Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : ApiV1BotClustersIdPutClusteruserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 405
Headers : {Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmExYzljYjQtMzI3Yy00ZDljLWExMjAtNWJkNzg5NzU5YmQz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}
Endpoint : http://13.56.210.25/api/v1/bot-clusters/
Request :
{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "RLKaBauo",
"live" : "1692590630",
"manual" : false,
"manualScript" : "RLKaBauo",
"max" : "1692590630",
"min" : "1692590630",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "RLKaBauo",
"nodeId" : "RLKaBauo",
"org" : "",
"region" : "RLKaBauo",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}
Response :
{
"timestamp" : "2019-03-20T10:44:27.433+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'PUT' not supported",
"path" : "/api/v1/bot-clusters/"
}
Logs :
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "TJEkqEQG",
"company" : "Kuhn, Kuhn and Kuhn",
"createdBy" : "",
"createdDate" : "",
"description" : "TJEkqEQG",
"id" : "",
"inactive" : false,
"location" : "TJEkqEQG",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "TJEkqEQG",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:23.992+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJmMGY5ZjctYWNkNS00MTM4LWFlNTMtYjVjMzQ1YmI1ODFh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Time [1137]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:24 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJmMGY5ZjctYWNkNS00MTM4LWFlNTMtYjVjMzQ1YmI1ODFh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJmMGY5ZjctYWNkNS00MTM4LWFlNTMtYjVjMzQ1YmI1ODFh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJmMGY5ZjctYWNkNS00MTM4LWFlNTMtYjVjMzQ1YmI1ODFh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJmMGY5ZjctYWNkNS00MTM4LWFlNTMtYjVjMzQ1YmI1ODFh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Pv4srkqH",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Pv4srkqH",
"org" : "",
"prop1" : "Pv4srkqH",
"prop2" : "Pv4srkqH",
"prop3" : "Pv4srkqH",
"region" : "Pv4srkqH",
"secretKey" : "Pv4srkqH",
"version" : ""
}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:24.928+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2RkMzYwNTctZjEzNi00MjYyLWEyNTItNjQzZDM0NjQ5ODdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Time [934]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:24 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2RkMzYwNTctZjEzNi00MjYyLWEyNTItNjQzZDM0NjQ5ODdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2RkMzYwNTctZjEzNi00MjYyLWEyNTItNjQzZDM0NjQ5ODdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2RkMzYwNTctZjEzNi00MjYyLWEyNTItNjQzZDM0NjQ5ODdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:24 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2RkMzYwNTctZjEzNi00MjYyLWEyNTItNjQzZDM0NjQ5ODdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Request [{
"account" : "",
"cloudType" : "AWS",
"createdBy" : "",
"createdDate" : "",
"driver" : "KUBERNETES",
"id" : "",
"inactive" : false,
"key" : "MMUsNON2",
"live" : "1366123163",
"manual" : false,
"manualScript" : "MMUsNON2",
"max" : "1366123163",
"min" : "1366123163",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "MMUsNON2",
"nodeId" : "MMUsNON2",
"org" : "",
"region" : "MMUsNON2",
"status" : "DELETING",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:25.608+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGY4MTM2OWMtZDQ1MC00NWNlLWI1ZTctM2MwNzRmZmQzMWE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Time [677]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1] : Size [749]
2019-03-20 10:44:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGY4MTM2OWMtZDQ1MC00NWNlLWI1ZTctM2MwNzRmZmQzMWE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGY4MTM2OWMtZDQ1MC00NWNlLWI1ZTctM2MwNzRmZmQzMWE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGY4MTM2OWMtZDQ1MC00NWNlLWI1ZTctM2MwNzRmZmQzMWE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGY4MTM2OWMtZDQ1MC00NWNlLWI1ZTctM2MwNzRmZmQzMWE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "4ZGEA0KC",
"company" : "Balistreri and Sons",
"createdBy" : "",
"createdDate" : "",
"description" : "4ZGEA0KC",
"id" : "",
"inactive" : false,
"location" : "4ZGEA0KC",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "4ZGEA0KC",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:26.320+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjU0YjlkZjAtMjE1Ni00YjI4LWI5N2ItZjhjMDllNjgzNzFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Time [474]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:44:26 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjU0YjlkZjAtMjE1Ni00YjI4LWI5N2ItZjhjMDllNjgzNzFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjU0YjlkZjAtMjE1Ni00YjI4LWI5N2ItZjhjMDllNjgzNzFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjU0YjlkZjAtMjE1Ni00YjI4LWI5N2ItZjhjMDllNjgzNzFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjU0YjlkZjAtMjE1Ni00YjI4LWI5N2ItZjhjMDllNjgzNzFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "5kpKFWk4",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5kpKFWk4",
