Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDJjMTAyZDctM2I1NC00ZTZhLWEzNzktYjI5NzFhZDJlZTQ1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{
"assertions" : [ "qFwREPcU" ],
"assertionsText" : "qFwREPcU",
"auth" : "qFwREPcU",
"authors" : [ "qFwREPcU" ],
"authorsText" : "qFwREPcU",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "qFwREPcU" ],
"cleanupText" : "qFwREPcU",
"createdBy" : "",
"createdDate" : "",
"description" : "qFwREPcU",
"endpoint" : "qFwREPcU",
"headers" : [ "qFwREPcU" ],
"headersText" : "qFwREPcU",
"id" : "",
"inactive" : false,
"init" : [ "qFwREPcU" ],
"initText" : "qFwREPcU",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "qFwREPcU",
"parent" : "qFwREPcU",
"path" : "qFwREPcU",
"policies" : {
"cleanupExec" : "qFwREPcU",
"initExec" : "qFwREPcU",
"logger" : "qFwREPcU",
"repeat" : "251886507",
"repeatDelay" : "251886507",
"repeatModule" : "qFwREPcU",
"repeatOnFailure" : "251886507",
"timeoutSeconds" : "251886507"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "qFwREPcU" ],
"tagsText" : "qFwREPcU",
"testCases" : [ {
"body" : "qFwREPcU",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "qFwREPcU"
}
Response :
{
"timestamp" : "2019-03-20T10:44:28.689+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}
Logs :
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "w2JgCq86",
"company" : "Herzog Group",
"createdBy" : "",
"createdDate" : "",
"description" : "w2JgCq86",
"id" : "",
"inactive" : false,
"location" : "w2JgCq86",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "w2JgCq86",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:24.240+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDkzM2NlOTMtZjkzNC00ODVjLWIzMDEtYzhlZjg2NmE1ODUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Time [1293]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:24 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDkzM2NlOTMtZjkzNC00ODVjLWIzMDEtYzhlZjg2NmE1ODUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDkzM2NlOTMtZjkzNC00ODVjLWIzMDEtYzhlZjg2NmE1ODUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDkzM2NlOTMtZjkzNC00ODVjLWIzMDEtYzhlZjg2NmE1ODUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDkzM2NlOTMtZjkzNC00ODVjLWIzMDEtYzhlZjg2NmE1ODUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Wgsmv19d",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Wgsmv19d",
"org" : "",
"prop1" : "Wgsmv19d",
"prop2" : "Wgsmv19d",
"prop3" : "Wgsmv19d",
"region" : "Wgsmv19d",
"secretKey" : "Wgsmv19d",
"version" : ""
}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:25.094+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJkOWQyNTEtZWQyOS00ZmRmLWEzZTEtYTEwODAwZjM4MDBk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Time [839]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJkOWQyNTEtZWQyOS00ZmRmLWEzZTEtYTEwODAwZjM4MDBk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJkOWQyNTEtZWQyOS00ZmRmLWEzZTEtYTEwODAwZjM4MDBk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJkOWQyNTEtZWQyOS00ZmRmLWEzZTEtYTEwODAwZjM4MDBk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJkOWQyNTEtZWQyOS00ZmRmLWEzZTEtYTEwODAwZjM4MDBk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "lQ9KtliU",
"createdBy" : "",
"createdDate" : "",
"description" : "lQ9KtliU",
"host" : "lQ9KtliU",
"id" : "",
"inactive" : false,
"key" : "lQ9KtliU",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "lQ9KtliU",
"org" : "",
"prop1" : "lQ9KtliU",
"prop2" : "lQ9KtliU",
"prop3" : "lQ9KtliU",
"prop4" : "lQ9KtliU",
"prop5" : "lQ9KtliU",
"secretKey" : "lQ9KtliU",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:25.720+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGNhZDRiMDYtMjE0Yy00MDQ3LThjYWQtNjhiOTI0NjgyZmEy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Time [645]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:44:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGNhZDRiMDYtMjE0Yy00MDQ3LThjYWQtNjhiOTI0NjgyZmEy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGNhZDRiMDYtMjE0Yy00MDQ3LThjYWQtNjhiOTI0NjgyZmEy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGNhZDRiMDYtMjE0Yy00MDQ3LThjYWQtNjhiOTI0NjgyZmEy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGNhZDRiMDYtMjE0Yy00MDQ3LThjYWQtNjhiOTI0NjgyZmEy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "jndIv6vI",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "jndIv6vI",
"org" : "",
"prop1" : "jndIv6vI",
"prop2" : "jndIv6vI",
"prop3" : "jndIv6vI",
"prop4" : "jndIv6vI",
"prop5" : "jndIv6vI",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:26.186+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmNmNTYzZDYtZDQ1YS00NWNlLTk4ZGItNzI1YWUxODhmZGIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [436]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:44:26 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmNmNTYzZDYtZDQ1YS00NWNlLTk4ZGItNzI1YWUxODhmZGIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmNmNTYzZDYtZDQ1YS00NWNlLTk4ZGItNzI1YWUxODhmZGIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmNmNTYzZDYtZDQ1YS00NWNlLTk4ZGItNzI1YWUxODhmZGIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmNmNTYzZDYtZDQ1YS00NWNlLTk4ZGItNzI1YWUxODhmZGIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1442082431",
"branch" : "xbmPjxsE",
"bugsOpen" : "1442082431",
"createdBy" : "",
"createdDate" : "",
"description" : "xbmPjxsE",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "xbmPjxsE",
"issueTracker" : "",
"lastCommit" : "xbmPjxsE",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "xbmPjxsE",
"openAPISpec" : "xbmPjxsE",
"openText" : "xbmPjxsE",
"org" : "",
"props" : null,
"url" : "xbmPjxsE",
"version" : ""
}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:26.781+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTc1NjdjYWItOTY4ZS00ZDM4LTliNmUtMzc2Yzg0YmRiMzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Time [594]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:44:26 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTc1NjdjYWItOTY4ZS00ZDM4LTliNmUtMzc2Yzg0YmRiMzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTc1NjdjYWItOTY4ZS00ZDM4LTliNmUtMzc2Yzg0YmRiMzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTc1NjdjYWItOTY4ZS00ZDM4LTliNmUtMzc2Yzg0YmRiMzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTc1NjdjYWItOTY4ZS00ZDM4LTliNmUtMzc2Yzg0YmRiMzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "hu6BCW2a",
"auth" : "hu6BCW2a",
