Do not require to set the API key in each call

Change API implementations to not require to set/use the API key in each
API call (e.g. action/other) as that's already done by the ClientApi
class. The old methods (the ones that have the apiKey parameter) are now
in a separate class, to avoid the generated code to replace them, they
are still required for compatibility with older versions. The usage of
the old methods is discouraged (deprecated) and suggested to use the new
ClientApi constructors to set the API key.
Remove usage of the old methods throughout the code (ClientApi,
ClientApiMain, examples, and Ant tasks).

Author: thc202

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/ActiveScanSubtreeTask.java

@@ -28,7 +28,7 @@ public class ActiveScanSubtreeTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().ascan.scan(null, url, "true", "false", "", "", "");
+			this.getClientApi().ascan.scan(url, "true", "false", "", "", "");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/ActiveScanUrlTask.java

@@ -28,7 +28,7 @@ public class ActiveScanUrlTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().ascan.scan(null, url, "false", "false", "", "", "");
+			this.getClientApi().ascan.scan(url, "false", "false", "", "", "");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/LoadSessionTask.java

@@ -28,7 +28,7 @@ public class LoadSessionTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.loadSession(null, name);
+			this.getClientApi().core.loadSession(name);
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/NewSessionTask.java

@@ -28,7 +28,7 @@ public class NewSessionTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.newSession(null, name, "true");
+			this.getClientApi().core.newSession(name, "true");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/SaveSessionTask.java

@@ -28,7 +28,7 @@ public class SaveSessionTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.saveSession(null, name, "true");
+			this.getClientApi().core.saveSession(name, "true");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/SpiderUrlTask.java

@@ -28,7 +28,7 @@ public class SpiderUrlTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().spider.scan(null, url, "", "", null, null);
+			this.getClientApi().spider.scan(url, "", "", null, null);
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/StopZapTask.java

@@ -26,7 +26,7 @@ public class StopZapTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.shutdown(null);
+			this.getClientApi().core.shutdown();
 		} catch (Exception e) {
 			throw new BuildException(e);
 		}

subprojects/zap-clientapi/src/examples/java/org/zaproxy/clientapi/examples/SimpleExample.java

@@ -43,7 +43,7 @@ public static void main(String[] args) {
             // Start spidering the target
             System.out.println("Spider : " + TARGET);
             // It's not necessary to pass the ZAP API key again, already set when creating the ClientApi.
-            ApiResponse resp = api.spider.scan(null, TARGET, null, null, null, null);
+            ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
             String scanid;
             int progress;
 
@@ -65,7 +65,7 @@ public static void main(String[] args) {
             Thread.sleep(2000);
 
             System.out.println("Active scan : " + TARGET);
-            resp = api.ascan.scan(null, TARGET, "True", "False", null, null, null);
+            resp = api.ascan.scan(TARGET, "True", "False", null, null, null);
 
             // The scan now returns a scan id to support concurrent scanning
             scanid = ((ApiResponseElement) resp).getValue();
@@ -82,7 +82,7 @@ public static void main(String[] args) {
             System.out.println("Active Scan complete");
 
             System.out.println("Alerts:");
-            System.out.println(new String(api.core.xmlreport(null)));
+            System.out.println(new String(api.core.xmlreport()));
 
         } catch (Exception e) {
             System.out.println("Exception : " + e.getMessage());

subprojects/zap-clientapi/src/examples/java/org/zaproxy/clientapi/examples/authentication/FormBasedAuthentication.java

@@ -108,7 +108,7 @@ private static void setLoggedInIndicator(ClientApi clientApi) throws ClientApiEx
 		String contextId = "1";
 
 		// Actually set the logged in indicator
-		clientApi.authentication.setLoggedInIndicator(ZAP_API_KEY, contextId, java.util.regex.Pattern.quote(loggedInIndicator));
+		clientApi.authentication.setLoggedInIndicator(contextId, java.util.regex.Pattern.quote(loggedInIndicator));
 
 		// Check out the logged in indicator that is set
 		System.out.println("Configured logged in indicator regex: "
@@ -130,7 +130,7 @@ private static void setFormBasedAuthenticationForBodgeit(ClientApi clientApi) th
 
 		System.out.println("Setting form based authentication configuration as: "
 				+ formBasedConfig.toString());
-		clientApi.authentication.setAuthenticationMethod(ZAP_API_KEY, contextId, "formBasedAuthentication",
+		clientApi.authentication.setAuthenticationMethod(contextId, "formBasedAuthentication",
 				formBasedConfig.toString());
 
 		// Check if everything is set up ok
@@ -146,7 +146,7 @@ private static void setUserAuthConfigForBodgeit(ClientApi clientApi) throws Clie
 		String password = "weakPassword";
 
 		// Make sure we have at least one user
-		String userId = extractUserId(clientApi.users.newUser(ZAP_API_KEY, contextId, user));
+		String userId = extractUserId(clientApi.users.newUser(contextId, user));
 
 		// Prepare the configuration in a format similar to how URL parameters are formed. This
 		// means that any value we add for the configuration values has to be URL encoded.
@@ -155,7 +155,7 @@ private static void setUserAuthConfigForBodgeit(ClientApi clientApi) throws Clie
 		userAuthConfig.append("&password=").append(URLEncoder.encode(password, "UTF-8"));
 