"org" : "",
"prop1" : "5kpKFWk4",
"prop2" : "5kpKFWk4",
"prop3" : "5kpKFWk4",
"region" : "5kpKFWk4",
"secretKey" : "5kpKFWk4",
"version" : ""
}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:26.814+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTUwMDBkMzEtODk4MS00MGE3LWE4MWUtYWEwNDdkMWRiNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Time [490]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:44:26 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTUwMDBkMzEtODk4MS00MGE3LWE4MWUtYWEwNDdkMWRiNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTUwMDBkMzEtODk4MS00MGE3LWE4MWUtYWEwNDdkMWRiNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTUwMDBkMzEtODk4MS00MGE3LWE4MWUtYWEwNDdkMWRiNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTUwMDBkMzEtODk4MS00MGE3LWE4MWUtYWEwNDdkMWRiNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Method [PUT]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Request [{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "RLKaBauo",
"live" : "1692590630",
"manual" : false,
"manualScript" : "RLKaBauo",
"max" : "1692590630",
"min" : "1692590630",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "RLKaBauo",
"nodeId" : "RLKaBauo",
"org" : "",
"region" : "RLKaBauo",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:27.433+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'PUT' not supported",
"path" : "/api/v1/bot-clusters/"
}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmExYzljYjQtMzI3Yy00ZDljLWExMjAtNWJkNzg5NzU5YmQz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : StatusCode [405]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Time [618]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Size [164]
2019-03-20 10:44:27 ERROR [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [405 == 401 OR 405 == 403] result [Failed]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Method [DELETE]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request [null]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:27.938+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/bot-clusters/"
}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2E4YjBjODctODQ4ZC00Y2I5LWFmZjItMmZjN2E2OWMzOTM1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : StatusCode [405]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Time [502]
2019-03-20 10:44:27 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Size [167]
2019-03-20 10:44:27 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:28.552+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDMxMzI2YTUtMzcwNi00MzZlLWFjY2EtYjU2MzdiOTYzY2E2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [613]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:28 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:29.043+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjVhZTBhZDctN2FmYS00M2E1LWFlMWQtMjIyODc4MjFmYzM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [489]
2019-03-20 10:44:29 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:29 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1BotClustersIdPutClusteruserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 405
Headers : {Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTU0ZjkxMDktNDRiZS00YTJmLThlOGQtZGMxNjk3NTNiMDQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:06 GMT]}
Endpoint : http://13.56.210.25/api/v1/bot-clusters/
Request :
{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "k8HxhyBY",
"live" : "623492751",
"manual" : false,
"manualScript" : "k8HxhyBY",
"max" : "623492751",
"min" : "623492751",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "k8HxhyBY",
"nodeId" : "k8HxhyBY",
"org" : "",
"region" : "k8HxhyBY",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}
Response :
{
"timestamp" : "2019-03-20T10:45:06.122+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'PUT' not supported",
"path" : "/api/v1/bot-clusters/"
}
Logs :
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "7hUIH8FQ",
"company" : "Schneider-Schneider",
"createdBy" : "",
"createdDate" : "",
"description" : "7hUIH8FQ",
"id" : "",
"inactive" : false,
"location" : "7hUIH8FQ",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "7hUIH8FQ",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:59.535+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDNlNzNlNjctODdhNC00ZjNiLTk1MjktODIwODk4OWU1MjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Time [871]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:59 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDNlNzNlNjctODdhNC00ZjNiLTk1MjktODIwODk4OWU1MjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDNlNzNlNjctODdhNC00ZjNiLTk1MjktODIwODk4OWU1MjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDNlNzNlNjctODdhNC00ZjNiLTk1MjktODIwODk4OWU1MjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDNlNzNlNjctODdhNC00ZjNiLTk1MjktODIwODk4OWU1MjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "vSl3cTqq",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "vSl3cTqq",
"org" : "",
"prop1" : "vSl3cTqq",
"prop2" : "vSl3cTqq",