"authorsText" : "hu6BCW2a",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "hu6BCW2a",
"createdBy" : "",
"createdDate" : "",
"description" : "hu6BCW2a",
"endpoint" : "hu6BCW2a",
"headersText" : "hu6BCW2a",
"id" : "",
"inactive" : false,
"initText" : "hu6BCW2a",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "hu6BCW2a",
"parent" : "hu6BCW2a",
"path" : "hu6BCW2a",
"policie" : {
"cleanupExec" : "hu6BCW2a",
"initExec" : "hu6BCW2a",
"logger" : "hu6BCW2a",
"repeat" : "1249477538",
"repeatDelay" : "1249477538",
"repeatModule" : "hu6BCW2a",
"repeatOnFailure" : "1249477538",
"timeoutSeconds" : "1249477538"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "hu6BCW2a",
"type" : "Abstract",
"version" : "",
"yaml" : "hu6BCW2a"
}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:27.381+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTMxYTlkYzktMTcwYy00Mzg1LWJhNDAtNDZlMWQ0OGI5OGJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [598]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:44:27 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTMxYTlkYzktMTcwYy00Mzg1LWJhNDAtNDZlMWQ0OGI5OGJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTMxYTlkYzktMTcwYy00Mzg1LWJhNDAtNDZlMWQ0OGI5OGJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTMxYTlkYzktMTcwYy00Mzg1LWJhNDAtNDZlMWQ0OGI5OGJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTMxYTlkYzktMTcwYy00Mzg1LWJhNDAtNDZlMWQ0OGI5OGJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1673576730",
"branch" : "kjpaKFcp",
"bugsOpen" : "1673576730",
"createdBy" : "",
"createdDate" : "",
"description" : "kjpaKFcp",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "kjpaKFcp",
"issueTracker" : "",
"lastCommit" : "kjpaKFcp",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "kjpaKFcp",
"openAPISpec" : "kjpaKFcp",
"openText" : "kjpaKFcp",
"org" : "",
"props" : null,
"url" : "kjpaKFcp",
"version" : ""
}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:27.996+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAwMGI4MzAtYzU3ZC00ZDJkLWFhMzQtYThhZGI3ZDZkZDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Time [613]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:44:28 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAwMGI4MzAtYzU3ZC00ZDJkLWFhMzQtYThhZGI3ZDZkZDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAwMGI4MzAtYzU3ZC00ZDJkLWFhMzQtYThhZGI3ZDZkZDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAwMGI4MzAtYzU3ZC00ZDJkLWFhMzQtYThhZGI3ZDZkZDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAwMGI4MzAtYzU3ZC00ZDJkLWFhMzQtYThhZGI3ZDZkZDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "qFwREPcU" ],
"assertionsText" : "qFwREPcU",
"auth" : "qFwREPcU",
"authors" : [ "qFwREPcU" ],
"authorsText" : "qFwREPcU",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "qFwREPcU" ],
"cleanupText" : "qFwREPcU",
"createdBy" : "",
"createdDate" : "",
"description" : "qFwREPcU",
"endpoint" : "qFwREPcU",
"headers" : [ "qFwREPcU" ],
"headersText" : "qFwREPcU",
"id" : "",
"inactive" : false,
"init" : [ "qFwREPcU" ],
"initText" : "qFwREPcU",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "qFwREPcU",
"parent" : "qFwREPcU",
"path" : "qFwREPcU",
"policies" : {
"cleanupExec" : "qFwREPcU",
"initExec" : "qFwREPcU",
"logger" : "qFwREPcU",
"repeat" : "251886507",
"repeatDelay" : "251886507",
"repeatModule" : "qFwREPcU",
"repeatOnFailure" : "251886507",
"timeoutSeconds" : "251886507"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "qFwREPcU" ],
"tagsText" : "qFwREPcU",
"testCases" : [ {
"body" : "qFwREPcU",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "qFwREPcU"
}]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:28.689+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDJjMTAyZDctM2I1NC00ZTZhLWEzNzktYjI5NzFhZDJlZTQ1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Time [691]
2019-03-20 10:44:28 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Size [750]
2019-03-20 10:44:28 ERROR [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:44:29.577+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2Y4YWZlNTUtZWU4OC00NWUyLTk0Y2MtMWM0YjYyYWVkYjhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [889]
2019-03-20 10:44:29 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:44:29 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:30.169+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDkxZmIzNTUtN2UxYy00ODAzLWE2YWItZjg1MTQ2Yzk4ZmFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [588]
2019-03-20 10:44:30 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:44:30 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:30.850+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzBhODg4NjItZTdjYy00NmIyLTkwNzUtNzNkOTEzN2Q5Zjk5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [746]
2019-03-20 10:44:30 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:44:30 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:31.694+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzRkOTk4ZTctMDgxMy00MDU1LWExNTMtMWE5MGVkYzUzZmQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [777]
2019-03-20 10:44:31 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:44:31 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:32.425+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE3YzA4YTctMzViZi00YTI1LWI3NDYtZjc2OWYxMzY1NWY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [731]
2019-03-20 10:44:32 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:32 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:32.912+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjU2NTkzY2MtMTk1OS00NGZhLWE2YjctODg5ZTQ2ZGI0MTFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [485]
2019-03-20 10:44:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:32 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTVkOWU0MWMtMjQ5Ni00M2ZlLTg0YjgtZDFmOGJlMWViNzE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{
"assertions" : [ "WiSmVTxe" ],
"assertionsText" : "WiSmVTxe",
"auth" : "WiSmVTxe",
"authors" : [ "WiSmVTxe" ],
"authorsText" : "WiSmVTxe",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "WiSmVTxe" ],
"cleanupText" : "WiSmVTxe",
"createdBy" : "",
"createdDate" : "",
"description" : "WiSmVTxe",
"endpoint" : "WiSmVTxe",
"headers" : [ "WiSmVTxe" ],
"headersText" : "WiSmVTxe",
"id" : "",
"inactive" : false,
"init" : [ "WiSmVTxe" ],
"initText" : "WiSmVTxe",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "WiSmVTxe",
"parent" : "WiSmVTxe",
"path" : "WiSmVTxe",
"policies" : {
