SCAN-1158 - added in multi cookie authentication script

scripts/multi-cookie-auth.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+# Request login (XLOGINID) and session (JSESSIONID) cookies from server
+curl -k  -c  cookie-jar.txt https://localhost:9000/login-code
+# Set local JSESSIONID variable to the JSESSIONID cookie
+JSESSIONID=$(awk 'match($0, /JSESSIONID.*/){print substr($0, RSTART + 11, RLENGTH)}' cookie-jar.txt )
+# Set local XLOGINID variable to the XLOGINID cookie
+XLOGINID=$(awk 'match($0, /XLOGINID.*/){print substr($0, RSTART + 9, RLENGTH)}' cookie-jar.txt)
+# Request page with XLOGINID and JSESSIONID cookies and extract the _csrf token
+CSRF=$(curl -k  -b  cookie-jar.txt \
+    https://localhost:9000/login-form-multi | awk 'match($0,/_csrf".*/) { print substr($0, RSTART+14, RLENGTH -17)}')
+# Log into the mutli cooke endpoint using XLOGINID and JSESSIONID cookies and username/password
+curl -v -k  \
+  -d "_csrf=${CSRF}&loginCode=${XLOGINID}&username=user&password=password&remember=on"  \
+  -b  cookie-jar.txt \
+  -H  "Content-Type: application/x-www-form-urlencoded" \
+  "https://localhost:9000/login-form-multi"
+
+# Run HawkScan injecting local variables as environment variables
+hawk scan -e JSESSIONID=${JSESSIONID} -e XLOGINID=${XLOGINID} ./stackhawk.d/stackhawk-multi-cookie-auth.yml
+

stackhawk.d/stackhawk-multi-cookie-auth.yml

@@ -0,0 +1,26 @@
+app:
+  applicationId: ${APP_ID:test-app}
+  env: ${APP_ENV:Multi Cookie Auth}
+  openApiConf:
+    path: /openapi
+  host: ${HOST:https://localhost:9000}
+  excludePaths:
+    - "/logout"
+    - "/login-form-multi"
+    - "/login-code"
+  authentication:
+    external:
+      values:
+      - type: COOKIE
+        value:
+          name: "XLOGINID"
+          val: ${XLOGINID}
+      - type: COOKIE
+        value:
+          name: "JSESSIONID"
+          val: ${JSESSIONID}
+    testPath:
+      path: /login-multi-check
+      success: ".*200.*"
+    loggedInIndicator: "\\QSign Out\\E"
+    loggedOutIndicator: ".*Location:.*/login.*"