end
           end
         end
       end

ee/spec/models/dast_scanner_profile_spec.rb

@@ -55,13 +55,15 @@ RSpec.describe DastScannerProfile, type: :model do
   end
 
   describe '#ci_variables' do
-    let(:collection) { subject.ci_variables }
+    let(:target_type) { 'website' }
+    let(:dast_site_profile) { build(:dast_site_profile, target_type: target_type) }
+    let(:collection) { subject.ci_variables(dast_site_profile: dast_site_profile) }
 
     it 'returns a collection of variables' do
       expected_variables = [
-        { key: 'DAST_FULL_SCAN_ENABLED', value: 'false', public: true, masked: false },
         { key: 'DAST_USE_AJAX_SPIDER', value: 'false', public: true, masked: false },
-        { key: 'DAST_DEBUG', value: 'false', public: true, masked: false }
+        { key: 'DAST_DEBUG', value: 'false', public: true, masked: false },
+        { key: 'DAST_FULL_SCAN_ENABLED', value: 'false', public: true, masked: false }
       ]
 
       expect(collection.to_runner_variables).to eq(expected_variables)
@@ -75,19 +77,36 @@ RSpec.describe DastScannerProfile, type: :model do
         expect(collection).to include(key: 'DAST_TARGET_AVAILABILITY_TIMEOUT', value: String(subject.target_timeout), public: true)
       end
     end
-  end
 
-  describe 'full_scan_enabled?' do
-    describe 'when is active scan' do
-      subject { create(:dast_scanner_profile, scan_type: :active).full_scan_enabled? }
+    context 'when the scan_type is active' do
+      let(:collection) { subject.ci_variables(dast_site_profile: dast_site_profile) }
+
+      subject { build(:dast_scanner_profile, scan_type: :active) }
 
-      it { is_expected.to eq(true) }
+      it 'returns a collection of variables with the passive profile', :aggregate_failures do
+        expect(collection).to include(key: 'DAST_FULL_SCAN_ENABLED', value: 'true')
+      end
     end
 
-    describe 'when is passive scan' do
-      subject { create(:dast_scanner_profile, scan_type: :passive).full_scan_enabled? }
+    context 'when the target_type is api' do
+      let(:target_type) { 'api' }
+      let(:collection) { subject.ci_variables(dast_site_profile: dast_site_profile) }
+
+      context 'when the scan_type is active' do
+        subject { build(:dast_scanner_profile, scan_type: :active) }
 
-      it { is_expected.to eq(false) }
+        it 'returns a collection of variables with the passive profile', :aggregate_failures do
+          expect(collection).to include(key: 'DAST_API_PROFILE', value: 'Quick-Active')
+        end
+      end
+
+      context 'when the scan_type is passive' do
+        subject { build(:dast_scanner_profile, scan_type: :passive) }
+
+        it 'returns a collection of variables with the passive profile', :aggregate_failures do
+          expect(collection).to include(key: 'DAST_API_PROFILE', value: 'Quick')
+        end
+      end
     end
   end
 

ee/spec/services/app_sec/dast/scan_configs/build_service_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe AppSec::Dast::ScanConfigs::BuildService do
   let(:dast_password_field) { dast_site_profile.auth_password_field }
   let(:dast_spider_mins) { dast_scanner_profile.spider_timeout }
   let(:dast_target_availability_timeout) { dast_scanner_profile.target_timeout }
-  let(:dast_full_scan_enabled) { dast_scanner_profile.full_scan_enabled? }
+  let(:dast_full_scan_enabled) { dast_scanner_profile.active? }
   let(:dast_use_ajax_spider) { dast_scanner_profile.use_ajax_spider? }
   let(:dast_debug) { dast_scanner_profile.show_debug_messages? }
   let(:on_demand_scan_template) { 'Security/DAST-On-Demand-Scan.gitlab-ci.yml' }

ee/spec/services/app_sec/dast/scans/run_service_spec.rb

@@ -128,7 +128,7 @@ RSpec.describe AppSec::Dast::Scans::RunService do
             masked: false
           }, {
             key: 'DAST_FULL_SCAN_ENABLED',
-            value: String(dast_scanner_profile.full_scan_enabled?),
+            value: String(dast_scanner_profile.active?),
             public: true,
             masked: false
           }, {

ee/spec/services/ci/create_pipeline_service/dast_configuration_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Ci::CreatePipelineService do
 
   let(:dast_variables) do
     dast_site_profile.ci_variables
-      .concat(dast_scanner_profile.ci_variables)
+      .concat(dast_scanner_profile.ci_variables(dast_site_profile: dast_site_profile))
       .to_runner_variables
   end