Remove target reset to host

Context

Follow-up from gitlab-org/security-products/dast!312 (comment 419909567)

The ZAP scripts reset the provided target to its host. For example, if ZAP is given the target http://vulnerableapp.com/WebGoat/attack, it will reset it to http://vulnerableapp.com before spidering and scanning it

This functionality was migrated to DAST during the ZAP script migration, but it's not clear if it is necessary or desirable.

Proposal

Implement a new environment variable DAST_SPIDER_START_AT_HOST as a boolean configuration option, where true would reset the target to the host and false would start the spider at the specified path. The default option would be true for now, to keep current DAST scans testing with the same context that they currently have.

Implementation plan

Add DAST_SPIDER_START_AT_HOST: gitlab-org/security-products/dast!317 (merged)
Add docs for DAST_SPIDER_START_AT_HOST !45567 (merged)
Create follow-up issue to make DAST_SPIDER_START_AT_HOST default to false in %14.0: #267403 (closed)

Edited Oct 21, 2020 by Avielle Wolfe