Merge pull request #25 from thc202/rm-api-key-methods

Do not require to set the API key in each call

Author: kingthorin

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/ActiveScanSubtreeTask.java

@@ -28,7 +28,7 @@ public class ActiveScanSubtreeTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().ascan.scan(null, url, "true", "false", "", "", "");
+			this.getClientApi().ascan.scan(url, "true", "false", "", "", "");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/ActiveScanUrlTask.java

@@ -28,7 +28,7 @@ public class ActiveScanUrlTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().ascan.scan(null, url, "false", "false", "", "", "");
+			this.getClientApi().ascan.scan(url, "false", "false", "", "", "");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/LoadSessionTask.java

@@ -28,7 +28,7 @@ public class LoadSessionTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.loadSession(null, name);
+			this.getClientApi().core.loadSession(name);
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/NewSessionTask.java

@@ -28,7 +28,7 @@ public class NewSessionTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.newSession(null, name, "true");
+			this.getClientApi().core.newSession(name, "true");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/SaveSessionTask.java

@@ -28,7 +28,7 @@ public class SaveSessionTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.saveSession(null, name, "true");
+			this.getClientApi().core.saveSession(name, "true");
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/SpiderUrlTask.java

@@ -28,7 +28,7 @@ public class SpiderUrlTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().spider.scan(null, url, "", "", null, null);
+			this.getClientApi().spider.scan(url, "", "", null, null);
 
 		} catch (Exception e) {
 			throw new BuildException(e);

subprojects/zap-clientapi-ant/src/main/java/org/zaproxy/clientapi/ant/StopZapTask.java

@@ -26,7 +26,7 @@ public class StopZapTask extends ZapTask {
 	@Override
 	public void execute() throws BuildException {
 		try {
-			this.getClientApi().core.shutdown(null);
+			this.getClientApi().core.shutdown();
 		} catch (Exception e) {
 			throw new BuildException(e);
 		}

subprojects/zap-clientapi/src/examples/java/org/zaproxy/clientapi/examples/SimpleExample.java

@@ -43,7 +43,7 @@ public static void main(String[] args) {
             // Start spidering the target
             System.out.println("Spider : " + TARGET);
             // It's not necessary to pass the ZAP API key again, already set when creating the ClientApi.
-            ApiResponse resp = api.spider.scan(null, TARGET, null, null, null, null);
+            ApiResponse resp = api.spider.scan(TARGET, null, null, null, null);
             String scanid;
             int progress;
 
@@ -65,7 +65,7 @@ public static void main(String[] args) {
             Thread.sleep(2000);
 
             System.out.println("Active scan : " + TARGET);
-            resp = api.ascan.scan(null, TARGET, "True", "False", null, null, null);
+            resp = api.ascan.scan(TARGET, "True", "False", null, null, null);
 
             // The scan now returns a scan id to support concurrent scanning
             scanid = ((ApiResponseElement) resp).getValue();
@@ -82,7 +82,7 @@ public static void main(String[] args) {
             System.out.println("Active Scan complete");
 
             System.out.println("Alerts:");
-            System.out.println(new String(api.core.xmlreport(null)));
+            System.out.println(new String(api.core.xmlreport()));
 
         } catch (Exception e) {
             System.out.println("Exception : " + e.getMessage());

subprojects/zap-clientapi/src/examples/java/org/zaproxy/clientapi/examples/authentication/FormBasedAuthentication.java

@@ -108,7 +108,7 @@ private static void setLoggedInIndicator(ClientApi clientApi) throws ClientApiEx
 		String contextId = "1";
 
 		// Actually set the logged in indicator
-		clientApi.authentication.setLoggedInIndicator(ZAP_API_KEY, contextId, java.util.regex.Pattern.quote(loggedInIndicator));
+		clientApi.authentication.setLoggedInIndicator(contextId, java.util.regex.Pattern.quote(loggedInIndicator));
 
 		// Check out the logged in indicator that is set
 		System.out.println("Configured logged in indicator regex: "
@@ -130,7 +130,7 @@ private static void setFormBasedAuthenticationForBodgeit(ClientApi clientApi) th
 
 		System.out.println("Setting form based authentication configuration as: "
 				+ formBasedConfig.toString());
-		clientApi.authentication.setAuthenticationMethod(ZAP_API_KEY, contextId, "formBasedAuthentication",
+		clientApi.authentication.setAuthenticationMethod(contextId, "formBasedAuthentication",
 				formBasedConfig.toString());
 
 		// Check if everything is set up ok
@@ -146,7 +146,7 @@ private static void setUserAuthConfigForBodgeit(ClientApi clientApi) throws Clie
 		String password = "weakPassword";
 
 		// Make sure we have at least one user
-		String userId = extractUserId(clientApi.users.newUser(ZAP_API_KEY, contextId, user));
+		String userId = extractUserId(clientApi.users.newUser(contextId, user));
 
 		// Prepare the configuration in a format similar to how URL parameters are formed. This
 		// means that any value we add for the configuration values has to be URL encoded.
@@ -155,7 +155,7 @@ private static void setUserAuthConfigForBodgeit(ClientApi clientApi) throws Clie
 		userAuthConfig.append("&password=").append(URLEncoder.encode(password, "UTF-8"));
 