"cleanupExec" : "WiSmVTxe",
"initExec" : "WiSmVTxe",
"logger" : "WiSmVTxe",
"repeat" : "1341800900",
"repeatDelay" : "1341800900",
"repeatModule" : "WiSmVTxe",
"repeatOnFailure" : "1341800900",
"timeoutSeconds" : "1341800900"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "WiSmVTxe" ],
"tagsText" : "WiSmVTxe",
"testCases" : [ {
"body" : "WiSmVTxe",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "WiSmVTxe"
}
Response :
{
"timestamp" : "2019-03-20T10:45:26.164+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}
Logs :
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "xQH8GSTl",
"company" : "Ryan and Sons",
"createdBy" : "",
"createdDate" : "",
"description" : "xQH8GSTl",
"id" : "",
"inactive" : false,
"location" : "xQH8GSTl",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "xQH8GSTl",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:17.904+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGI4MjM3NjktZTIyYi00ODQ1LWIxZmMtMzMxNzU2ZjhmNGQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:17 GMT]}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Time [1320]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:45:17 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGI4MjM3NjktZTIyYi00ODQ1LWIxZmMtMzMxNzU2ZjhmNGQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:17 GMT]}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGI4MjM3NjktZTIyYi00ODQ1LWIxZmMtMzMxNzU2ZjhmNGQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:17 GMT]}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGI4MjM3NjktZTIyYi00ODQ1LWIxZmMtMzMxNzU2ZjhmNGQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:17 GMT]}]
2019-03-20 10:45:17 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGI4MjM3NjktZTIyYi00ODQ1LWIxZmMtMzMxNzU2ZjhmNGQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:17 GMT]}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Xwl5eCEG",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Xwl5eCEG",
"org" : "",
"prop1" : "Xwl5eCEG",
"prop2" : "Xwl5eCEG",
"prop3" : "Xwl5eCEG",
"region" : "Xwl5eCEG",
"secretKey" : "Xwl5eCEG",
"version" : ""
}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:18.784+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ4MTU4NGItYmU2Ny00NTdlLWEwM2MtNzI4Mjg4ZjgwZTU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:18 GMT]}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Time [879]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:45:18 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ4MTU4NGItYmU2Ny00NTdlLWEwM2MtNzI4Mjg4ZjgwZTU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:18 GMT]}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ4MTU4NGItYmU2Ny00NTdlLWEwM2MtNzI4Mjg4ZjgwZTU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:18 GMT]}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ4MTU4NGItYmU2Ny00NTdlLWEwM2MtNzI4Mjg4ZjgwZTU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:18 GMT]}]
2019-03-20 10:45:18 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ4MTU4NGItYmU2Ny00NTdlLWEwM2MtNzI4Mjg4ZjgwZTU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:18 GMT]}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "m5JNdHR7",
"createdBy" : "",
"createdDate" : "",
"description" : "m5JNdHR7",
"host" : "m5JNdHR7",
"id" : "",
"inactive" : false,
"key" : "m5JNdHR7",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "m5JNdHR7",
"org" : "",
"prop1" : "m5JNdHR7",
"prop2" : "m5JNdHR7",
"prop3" : "m5JNdHR7",
"prop4" : "m5JNdHR7",
"prop5" : "m5JNdHR7",
"secretKey" : "m5JNdHR7",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:19.744+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDM3MzllN2QtN2RlNS00Y2M3LWI4YWQtN2IxYWI5NDhiNzRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:19 GMT]}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Time [957]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:45:19 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDM3MzllN2QtN2RlNS00Y2M3LWI4YWQtN2IxYWI5NDhiNzRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:19 GMT]}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDM3MzllN2QtN2RlNS00Y2M3LWI4YWQtN2IxYWI5NDhiNzRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:19 GMT]}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDM3MzllN2QtN2RlNS00Y2M3LWI4YWQtN2IxYWI5NDhiNzRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:19 GMT]}]
2019-03-20 10:45:19 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDM3MzllN2QtN2RlNS00Y2M3LWI4YWQtN2IxYWI5NDhiNzRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:19 GMT]}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "5mMtPnU0",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5mMtPnU0",
"org" : "",
"prop1" : "5mMtPnU0",
"prop2" : "5mMtPnU0",
"prop3" : "5mMtPnU0",
"prop4" : "5mMtPnU0",
"prop5" : "5mMtPnU0",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:20.834+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzBjZjJkYzYtMWYxYS00ZmM1LTk2MmEtMjI0MDFlMDlkNDYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:20 GMT]}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1089]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:45:20 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzBjZjJkYzYtMWYxYS00ZmM1LTk2MmEtMjI0MDFlMDlkNDYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:20 GMT]}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzBjZjJkYzYtMWYxYS00ZmM1LTk2MmEtMjI0MDFlMDlkNDYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:20 GMT]}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzBjZjJkYzYtMWYxYS00ZmM1LTk2MmEtMjI0MDFlMDlkNDYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:20 GMT]}]
2019-03-20 10:45:20 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzBjZjJkYzYtMWYxYS00ZmM1LTk2MmEtMjI0MDFlMDlkNDYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:20 GMT]}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "409802577",
"branch" : "SEBQJlMN",
"bugsOpen" : "409802577",
"createdBy" : "",
"createdDate" : "",
"description" : "SEBQJlMN",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "SEBQJlMN",
"issueTracker" : "",
"lastCommit" : "SEBQJlMN",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "SEBQJlMN",
"openAPISpec" : "SEBQJlMN",
"openText" : "SEBQJlMN",
"org" : "",
"props" : null,
"url" : "SEBQJlMN",
"version" : ""