"prop3" : "vSl3cTqq",
"region" : "vSl3cTqq",
"secretKey" : "vSl3cTqq",
"version" : ""
}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:00.905+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTNiNWY2MzMtYzhlMS00ZTU0LWEwM2EtMGMxZjBlODEyYjE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Time [1369]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:45:00 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTNiNWY2MzMtYzhlMS00ZTU0LWEwM2EtMGMxZjBlODEyYjE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTNiNWY2MzMtYzhlMS00ZTU0LWEwM2EtMGMxZjBlODEyYjE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTNiNWY2MzMtYzhlMS00ZTU0LWEwM2EtMGMxZjBlODEyYjE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:00 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTNiNWY2MzMtYzhlMS00ZTU0LWEwM2EtMGMxZjBlODEyYjE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Request [{
"account" : "",
"cloudType" : "AWS",
"createdBy" : "",
"createdDate" : "",
"driver" : "KUBERNETES",
"id" : "",
"inactive" : false,
"key" : "X5WcerFp",
"live" : "947905736",
"manual" : false,
"manualScript" : "X5WcerFp",
"max" : "947905736",
"min" : "947905736",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "X5WcerFp",
"nodeId" : "X5WcerFp",
"org" : "",
"region" : "X5WcerFp",
"status" : "DELETING",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:01.866+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDU5MTI4YTQtM2VmZi00NjViLWI1YWMtY2VjY2Y0Mjc4YjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Time [958]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1] : Size [749]
2019-03-20 10:45:01 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDU5MTI4YTQtM2VmZi00NjViLWI1YWMtY2VjY2Y0Mjc4YjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDU5MTI4YTQtM2VmZi00NjViLWI1YWMtY2VjY2Y0Mjc4YjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDU5MTI4YTQtM2VmZi00NjViLWI1YWMtY2VjY2Y0Mjc4YjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDU5MTI4YTQtM2VmZi00NjViLWI1YWMtY2VjY2Y0Mjc4YjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "0CF2NsJC",
"company" : "O'Connell, O'Connell and O'Connell",
"createdBy" : "",
"createdDate" : "",
"description" : "0CF2NsJC",
"id" : "",
"inactive" : false,
"location" : "0CF2NsJC",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "0CF2NsJC",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:03.355+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWJiMmY4NGYtMzEyNC00NTk0LTg2MjktNzFkNTY4OGUzMjc3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:02 GMT]}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Time [1352]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:45:03 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWJiMmY4NGYtMzEyNC00NTk0LTg2MjktNzFkNTY4OGUzMjc3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:02 GMT]}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWJiMmY4NGYtMzEyNC00NTk0LTg2MjktNzFkNTY4OGUzMjc3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:02 GMT]}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWJiMmY4NGYtMzEyNC00NTk0LTg2MjktNzFkNTY4OGUzMjc3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:02 GMT]}]
2019-03-20 10:45:03 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWJiMmY4NGYtMzEyNC00NTk0LTg2MjktNzFkNTY4OGUzMjc3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:02 GMT]}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "sv8dkZmo",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "sv8dkZmo",
"org" : "",
"prop1" : "sv8dkZmo",
"prop2" : "sv8dkZmo",
"prop3" : "sv8dkZmo",
"region" : "sv8dkZmo",
"secretKey" : "sv8dkZmo",
"version" : ""
}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:04.777+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDI1M2Y4MWEtZjc4Ni00ODg1LWE5ODQtYTJmYTQ3MmQ3OTNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Time [1421]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:45:04 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDI1M2Y4MWEtZjc4Ni00ODg1LWE5ODQtYTJmYTQ3MmQ3OTNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDI1M2Y4MWEtZjc4Ni00ODg1LWE5ODQtYTJmYTQ3MmQ3OTNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDI1M2Y4MWEtZjc4Ni00ODg1LWE5ODQtYTJmYTQ3MmQ3OTNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDI1M2Y4MWEtZjc4Ni00ODg1LWE5ODQtYTJmYTQ3MmQ3OTNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Method [PUT]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Request [{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "k8HxhyBY",
"live" : "623492751",
"manual" : false,
"manualScript" : "k8HxhyBY",
"max" : "623492751",
"min" : "623492751",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "k8HxhyBY",
"nodeId" : "k8HxhyBY",
"org" : "",
"region" : "k8HxhyBY",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:06.122+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'PUT' not supported",
"path" : "/api/v1/bot-clusters/"
}]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTU0ZjkxMDktNDRiZS00YTJmLThlOGQtZGMxNjk3NTNiMDQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:06 GMT]}]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : StatusCode [405]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Time [1350]
