From b588098c3aae37d3c305187a27c176231f739d02 Mon Sep 17 00:00:00 2001
From: Victor Pereira <vpereira@suse.de>
Date: Mon, 7 Sep 2015 13:34:18 +0200
Subject: [PATCH] as default we are disabling API KEY

---
 lib/owasp_zap.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/owasp_zap.rb b/lib/owasp_zap.rb
index a9642fb..64db466 100644
--- a/lib/owasp_zap.rb
+++ b/lib/owasp_zap.rb
@@ -84,12 +84,18 @@ def auth
         # TODO
         # DOCUMENT the step necessary: install ZAP under $home/ZAP or should be passed to new as :zap parameter
         def start(params = {})
+            # default we are disabling api key
+            params = {api_key:false}.merge(params)
             cmd_line = "#{@zap_bin}"
             case
             when params.key?(:daemon)
               cmd_line += " -daemon"
             when params.key?(:api_key)
-              cmd_line += " -config api.key=#{@api_key}"
+              cmd_line += if params[:api_key] == true
+                " -config api.key=#{@api_key}"
+              else
+                " -config api.disablekey=true"
+              end
             end
             fork do
                # if you passed :output=>"file.txt" to the constructor, then it will send the forked process output