Active check attacks can constrain the injection locations to specific locations

Problem

Certain active checks only make sense for specific injection locations. An example of this is issue https://gitlab.com/gitlab-org/gitlab/-/issues/365418+, which searches for files at the end of the URL path.

Similarly, there will likely end up with many different injection locations. Having every attack use every injection is inefficient compared to them using only the injections most suited to their attack.

Proposal

This issue proposes that an active check attack MUST define a section apply_to_injection_locations.

apply_to_injection_locations:
  - type: "x_www_form_url_encoded_field"
  - type: "request_path"

Only the specified injection types should apply to that attack. The DAST CWE schema should be updated to add the new required field as well as the available injection location types.

Implementation

• Update the schema to add "apply_to_injection_locations" as a required attack field
• Add the available injection location types to the schema
• Update the parser to parse the appropriate injection location constraint (if #367230 (closed) is complete)
  • Validate that the required constraint is present and not empty
• Restrict the attack to only use the injection location present in the definition
• Update all active attacks in DAST CWE checks to set their injection location