Excluded scan rules are not skipped during DAST scan.

Summary

zap scan rules that are added to excluded list are not skipped during the DAST scan.

Steps to reproduce

1. Add the scan rules that needs to be excluded to the env.list file.

DAST_USERNAME=root
DAST_USERNAME_FIELD=user[login]
DAST_PASSWORD=*****
DAST_PASSWORD_FIELD=user[password]
DAST_FULL_SCAN_ENABLED=true
DAST_WEBSITE=http://172.17.0.2
DAST_AUTH_URL=http://172.17.0.2/users/sign_in
DAST_EXCLUDE_RULES=40029,10032,10033,10047,10061,10104,40019,40020,40021,40024,40025,40027,90001,90002
DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED=false

2. Launch the DAST scan

run \
  --interactive --tty --rm \
  --volume $(pwd)/wrk:/output \
  --env-file env.list \
  registry.gitlab.com/gitlab-org/security-products/dast:${VERSION:-latest} /analyze

What is the current bug behavior?

Rules configured to be excluded are not excluded from DAST run.

What is the expected correct behavior?

Rules configured to be excluded should be skipped from DAST scan.

Relevant logs and/or screenshots

....
2020-05-11 09:54:30,305 Script params: [('-t', 'http://172.17.0.2'), ('-J', 'gl-dast-report.json'), 
('-z', '-config globalalertfilter.filters.filter(0).ruleid=40029 .....
...
[zap.out] 264 [main] INFO org.parosproxy.paros.common.AbstractParam  - 
Setting config globalalertfilter.filters.filter(0).ruleid = 40029 was null
...
[zap.out] 1253358 [Thread-11] INFO org.parosproxy.paros.core.scanner.HostProcess  - 
start host http://172.17.0.2 | TraceAxdScanner strength MEDIUM threshold MEDIUM
...
[zap.out] 1260167 [Thread-11] INFO org.parosproxy.paros.core.scanner.HostProcess  - 
completed host/plugin http://172.17.0.2 | TraceAxdScanner in 6.809s with 54 message(s) sent and 0 alert(s) raised.
..
PASS: Trace.axd Information Leak [40029]