}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:22.197+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWNiM2RjNWEtZTFlOC00MDE4LWI5NWQtZGMyZjE2MmU2ZmQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:21 GMT]}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Time [1361]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:45:22 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWNiM2RjNWEtZTFlOC00MDE4LWI5NWQtZGMyZjE2MmU2ZmQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:21 GMT]}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWNiM2RjNWEtZTFlOC00MDE4LWI5NWQtZGMyZjE2MmU2ZmQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:21 GMT]}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWNiM2RjNWEtZTFlOC00MDE4LWI5NWQtZGMyZjE2MmU2ZmQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:21 GMT]}]
2019-03-20 10:45:22 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWNiM2RjNWEtZTFlOC00MDE4LWI5NWQtZGMyZjE2MmU2ZmQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:21 GMT]}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "sWyYfsDy",
"auth" : "sWyYfsDy",
"authorsText" : "sWyYfsDy",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "sWyYfsDy",
"createdBy" : "",
"createdDate" : "",
"description" : "sWyYfsDy",
"endpoint" : "sWyYfsDy",
"headersText" : "sWyYfsDy",
"id" : "",
"inactive" : false,
"initText" : "sWyYfsDy",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "sWyYfsDy",
"parent" : "sWyYfsDy",
"path" : "sWyYfsDy",
"policie" : {
"cleanupExec" : "sWyYfsDy",
"initExec" : "sWyYfsDy",
"logger" : "sWyYfsDy",
"repeat" : "835074847",
"repeatDelay" : "835074847",
"repeatModule" : "sWyYfsDy",
"repeatOnFailure" : "835074847",
"timeoutSeconds" : "835074847"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "sWyYfsDy",
"type" : "Abstract",
"version" : "",
"yaml" : "sWyYfsDy"
}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:23.668+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJhNGRkZWMtZmYxNS00OTQ2LWI2NTctZjA0OWIwNWM1N2Nk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [1469]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:45:23 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJhNGRkZWMtZmYxNS00OTQ2LWI2NTctZjA0OWIwNWM1N2Nk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJhNGRkZWMtZmYxNS00OTQ2LWI2NTctZjA0OWIwNWM1N2Nk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJhNGRkZWMtZmYxNS00OTQ2LWI2NTctZjA0OWIwNWM1N2Nk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJhNGRkZWMtZmYxNS00OTQ2LWI2NTctZjA0OWIwNWM1N2Nk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "416985836",
"branch" : "JLJjVUJ9",
"bugsOpen" : "416985836",
"createdBy" : "",
"createdDate" : "",
"description" : "JLJjVUJ9",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "JLJjVUJ9",
"issueTracker" : "",
"lastCommit" : "JLJjVUJ9",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "JLJjVUJ9",
"openAPISpec" : "JLJjVUJ9",
"openText" : "JLJjVUJ9",
"org" : "",
"props" : null,
"url" : "JLJjVUJ9",
"version" : ""
}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:25.037+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTNlMTkwNGQtNDg2My00YmQ0LWExNzItYmQ3NDI1M2VmNzI4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Time [1366]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:45:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTNlMTkwNGQtNDg2My00YmQ0LWExNzItYmQ3NDI1M2VmNzI4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTNlMTkwNGQtNDg2My00YmQ0LWExNzItYmQ3NDI1M2VmNzI4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTNlMTkwNGQtNDg2My00YmQ0LWExNzItYmQ3NDI1M2VmNzI4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:25 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTNlMTkwNGQtNDg2My00YmQ0LWExNzItYmQ3NDI1M2VmNzI4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "WiSmVTxe" ],
"assertionsText" : "WiSmVTxe",
"auth" : "WiSmVTxe",
"authors" : [ "WiSmVTxe" ],
"authorsText" : "WiSmVTxe",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "WiSmVTxe" ],
"cleanupText" : "WiSmVTxe",
"createdBy" : "",
"createdDate" : "",
"description" : "WiSmVTxe",
"endpoint" : "WiSmVTxe",
"headers" : [ "WiSmVTxe" ],
"headersText" : "WiSmVTxe",
"id" : "",
"inactive" : false,
"init" : [ "WiSmVTxe" ],
"initText" : "WiSmVTxe",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "WiSmVTxe",
"parent" : "WiSmVTxe",
"path" : "WiSmVTxe",
"policies" : {
"cleanupExec" : "WiSmVTxe",
"initExec" : "WiSmVTxe",
"logger" : "WiSmVTxe",
"repeat" : "1341800900",
"repeatDelay" : "1341800900",
"repeatModule" : "WiSmVTxe",
"repeatOnFailure" : "1341800900",
"timeoutSeconds" : "1341800900"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "WiSmVTxe" ],
"tagsText" : "WiSmVTxe",
"testCases" : [ {
"body" : "WiSmVTxe",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "WiSmVTxe"
}]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:26.164+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTVkOWU0MWMtMjQ5Ni00M2ZlLTg0YjgtZDFmOGJlMWViNzE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Time [1125]
2019-03-20 10:45:26 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Size [750]
2019-03-20 10:45:26 ERROR [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:45:27.200+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2QyYjEyODgtMjJiOC00OGEyLTg2MTgtZDZhM2E3NjljYjdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:26 GMT]}]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [1035]
2019-03-20 10:45:27 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:45:27 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:28.009+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTE2OTA0ZjItNGNjNC00ODU4LWI4MWYtMGQ3YTJjYWZjM2Nl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:27 GMT]}]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [807]
2019-03-20 10:45:28 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:45:28 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:28.989+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2VjZjA1YjItOTNjMC00ODNjLTkyM2MtMzYxNjQwNWZkZGYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:28 GMT]}]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [984]
2019-03-20 10:45:29 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:45:29 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:30.041+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yzk5MjIyYTQtYTNkYi00ODBlLTgzNjUtMmIzM2I2OTI0MmQ4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:29 GMT]}]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1047]
