test context

.github/workflows/zap-scan.yml

@@ -16,12 +16,14 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-
+      - name: install requests
+        run: pip install requests
+
       - name: OWASP ZAP Baseline Scan
         continue-on-error: true
         uses: zaproxy/action-baseline@v0.7.0
         with:
-          target: "https://d4m0mp24tl7ig.cloudfront.net/"
+          target: "https://mdctmcrval.cms.gov/"
           cmd_options: -U "internaluser@test.com" -n /zap/wrk/eval-context.json
       - name: Cat output
         run: | 

authentication.py

@@ -0,0 +1,41 @@
+import requests
+
+# AWS Cognito configuration
+cognito_domain = 'g2cjr8hzv8.execute-api.us-east-1.amazonaws.com'
+client_id = '27m4fubn23111ud58hkouieqb9'
+username = 'internaluser@test.com'
+password = 'PB74y*MfPFNT'
+
+# Perform authentication
+session = requests.Session()
+
+# Step 1: Initiate authentication by requesting the login page
+login_url = f'https://{cognito_domain}/login'
+response = session.get(login_url)
+
+# Step 2: Extract the required form parameters from the login response
+csrf_token = response.cookies['XSRF-TOKEN']
+form_action = response.text.split('form action="')[1].split('"')[0]
+
+# Step 3: Construct the login request payload
+login_payload = {
+    'username': username,
+    'password': password,
+    'csrfToken': csrf_token
+}
+
+# Step 4: Submit the login request
+login_request_url = f'https://{cognito_domain}{form_action}'
+response = session.post(login_request_url, data=login_payload, allow_redirects=False)
+
+# Step 5: Extract the Cognito ID token from the response
+id_token = response.cookies['cognito-id-token']
+
+# Print the Cognito ID token (you can store it for subsequent requests)
+print("Cognito ID token:", id_token)
+
+# Now you can use the session object to make authenticated requests to URLs behind AWS Cognito
+# For example:
+protected_url = 'https://mdctmcrval.cms.gov/'
+response = session.get(protected_url)
+print(response.text)

eval-context.json

@@ -1,15 +1,14 @@
-[{
-	"contextName": "MyContext",
-	"includeRegexes": ["^https?://mdctmcrval.cms.gov/"],
-	"excludeRegexes": [],
-	"authentication": {
-		"method": "formBasedAuthentication",
-		"loginUrl": "https://cognito-idp.us-east-1.amazonaws.com",
-		"loginRequestData": "username=internaluser@test.com&password=PB74y*MfPFNT",
-		"loginRequestType": "POST",
-		"loginRequestHeaders": {
-			"Content-Type": "application/x-www-form-urlencoded"
-		},
-		"loginRequestCookies": []
-	}
-}]
+[
+  {
+    "contextName": "MyContext",
+    "includeRegexes": ["^https?://mdctmcrval.cms.gov/"],
+    "excludeRegexes": [],
+    "authentication": {
+      "method": "scriptBasedAuthentication",
+      "script": {
+        "type": "python",
+        "file": "authentication.py"
+      }
+    }
+  }
+]