added API key support

SUSE · Sep 7, 2015 · 25a5213 · 25a5213
1 parent 05b610b
commit 25a5213
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/lib/owasp_zap.rb b/lib/owasp_zap.rb
@@ -19,12 +19,13 @@ class ZapException < Exception;end
 
     class Zap
        attr_accessor :target,:base, :zap_bin
-
+       attr_reader :api_key
        def initialize(params = {})
             #TODO
             # handle params
             @base = params[:base] || "http://127.0.0.1:8080"
             @target = params[:target]
+            @api_key = params[:api_key]
             @zap_bin = params [:zap] || "#{ENV['HOME']}/ZAP/zap.sh"
             @output = params[:output] || $stdout #default we log everything to the stdout
         end
@@ -62,7 +63,7 @@ def policy
         def alerts
             Zap::Alert.new(:base=>@base,:target=>@target)
         end
-        
+
         def scanner
             Zap::Scanner.new(:base=>@base)
         end
@@ -77,23 +78,25 @@ def spider
         end
 
         def auth
-            Zap::Auth.new(:base=>@base) 
+            Zap::Auth.new(:base=>@base)
         end
 
         # TODO
         # DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter
         def start(params = {})
-            cmd_line = if params.key? :daemon
-                "#{@zap_bin} -daemon"
-            else
-                @zap_bin
+            cmd_line = "#{@zap_bin}"
+            case
+            when params.key?(:daemon)
+              cmd_line += " -daemon"
+            when params.key?(:api_key)
+              cmd_line += " -config api.key=#{@api_key}"
             end
             fork do
                # if you passed :output=>"file.txt" to the constructor, then it will send the forked process output
                # to this file (that means, ZAP stdout)
                unless @output == $stdout
                 STDOUT.reopen(File.open(@output, 'w+'))
-                STDOUT.sync = true 
+                STDOUT.sync = true
                end
                exec cmd_line
             end
@@ -105,11 +108,11 @@ def shutdown
         end
 
         #xml report
-        #maybe it should be refactored to alert. 
+        #maybe it should be refactored to alert.
         def xml_report
             RestClient::get "#{@base}/OTHER/core/other/xmlreport/"
         end
-        
+
         def html_report
             RestClient::get "#{@base}/OTHER/core/other/htmlreport/"
         end