 		System.out.println("Setting user authentication configuration as: " + userAuthConfig.toString());
-		clientApi.users.setAuthenticationCredentials(ZAP_API_KEY, contextId, userId, userAuthConfig.toString());
+		clientApi.users.setAuthenticationCredentials(contextId, userId, userAuthConfig.toString());
 
 		// Check if everything is set up ok
 		System.out.println("Authentication config: " + clientApi.users.getUserById(contextId, userId).toString(0));
@@ -172,7 +172,7 @@ private static String extractUserId(ApiResponse response) {
 	 * @throws Exception if an error occurred while accessing the API
 	 */
 	public static void main(String[] args) throws Exception {
-		ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT);
+		ClientApi clientApi = new ClientApi(ZAP_ADDRESS, ZAP_PORT, ZAP_API_KEY);
 
 		listAuthInformation(clientApi);
 		System.out.println("-------------");

subprojects/zap-clientapi/src/main/java/org/zaproxy/clientapi/core/ClientApi.java

@@ -416,14 +416,48 @@ private static String encodeQueryParam(String param) {
         return param;
     }
 
+    /**
+     * Adds the given regular expression to the exclusion list of the given context.
+     *
+     * @param apikey the API key, might be {@code null}.
+     * @param contextName the name of the context.
+     * @param regex the regular expression to add.
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link Context#excludeFromContext(String, String)} instead.
+     * @see #context
+     */
+    @Deprecated
     public void addExcludeFromContext(String apikey, String contextName, String regex) throws Exception {
         context.excludeFromContext(apikey, contextName, regex);
     }
 
+    /**
+     * Adds the given regular expression to the inclusion list of the given context.
+     *
+     * @param apikey the API key, might be {@code null}.
+     * @param contextName the name of the context.
+     * @param regex the regular expression to add.
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link Context#includeInContext(String, String)} instead.
+     * @see #context
+     */
+    @Deprecated
     public void addIncludeInContext(String apikey, String contextName, String regex) throws Exception {
         context.includeInContext(apikey, contextName, regex);
     }
 
+    /**
+     * Includes just one of the nodes that match the given regular expression in the context with the given name.
+     * <p>
+     * Nodes that do not match the regular expression are excluded.
+     *
+     * @param apikey the API key, might be {@code null}.
+     * @param contextName the name of the context.
+     * @param regex the regular expression to match the node/URL.
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link #includeOneMatchingNodeInContext(String, String)} instead.
+     */
+    @Deprecated
     public void includeOneMatchingNodeInContext(String apikey, String contextName, String regex) throws Exception {
         List<String> sessionUrls = getSessionUrls();
         boolean foundOneMatch = false;
@@ -442,6 +476,32 @@ public void includeOneMatchingNodeInContext(String apikey, String contextName, S
 
     }
 
+    /**
+     * Includes just one of the nodes that match the given regular expression in the context with the given name.
+     * <p>
+     * Nodes that do not match the regular expression are excluded.
+     *
+     * @param contextName the name of the context.
+     * @param regex the regular expression to match the node/URL.
+     * @throws Exception if an error occurred while calling the API.
+     */
+    public void includeOneMatchingNodeInContext(String contextName, String regex) throws Exception {
+        List<String> sessionUrls = getSessionUrls();
+        boolean foundOneMatch = false;
+        for (String sessionUrl : sessionUrls) {
+            if (sessionUrl.matches(regex)) {
+                if (foundOneMatch) {
+                    context.excludeFromContext(contextName, regex);
+                } else {
+                    foundOneMatch = true;
+                }
+            }
+        }
+        if (!foundOneMatch) {
+            throw new Exception("Unexpected result: No url found in site tree matching regex " + regex);
+        }
+    }
+
     private List<String> getSessionUrls() throws Exception {
         List<String> sessionUrls = new ArrayList<>();
         ApiResponse response = core.urls();
@@ -456,15 +516,45 @@ private List<String> getSessionUrls() throws Exception {
         return sessionUrls;
     }
 
+    /**
+     * Active scans the given site, that's in scope.
+     * <p>
+     * The method returns only after the scan has finished.
+     * 
+     * @param apikey the API key, might be {@code null}.
+     * @param url the site to scan
+     * @throws Exception if an error occurred while calling the API.
+     * @deprecated (TODO add version) Use {@link #activeScanSiteInScope(String)} instead, the API key should be set using one of
+     *             the {@code ClientApi} constructors.
+     */
+    @Deprecated
     public void activeScanSiteInScope(String apikey, String url) throws Exception {
         ascan.scan(apikey, url, "true", "true", "", "", "");
+        waitForAScanToFinish(url);
+    }
+
+    /**
+     * Active scans the given site, that's in scope.
+     * <p>
+     * The method returns only after the scan has finished.
+     *
+     * @param url the site to scan
+     * @throws Exception if an error occurred while calling the API.
+     * @since TODO add version
+     */
+    public void activeScanSiteInScope(String url) throws Exception {
+        ascan.scan(url, "true", "true", "", "", "");
+        waitForAScanToFinish(url);
+    }
+
+    private void waitForAScanToFinish(String targetUrl) throws ClientApiException {
         // Poll until spider finished
         int status = 0;
         while ( status < 100) {
             status = statusToInt(ascan.status(""));
             if(debug){
                 String format = "Scanning %s Progress: %d%%";
-                System.out.println(String.format(format, url, status));
+                System.out.println(String.format(format, targetUrl, status));
             }try {
                 Thread.sleep(1000);
             } catch (InterruptedException e) {