2019-03-20 10:45:30 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:45:30 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:31.122+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTFiOGVmM2ItOWFjNS00NDdiLTlmNzEtMTA0ZmMwMTA4Yjk2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:30 GMT]}]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1080]
2019-03-20 10:45:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:31 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:32.410+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjlmMzVmMjEtYzIxOC00MTgxLTk2YTUtYzdhZDU4ZmRiOTcz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:31 GMT]}]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1287]
2019-03-20 10:45:32 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:32 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzRhZDE1YjQtZGQwZS00ZWVmLTllZWEtNmJhZmIzNDc1NGRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:22 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{
"assertions" : [ "htYfbins" ],
"assertionsText" : "htYfbins",
"auth" : "htYfbins",
"authors" : [ "htYfbins" ],
"authorsText" : "htYfbins",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "htYfbins" ],
"cleanupText" : "htYfbins",
"createdBy" : "",
"createdDate" : "",
"description" : "htYfbins",
"endpoint" : "htYfbins",
"headers" : [ "htYfbins" ],
"headersText" : "htYfbins",
"id" : "",
"inactive" : false,
"init" : [ "htYfbins" ],
"initText" : "htYfbins",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "htYfbins",
"parent" : "htYfbins",
"path" : "htYfbins",
"policies" : {
"cleanupExec" : "htYfbins",
"initExec" : "htYfbins",
"logger" : "htYfbins",
"repeat" : "1742084602",
"repeatDelay" : "1742084602",
"repeatModule" : "htYfbins",
"repeatOnFailure" : "1742084602",
"timeoutSeconds" : "1742084602"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "htYfbins" ],
"tagsText" : "htYfbins",
"testCases" : [ {
"body" : "htYfbins",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "htYfbins"
}
Response :
{
"timestamp" : "2019-03-20T10:46:22.983+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}
Logs :
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "hKt2n7jA",
"company" : "Walter Inc",
"createdBy" : "",
"createdDate" : "",
"description" : "hKt2n7jA",
"id" : "",
"inactive" : false,
"location" : "hKt2n7jA",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "hKt2n7jA",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:11.718+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5YzNmNTMtYzlhYi00NzhlLTk4NzEtMDIyZWE2MDEzZGJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:11 GMT]}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Time [1461]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:46:11 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5YzNmNTMtYzlhYi00NzhlLTk4NzEtMDIyZWE2MDEzZGJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:11 GMT]}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5YzNmNTMtYzlhYi00NzhlLTk4NzEtMDIyZWE2MDEzZGJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:11 GMT]}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5YzNmNTMtYzlhYi00NzhlLTk4NzEtMDIyZWE2MDEzZGJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:11 GMT]}]
2019-03-20 10:46:11 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5YzNmNTMtYzlhYi00NzhlLTk4NzEtMDIyZWE2MDEzZGJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:11 GMT]}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "jPoaTDTZ",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "jPoaTDTZ",
"org" : "",
"prop1" : "jPoaTDTZ",
"prop2" : "jPoaTDTZ",
"prop3" : "jPoaTDTZ",
"region" : "jPoaTDTZ",
"secretKey" : "jPoaTDTZ",
"version" : ""
}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:13.493+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmQyYjY0NWYtM2U3OS00Zjk3LWIxODQtNDcyOTQ2YmNiZmMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:13 GMT]}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Time [1777]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:46:13 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmQyYjY0NWYtM2U3OS00Zjk3LWIxODQtNDcyOTQ2YmNiZmMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:13 GMT]}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmQyYjY0NWYtM2U3OS00Zjk3LWIxODQtNDcyOTQ2YmNiZmMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:13 GMT]}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmQyYjY0NWYtM2U3OS00Zjk3LWIxODQtNDcyOTQ2YmNiZmMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:13 GMT]}]
2019-03-20 10:46:13 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmQyYjY0NWYtM2U3OS00Zjk3LWIxODQtNDcyOTQ2YmNiZmMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:13 GMT]}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "yxQ1I4eB",
"createdBy" : "",
"createdDate" : "",
"description" : "yxQ1I4eB",
"host" : "yxQ1I4eB",
"id" : "",
"inactive" : false,
"key" : "yxQ1I4eB",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "yxQ1I4eB",
"org" : "",
"prop1" : "yxQ1I4eB",
"prop2" : "yxQ1I4eB",
"prop3" : "yxQ1I4eB",
"prop4" : "yxQ1I4eB",
"prop5" : "yxQ1I4eB",
"secretKey" : "yxQ1I4eB",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:15.108+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjcwOGQxN2EtMTU2MC00OWRhLWFiM2MtZTg0MDdlMzBlMzg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:14 GMT]}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Time [1610]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:46:15 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjcwOGQxN2EtMTU2MC00OWRhLWFiM2MtZTg0MDdlMzBlMzg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:14 GMT]}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjcwOGQxN2EtMTU2MC00OWRhLWFiM2MtZTg0MDdlMzBlMzg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:14 GMT]}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjcwOGQxN2EtMTU2MC00OWRhLWFiM2MtZTg0MDdlMzBlMzg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:14 GMT]}]
2019-03-20 10:46:15 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjcwOGQxN2EtMTU2MC00OWRhLWFiM2MtZTg0MDdlMzBlMzg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:14 GMT]}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "fuBpf6E6",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "fuBpf6E6",
"org" : "",
"prop1" : "fuBpf6E6",
"prop2" : "fuBpf6E6",
"prop3" : "fuBpf6E6",
"prop4" : "fuBpf6E6",