 		System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
-		clientApi.users.setAuthenticationCredentials(ZAP_API_KEY, contextId, userId, userAuthConfig.toString());
+		clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
 
 		// Check if everything is set up ok
 		System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
@@ -172,7 +172,7 @@ private static String extractUserId(ApiResponse response) {
 	 * @throws Exception if an error occurred while accessing the API
 	 */
 	public static void main(String[] args) throws Exception {
-		ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT);
+		ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
 
 		listAuthInformation(clientApi);
 		System.out.println("-------------");

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java

@@ -416,14 +416,48 @@ private static String encodeQueryParam(String param) {
         return param;
     }
 
+    /**
+     * Adds the given regular expression to the exclusion list of the given context.
+     *
+     * @param apikey the API key, might be {@code null}.
+     * @param contextName the name of the context.
+     * @param regex the regular expression to add.
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link Context#excludeFromContext(String, String)} instead.
+     * @see #context
+     */
+    @Deprecated
     public void addExcludeFromContext(String apikey, String contextName, String regex) throws Exception {
         context.excludeFromContext(apikey, contextName, regex);
     }
 
+    /**
+     * Adds the given regular expression to the inclusion list of the given context.
+     *
+     * @param apikey the API key, might be {@code null}.
+     * @param contextName the name of the context.
+     * @param regex the regular expression to add.
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link Context#includeInContext(String, String)} instead.
+     * @see #context
+     */
+    @Deprecated
     public void addIncludeInContext(String apikey, String contextName, String regex) throws Exception {
         context.includeInContext(apikey, contextName, regex);
     }
 
+    /**
+     * Includes just one of the nodes that match the given regular expression in the context with the given name.
+     * <p>
+     * Nodes that do not match the regular expression are excluded.
+     *
+     * @param apikey the API key, might be {@code null}.
+     * @param contextName the name of the context.
+     * @param regex the regular expression to match the node/URL.
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link #includeOneMatchingNodeInContext(String, String)} instead.
+     */
+    @Deprecated
     public void includeOneMatchingNodeInContext(String apikey, String contextName, String regex) throws Exception {
         List<String> sessionUrls = getSessionUrls();
         boolean foundOneMatch = false;
@@ -442,6 +476,32 @@ public void includeOneMatchingNodeInContext(String apikey, String contextName, S
 
     }
 
+    /**
+     * Includes just one of the nodes that match the given regular expression in the context with the given name.
+     * <p>
+     * Nodes that do not match the regular expression are excluded.
+     *
+     * @param contextName the name of the context.
+     * @param regex the regular expression to match the node/URL.
+     * @throws Exception if an error occurred while calling the API.
+     */
+    public void includeOneMatchingNodeInContext(String contextName, String regex) throws Exception {
+        List<String> sessionUrls = getSessionUrls();
+        boolean foundOneMatch = false;
+        for (String sessionUrl : sessionUrls) {
+            if (sessionUrl.matches(regex)) {
+                if (foundOneMatch) {
+                    context.excludeFromContext(contextName, regex);
+                } else {
+                    foundOneMatch = true;
+                }
+            }
+        }
+        if (!foundOneMatch) {
+            throw new Exception("Unexpected result: No url found in site tree matching regex " + regex);
+        }
+    }
+
     private List<String> getSessionUrls() throws Exception {
         List<String> sessionUrls = new ArrayList<>();
         ApiResponse response = core.urls();
@@ -456,15 +516,45 @@ private List<String> getSessionUrls() throws Exception {
         return sessionUrls;
     }
 
+    /**
+     * Active scans the given site, that's in scope.
+     * <p>
+     * The method returns only after the scan has finished.
+     * 
+     * @param apikey the API key, might be {@code null}.
+     * @param url the site to scan
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link #activeScanSiteInScope(String)} instead, the API key should be set using one of
+     *             the {@code ClientApi} constructors.
+     */
+    @Deprecated
     public void activeScanSiteInScope(String apikey, String url) throws Exception {
         ascan.scan(apikey, url, "true", "true", "", "", "");
+        waitForAScanToFinish(url);
+    }
+
+    /**
+     * Active scans the given site, that's in scope.
+     * <p>
+     * The method returns only after the scan has finished.
+     *
+     * @param url the site to scan
+     * @throws Exception if an error occurred while calling the API.
+     * @since TODO add version
+     */
+    public void activeScanSiteInScope(String url) throws Exception {
+        ascan.scan(url, "true", "true", "", "", "");
+        waitForAScanToFinish(url);
+    }
+
+    private void waitForAScanToFinish(String targetUrl) throws ClientApiException {
         // Poll until spider finished
         int status = 0;
         while ( status < 100) {
             status = statusToInt(ascan.status(""));
             if(debug){
                 String format = "Scanning %s Progress: %d%%";
-                System.out.println(String.format(format, url, status));
+                System.out.println(String.format(format, targetUrl, status));
             }try {
                 Thread.sleep(1000);
             } catch (InterruptedException e) {