Support to set multiple "scanners.zap.apiScan.apis.apiUrl"s in the config file

[lunarwhite]

Background

Currently in the RapiDAST configuration file, it seems that scanners.zap.apiScan.apis.apiUrl only support single value:

config:
  configVersion: 4

# `application` contains data related to the application, not to the scans.
application:
  shortName: "APP_SHORT_NAME"
  url: "https://kubernetes.default.svc" # to be replaced with your cluster API server URL
...
scanners:
  zap:
    # define a scan through the ZAP scanner
    apiScan:
      apis:
        apiUrl: "https://MY_ENDPONIT/openapi/v3/apis/MY_CRD/v2" # to be replaced with your API group information
...

I'm wondering if we could set multiple apiUrls in one config file. In some scenarios, users may want to scan multiple API groups. If there are no differences except for the scanners.zap.apiScan.apis.apiUrl field, they may need to create and apply multiple files repeatedly.

Possible solutions

Not quite familiar with the codebase, one possible way may be to convert the schema to an array:

...
scanners:
  zap:
    apiScan:
      apis:
        apiUrl: 
        - "https://MY_ENDPONIT_1/openapi/v3/apis/MY_CRD_1/v2"
        - "https://MY_ENDPONIT_1/openapi/v3/apis/MY_CRD_2/v2"
        - "https://MY_ENDPONIT_2/openapi/v3/apis/MY_CRD_3/v2"
        -  ...
...

It would be nice to have this kind of feature. Alternatively, is there any suggested workaround?

[jeremychoi]

Thanks for raising the issue. That will be a surely useful addition but our bandwidth is a bit limited at this moment. Will update later.