"prop5" : "fuBpf6E6",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:16.725+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY1NDE1NWEtNDk2MS00NDNhLWI3MDgtNWMzN2UzNjllODMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:16 GMT]}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1615]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:46:16 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY1NDE1NWEtNDk2MS00NDNhLWI3MDgtNWMzN2UzNjllODMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:16 GMT]}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY1NDE1NWEtNDk2MS00NDNhLWI3MDgtNWMzN2UzNjllODMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:16 GMT]}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY1NDE1NWEtNDk2MS00NDNhLWI3MDgtNWMzN2UzNjllODMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:16 GMT]}]
2019-03-20 10:46:16 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY1NDE1NWEtNDk2MS00NDNhLWI3MDgtNWMzN2UzNjllODMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:16 GMT]}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "347827189",
"branch" : "YGOW7RNv",
"bugsOpen" : "347827189",
"createdBy" : "",
"createdDate" : "",
"description" : "YGOW7RNv",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "YGOW7RNv",
"issueTracker" : "",
"lastCommit" : "YGOW7RNv",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "YGOW7RNv",
"openAPISpec" : "YGOW7RNv",
"openText" : "YGOW7RNv",
"org" : "",
"props" : null,
"url" : "YGOW7RNv",
"version" : ""
}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:18.106+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjdmNjFlMTMtZmE0My00N2ZhLTljZmEtMGRlOTMxMzRkMWVm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:17 GMT]}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Time [1373]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:46:18 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjdmNjFlMTMtZmE0My00N2ZhLTljZmEtMGRlOTMxMzRkMWVm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:17 GMT]}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjdmNjFlMTMtZmE0My00N2ZhLTljZmEtMGRlOTMxMzRkMWVm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:17 GMT]}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjdmNjFlMTMtZmE0My00N2ZhLTljZmEtMGRlOTMxMzRkMWVm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:17 GMT]}]
2019-03-20 10:46:18 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjdmNjFlMTMtZmE0My00N2ZhLTljZmEtMGRlOTMxMzRkMWVm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:17 GMT]}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "Fr6kxW1N",
"auth" : "Fr6kxW1N",
"authorsText" : "Fr6kxW1N",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "Fr6kxW1N",
"createdBy" : "",
"createdDate" : "",
"description" : "Fr6kxW1N",
"endpoint" : "Fr6kxW1N",
"headersText" : "Fr6kxW1N",
"id" : "",
"inactive" : false,
"initText" : "Fr6kxW1N",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Fr6kxW1N",
"parent" : "Fr6kxW1N",
"path" : "Fr6kxW1N",
"policie" : {
"cleanupExec" : "Fr6kxW1N",
"initExec" : "Fr6kxW1N",
"logger" : "Fr6kxW1N",
"repeat" : "673804900",
"repeatDelay" : "673804900",
"repeatModule" : "Fr6kxW1N",
"repeatOnFailure" : "673804900",
"timeoutSeconds" : "673804900"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "Fr6kxW1N",
"type" : "Abstract",
"version" : "",
"yaml" : "Fr6kxW1N"
}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:19.633+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzEyMzkzMWYtODMyNi00MjkxLWFhNTItY2Q3ODU5YTk0MzBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:19 GMT]}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [1533]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:46:19 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzEyMzkzMWYtODMyNi00MjkxLWFhNTItY2Q3ODU5YTk0MzBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:19 GMT]}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzEyMzkzMWYtODMyNi00MjkxLWFhNTItY2Q3ODU5YTk0MzBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:19 GMT]}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzEyMzkzMWYtODMyNi00MjkxLWFhNTItY2Q3ODU5YTk0MzBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:19 GMT]}]
2019-03-20 10:46:19 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzEyMzkzMWYtODMyNi00MjkxLWFhNTItY2Q3ODU5YTk0MzBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:19 GMT]}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1515129799",
"branch" : "ZsnEUlb4",
"bugsOpen" : "1515129799",
"createdBy" : "",
"createdDate" : "",
"description" : "ZsnEUlb4",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "ZsnEUlb4",
"issueTracker" : "",
"lastCommit" : "ZsnEUlb4",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "ZsnEUlb4",
"openAPISpec" : "ZsnEUlb4",
"openText" : "ZsnEUlb4",
"org" : "",
"props" : null,
"url" : "ZsnEUlb4",
"version" : ""
}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:21.267+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDg5NTliODEtZGE3My00ZjE0LWEwYWYtYzkxOGU4ZmI2ZGQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:20 GMT]}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Time [1626]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:46:21 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDg5NTliODEtZGE3My00ZjE0LWEwYWYtYzkxOGU4ZmI2ZGQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:20 GMT]}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDg5NTliODEtZGE3My00ZjE0LWEwYWYtYzkxOGU4ZmI2ZGQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:20 GMT]}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDg5NTliODEtZGE3My00ZjE0LWEwYWYtYzkxOGU4ZmI2ZGQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:20 GMT]}]
2019-03-20 10:46:21 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDg5NTliODEtZGE3My00ZjE0LWEwYWYtYzkxOGU4ZmI2ZGQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:20 GMT]}]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "htYfbins" ],
"assertionsText" : "htYfbins",
"auth" : "htYfbins",
"authors" : [ "htYfbins" ],
"authorsText" : "htYfbins",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "htYfbins" ],
"cleanupText" : "htYfbins",
"createdBy" : "",
"createdDate" : "",
"description" : "htYfbins",
"endpoint" : "htYfbins",
"headers" : [ "htYfbins" ],
"headersText" : "htYfbins",
"id" : "",
"inactive" : false,
"init" : [ "htYfbins" ],
"initText" : "htYfbins",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "htYfbins",
"parent" : "htYfbins",
"path" : "htYfbins",
"policies" : {
"cleanupExec" : "htYfbins",
"initExec" : "htYfbins",
"logger" : "htYfbins",
"repeat" : "1742084602",
"repeatDelay" : "1742084602",
"repeatModule" : "htYfbins",
