Draft: Establish DAST variable single source of truth

What does this MR do and why?

This MR:

• expands a short list of DAST CI/CD variables (dast_variables.js) into a longer list (dast_additional_variables.js) along with (dast_variables_metadata.json)
  • this list is used on the frontend to populate the Variable dropdown in the Add DAST variable modal
• replaces the manually-written DAST variable tables in the documentation with automatically-generated tables using the same data from dast_variables_metadata.json

Why? This establishes a single source of truth for the list of available CI/CD variables that users can configure to modify DAST scanning behavior, and it should prevent the need to update one thing in many places in the future.

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

• issue: #509057
• epic: &16057
• existing manually-written DAST variable tables in the documentation:
  • https://docs.gitlab.com/ee/user/application_security/dast/browser/configuration/variables.html
  • https://docs.gitlab.com/ee/user/application_security/dast/browser/configuration/authentication.html#available-cicd-variables

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After
Screen_Recording_2024-12-18_at_20.12.48	Screen_Recording_2024-12-20_at_14.15.29

How to set up and validate locally

frontend

1. check out the branch and enable the feature flag:

   git checkout 509057-add-more-dast-variable-options
   echo "Feature.enable(:dast_ui_additional_variables)" | gdk rails c

2. create a new site profile (http://gdk.test:3000/flightjs/Flight/-/security/configuration/profile_library/dast_site_profiles/new) or scanner profile (http://gdk.test:3000/flightjs/Flight/-/security/configuration/profile_library/dast_scanner_profiles/new)
3. add Additional variables to it
4. check to see that all of the documented variables are listed in the dropdown

documentation / tooling

1. add a variable to ee/app/assets/javascripts/security_configuration/dast_profiles/dast_variables_metadata.json
2. run the new check_docs rake task:

   bundle exec rake gitlab:dast_variables:check_docs

   ... it should respond with a warning:

   ##########
   #
   # 
         DAST variables documentation is outdated!
         Please update it by running `bundle exec rake gitlab:dast_variables:compile_docs`.
       
   #
   ##########

3. run the new compile_docs rake task:

   bundle exec rake gitlab:dast_variables:compile_docs

   ... and you should see your changes reflected in doc/user/application_security/dast/browser/configuration/variables.md