2019-03-20 10:45:06 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Size [164]
2019-03-20 10:45:06 ERROR [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [405 == 401 OR 405 == 403] result [Failed]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Method [DELETE]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request [null]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:07.857+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/bot-clusters/"
}]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODE3MzNmNDMtNjBkNy00NzJmLWJkMzItMWU1OWJiNjgwMTNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:07 GMT]}]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : StatusCode [405]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Time [1727]
2019-03-20 10:45:07 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Size [167]
2019-03-20 10:45:07 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:09.452+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWFmODI0YWYtNmY0ZC00NGU4LWI2ODUtMjViNWFiZDA3OWJk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:09 GMT]}]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1593]
2019-03-20 10:45:09 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:09 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:11.087+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjNlMGVlN2YtZGJkNS00ZTAyLWIzOTUtZDJhNzZiNjg3ZjI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:10 GMT]}]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1634]
2019-03-20 10:45:11 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:11 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1BotClustersIdPutClusteruserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 405
Headers : {Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzU0ZmJhM2MtZmNkNi00MDA2LTk2NWItMzg4MWY5YzhkZWIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}
Endpoint : http://13.56.210.25/api/v1/bot-clusters/
Request :
{ "account" : "", "cloudType" : "OTHER", "createdBy" : "", "createdDate" : "", "driver" : "MANUAL", "id" : "", "inactive" : false, "key" : "cKAUOJEs", "live" : "2082776746", "manual" : false, "manualScript" : "cKAUOJEs", "max" : "2082776746", "min" : "2082776746", "modifiedBy" : "", "modifiedDate" : "", "name" : "cKAUOJEs", "nodeId" : "cKAUOJEs", "org" : "", "region" : "cKAUOJEs", "status" : "INACTIVE", "version" : "", "visibility" : "PUBLIC" }
Response :
{ "timestamp" : "2019-03-20T10:41:36.554+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'PUT' not supported", "path" : "/api/v1/bot-clusters/" }
Logs :
2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "HYjxw5GF", "company" : "Williamson and Sons", "createdBy" : "", "createdDate" : "", "description" : "HYjxw5GF", "id" : "", "inactive" : false, "location" : "HYjxw5GF", "modifiedBy" : "", "modifiedDate" : "", "name" : "HYjxw5GF", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:33.367+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTlhOWI0ODItODY0MC00MWFlLWE5YzYtNzBhMWJjMjk5ZDdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Time [726] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTlhOWI0ODItODY0MC00MWFlLWE5YzYtNzBhMWJjMjk5ZDdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTlhOWI0ODItODY0MC00MWFlLWE5YzYtNzBhMWJjMjk5ZDdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTlhOWI0ODItODY0MC00MWFlLWE5YzYtNzBhMWJjMjk5ZDdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTlhOWI0ODItODY0MC00MWFlLWE5YzYtNzBhMWJjMjk5ZDdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "x7rgMXD0", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "x7rgMXD0", "org" : "", "prop1" : "x7rgMXD0", "prop2" : "x7rgMXD0", "prop3" : "x7rgMXD0", "region" : "x7rgMXD0", "secretKey" : "x7rgMXD0", "version" : "" }] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:33.840+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGJhMzc1ODEtNjUzNi00ZjhjLTgwM2YtNjFiZTY3MmUzZWQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Time [466] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGJhMzc1ODEtNjUzNi00ZjhjLTgwM2YtNjFiZTY3MmUzZWQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGJhMzc1ODEtNjUzNi00ZjhjLTgwM2YtNjFiZTY3MmUzZWQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGJhMzc1ODEtNjUzNi00ZjhjLTgwM2YtNjFiZTY3MmUzZWQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGJhMzc1ODEtNjUzNi00ZjhjLTgwM2YtNjFiZTY3MmUzZWQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Request [{ "account" : "", "cloudType" : "AWS", "createdBy" : "", "createdDate" : "", "driver" : "KUBERNETES", "id" : "", "inactive" : false, "key" : "SIU3M15n", "live" : "1887646748", "manual" : false, "manualScript" : "SIU3M15n", "max" : "1887646748", "min" : "1887646748", "modifiedBy" : "", "modifiedDate" : "", "name" : "SIU3M15n", "nodeId" : "SIU3M15n", "org" : "", "region" : "SIU3M15n", "status" : "DELETING", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:34.762+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])", "path" : "/api/v1/bot-clusters" }] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA3Y2VjNzAtYTliNi00MDM0LWEwMTctMTg0OWQ2Yzg2NjEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Time [921] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1] : Size [749] 2019-03-20 10:41:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA3Y2VjNzAtYTliNi00MDM0LWEwMTctMTg0OWQ2Yzg2NjEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA3Y2VjNzAtYTliNi00MDM0LWEwMTctMTg0OWQ2Yzg2NjEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA3Y2VjNzAtYTliNi00MDM0LWEwMTctMTg0OWQ2Yzg2NjEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA3Y2VjNzAtYTliNi00MDM0LWEwMTctMTg0OWQ2Yzg2NjEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Request [{ "billingEmail" : "uaTrNEah", "company" : "Ernser-Ernser", "createdBy" : "", "createdDate" : "", "description" : "uaTrNEah", "id" : "", "inactive" : false, "location" : "uaTrNEah", "modifiedBy" : "", "modifiedDate" : "", "name" : "uaTrNEah", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:35.499+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmMyMTgzNDAtOTNlNS00MDRkLWFiZDgtZmRkNTRhNDg5OTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Time [669] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Size [121] 2019-03-20 10:41:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmMyMTgzNDAtOTNlNS00MDRkLWFiZDgtZmRkNTRhNDg5OTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmMyMTgzNDAtOTNlNS00MDRkLWFiZDgtZmRkNTRhNDg5OTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmMyMTgzNDAtOTNlNS00MDRkLWFiZDgtZmRkNTRhNDg5OTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmMyMTgzNDAtOTNlNS00MDRkLWFiZDgtZmRkNTRhNDg5OTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Request [{ "accessKey" : "2lGV1voU", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "2lGV1voU", "org" : "", "prop1" : "2lGV1voU", "prop2" : "2lGV1voU", "prop3" : "2lGV1voU", "region" : "2lGV1voU", "secretKey" : "2lGV1voU", "version" : "" }] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:35.917+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWNhZmVkNTYtYzRhZi00YmFlLTg4OTItMjI2NjUyYzQ5ZDg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Time [418] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1] : Size [722] 2019-03-20 10:41:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWNhZmVkNTYtYzRhZi00YmFlLTg4OTItMjI2NjUyYzQ5ZDg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWNhZmVkNTYtYzRhZi00YmFlLTg4OTItMjI2NjUyYzQ5ZDg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWNhZmVkNTYtYzRhZi00YmFlLTg4OTItMjI2NjUyYzQ5ZDg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWNhZmVkNTYtYzRhZi00YmFlLTg4OTItMjI2NjUyYzQ5ZDg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Method [PUT] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Request [{ "account" : "", "cloudType" : "OTHER", "createdBy" : "", "createdDate" : "", "driver" : "MANUAL", "id" : "", "inactive" : false, "key" : "cKAUOJEs", "live" : "2082776746", "manual" : false, "manualScript" : "cKAUOJEs", "max" : "2082776746", "min" : "2082776746", "modifiedBy" : "", "modifiedDate" : "", "name" : "cKAUOJEs", "nodeId" : "cKAUOJEs", "org" : "", "region" : "cKAUOJEs", "status" : "INACTIVE", "version" : "", "visibility" : "PUBLIC" }] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:36.554+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'PUT' not supported", "path" : "/api/v1/bot-clusters/" }] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzU0ZmJhM2MtZmNkNi00MDA2LTk2NWItMzg4MWY5YzhkZWIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : StatusCode [405] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Time [634] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Size [164] 2019-03-20 10:41:36 ERROR [ApiV1BotClustersIdPutClusteruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [405 == 401 OR 405 == 403] result [Failed] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Method [DELETE] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request [null] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:36.909+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/bot-clusters/" }] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGM2OTM0YWUtYTJmMy00MDVhLTgzOWMtMzI0ZWE4NGUwNWRl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : StatusCode [405] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Time [354] 2019-03-20 10:41:36 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Size [167] 2019-03-20 10:41:36 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:37.585+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDg0ZDQ5NzItMTVlNC00YmViLWI3YjItMDZkMGNlMGNiMDQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:37 GMT]}] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [675] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:38.268+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYzOTUyZmMtMjEzYy00ZTg4LTg1MTQtM2YwMTIzNTQ2NjIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:37 GMT]}] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [681] 2019-03-20 10:41:38 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:38 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---