"repeatOnFailure" : "1742084602",
"timeoutSeconds" : "1742084602"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "htYfbins" ],
"tagsText" : "htYfbins",
"testCases" : [ {
"body" : "htYfbins",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "htYfbins"
}]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:22.983+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzRhZDE1YjQtZGQwZS00ZWVmLTllZWEtNmJhZmIzNDc1NGRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:22 GMT]}]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Time [1713]
2019-03-20 10:46:23 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Size [750]
2019-03-20 10:46:23 ERROR [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:46:24.578+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTZkZTY2NzktMTA0OC00NTQ4LTgzYjAtMTNmZGY0MTU2NDUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:23 GMT]}]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [1593]
2019-03-20 10:46:24 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:46:24 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:26.118+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjUwOGFiOWYtNjhkMi00ODVmLWI0ZmEtNzcwOWI0OTI1OGUz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:25 GMT]}]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1540]
2019-03-20 10:46:26 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:46:26 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:46:27.785+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjNlMjdhYmYtYWE2Yi00NWNkLWFhNzMtNTkzNDRiNzkxY2Q1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:27 GMT]}]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1666]
2019-03-20 10:46:27 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:46:27 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:46:29.574+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTdkOTM0NzEtNTZlOC00NTEwLTk2MjktNzJjYTc1MGM5YjQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:28 GMT]}]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1788]
2019-03-20 10:46:29 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:46:29 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:31.288+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGQwODVmMzMtOThiYi00MzNlLWIyYjktMDZlYmIyODU0ZGVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:30 GMT]}]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1713]
2019-03-20 10:46:31 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:46:31 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:46:32.973+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzIyNWUwNjktODljMi00ZmQxLWJmOWUtOGI3ODgwMTc3ZWE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:32 GMT]}]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1685]
2019-03-20 10:46:33 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:46:33 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA0NjI1MTEtOTM2Zi00NmU3LWE2ODAtNjMwMmIxMDRiOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:37 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{ "assertions" : [ "FGEOwp9T" ], "assertionsText" : "FGEOwp9T", "auth" : "FGEOwp9T", "authors" : [ "FGEOwp9T" ], "authorsText" : "FGEOwp9T", "autoGenerated" : false, "category" : "XSS_Injection", "cleanup" : [ "FGEOwp9T" ], "cleanupText" : "FGEOwp9T", "createdBy" : "", "createdDate" : "", "description" : "FGEOwp9T", "endpoint" : "FGEOwp9T", "headers" : [ "FGEOwp9T" ], "headersText" : "FGEOwp9T", "id" : "", "inactive" : false, "init" : [ "FGEOwp9T" ], "initText" : "FGEOwp9T", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "FGEOwp9T", "parent" : "FGEOwp9T", "path" : "FGEOwp9T", "policies" : { "cleanupExec" : "FGEOwp9T", "initExec" : "FGEOwp9T", "logger" : "FGEOwp9T", "repeat" : "446469082", "repeatDelay" : "446469082", "repeatModule" : "FGEOwp9T", "repeatOnFailure" : "446469082", "timeoutSeconds" : "446469082" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Major", "tags" : [ "FGEOwp9T" ], "tagsText" : "FGEOwp9T", "testCases" : [ { "body" : "FGEOwp9T", "id" : "", "inactive" : false } ], "type" : "Suite", "version" : "", "yaml" : "FGEOwp9T" }
Response :
{ "timestamp" : "2019-03-20T10:41:37.319+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }Logs :
2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "kU1KuJvm", "company" : "Dach-Dach", "createdBy" : "", "createdDate" : "", "description" : "kU1KuJvm", "id" : "", "inactive" : false, "location" : "kU1KuJvm", "modifiedBy" : "", "modifiedDate" : "", "name" : "kU1KuJvm", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:33.548+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTgyYjliMmQtOTM4ZC00MTI2LTg1YjYtNDBmMTQ2NDRkOTdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Time [729] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTgyYjliMmQtOTM4ZC00MTI2LTg1YjYtNDBmMTQ2NDRkOTdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTgyYjliMmQtOTM4ZC00MTI2LTg1YjYtNDBmMTQ2NDRkOTdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTgyYjliMmQtOTM4ZC00MTI2LTg1YjYtNDBmMTQ2NDRkOTdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTgyYjliMmQtOTM4ZC00MTI2LTg1YjYtNDBmMTQ2NDRkOTdj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "ThDCyVas", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "ThDCyVas", "org" : "", "prop1" : "ThDCyVas", "prop2" : "ThDCyVas", "prop3" : "ThDCyVas", "region" : "ThDCyVas", "secretKey" : "ThDCyVas", "version" : "" }] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:34.002+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc1MjczZjgtZmM0Ni00MjkzLWE3YTgtNGFiNWQyNTRmM2Zl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Time [471] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc1MjczZjgtZmM0Ni00MjkzLWE3YTgtNGFiNWQyNTRmM2Zl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc1MjczZjgtZmM0Ni00MjkzLWE3YTgtNGFiNWQyNTRmM2Zl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc1MjczZjgtZmM0Ni00MjkzLWE3YTgtNGFiNWQyNTRmM2Zl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc1MjczZjgtZmM0Ni00MjkzLWE3YTgtNGFiNWQyNTRmM2Zl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Request [{ "accessKey" : "5t0c2Bam", "createdBy" : "", "createdDate" : "", "description" : "5t0c2Bam", "host" : "5t0c2Bam", "id" : "", "inactive" : false, "key" : "5t0c2Bam", "modifiedBy" : "", "modifiedDate" : "", "name" : "5t0c2Bam", "org" : "", "prop1" : "5t0c2Bam", "prop2" : "5t0c2Bam", "prop3" : "5t0c2Bam", "prop4" : "5t0c2Bam", "prop5" : "5t0c2Bam", "secretKey" : "5t0c2Bam", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:34.654+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTM2MTc4MDUtZTk4ZC00YjAwLWFiZjItZWY1MzM0MDNmNzY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Time [629] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1] : Size [716] 2019-03-20 10:41:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTM2MTc4MDUtZTk4ZC00YjAwLWFiZjItZWY1MzM0MDNmNzY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTM2MTc4MDUtZTk4ZC00YjAwLWFiZjItZWY1MzM0MDNmNzY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTM2MTc4MDUtZTk4ZC00YjAwLWFiZjItZWY1MzM0MDNmNzY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTM2MTc4MDUtZTk4ZC00YjAwLWFiZjItZWY1MzM0MDNmNzY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "QibIlzM6", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "QibIlzM6", "org" : "", "prop1" : "QibIlzM6", "prop2" : "QibIlzM6", "prop3" : "QibIlzM6", "prop4" : "QibIlzM6", "prop5" : "QibIlzM6", "skill" : "", "state" : "INACTIVE", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:35.162+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Nzc4MWI4MTgtZTI2Zi00YTZkLTg3YzYtNzFlZWRlN2ZkMTA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [500] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768] 2019-03-20 10:41:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Nzc4MWI4MTgtZTI2Zi00YTZkLTg3YzYtNzFlZWRlN2ZkMTA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Nzc4MWI4MTgtZTI2Zi00YTZkLTg3YzYtNzFlZWRlN2ZkMTA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Nzc4MWI4MTgtZTI2Zi00YTZkLTg3YzYtNzFlZWRlN2ZkMTA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Nzc4MWI4MTgtZTI2Zi00YTZkLTg3YzYtNzFlZWRlN2ZkMTA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "2147360975", "branch" : "SWDiec79", "bugsOpen" : "2147360975", "createdBy" : "", "createdDate" : "", "description" : "SWDiec79", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "SWDiec79", "issueTracker" : "", "lastCommit" : "SWDiec79", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "SWDiec79", "openAPISpec" : "SWDiec79", "openText" : "SWDiec79", "org" : "", "props" : null, "url" : "SWDiec79", "version" : "" }] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:35.738+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhlYTZjNmQtMDM2OS00MGQwLWEzYWYtZjU1N2M2ZDg4ZGUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Time [575] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1] : Size [744] 2019-03-20 10:41:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhlYTZjNmQtMDM2OS00MGQwLWEzYWYtZjU1N2M2ZDg4ZGUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhlYTZjNmQtMDM2OS00MGQwLWEzYWYtZjU1N2M2ZDg4ZGUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhlYTZjNmQtMDM2OS00MGQwLWEzYWYtZjU1N2M2ZDg4ZGUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhlYTZjNmQtMDM2OS00MGQwLWEzYWYtZjU1N2M2ZDg4ZGUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{ "assertionsText" : "AgX0oMMP", "auth" : "AgX0oMMP", "authorsText" : "AgX0oMMP", "autoGenerated" : false, "category" : "Special_Chars", "cleanupText" : "AgX0oMMP", "createdBy" : "", "createdDate" : "", "description" : "AgX0oMMP", "endpoint" : "AgX0oMMP", "headersText" : "AgX0oMMP", "id" : "", "inactive" : false, "initText" : "AgX0oMMP", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "AgX0oMMP", "parent" : "AgX0oMMP", "path" : "AgX0oMMP", "policie" : { "cleanupExec" : "AgX0oMMP", "initExec" : "AgX0oMMP", "logger" : "AgX0oMMP", "repeat" : "1287336935", "repeatDelay" : "1287336935", "repeatModule" : "AgX0oMMP", "repeatOnFailure" : "1287336935", "timeoutSeconds" : "1287336935" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Trivial", "tagsText" : "AgX0oMMP", "type" : "Abstract", "version" : "", "yaml" : "AgX0oMMP" }] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:36.375+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2ExYmFiOWEtOWRmZS00YjQzLWFiNGYtNDcxODRhNmVjNGYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [629] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750] 2019-03-20 10:41:36 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2ExYmFiOWEtOWRmZS00YjQzLWFiNGYtNDcxODRhNmVjNGYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2ExYmFiOWEtOWRmZS00YjQzLWFiNGYtNDcxODRhNmVjNGYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2ExYmFiOWEtOWRmZS00YjQzLWFiNGYtNDcxODRhNmVjNGYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2ExYmFiOWEtOWRmZS00YjQzLWFiNGYtNDcxODRhNmVjNGYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "792142288", "branch" : "FyEA9nWV", "bugsOpen" : "792142288", "createdBy" : "", "createdDate" : "", "description" : "FyEA9nWV", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "FyEA9nWV", "issueTracker" : "", "lastCommit" : "FyEA9nWV", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "FyEA9nWV", "openAPISpec" : "FyEA9nWV", "openText" : "FyEA9nWV", "org" : "", "props" : null, "url" : "FyEA9nWV", "version" : "" }] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:36.819+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODA4MTdlNWQtMDZkMi00NjI2LTgxYWYtYzU4NGNhMzdiNjNm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Time [436] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1] : Size [744] 2019-03-20 10:41:36 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODA4MTdlNWQtMDZkMi00NjI2LTgxYWYtYzU4NGNhMzdiNjNm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODA4MTdlNWQtMDZkMi00NjI2LTgxYWYtYzU4NGNhMzdiNjNm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODA4MTdlNWQtMDZkMi00NjI2LTgxYWYtYzU4NGNhMzdiNjNm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODA4MTdlNWQtMDZkMi00NjI2LTgxYWYtYzU4NGNhMzdiNjNm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Method [PUT] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request [{ "assertions" : [ "FGEOwp9T" ], "assertionsText" : "FGEOwp9T", "auth" : "FGEOwp9T", "authors" : [ "FGEOwp9T" ], "authorsText" : "FGEOwp9T", "autoGenerated" : false, "category" : "XSS_Injection", "cleanup" : [ "FGEOwp9T" ], "cleanupText" : "FGEOwp9T", "createdBy" : "", "createdDate" : "", "description" : "FGEOwp9T", "endpoint" : "FGEOwp9T", "headers" : [ "FGEOwp9T" ], "headersText" : "FGEOwp9T", "id" : "", "inactive" : false, "init" : [ "FGEOwp9T" ], "initText" : "FGEOwp9T", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "FGEOwp9T", "parent" : "FGEOwp9T", "path" : "FGEOwp9T", "policies" : { "cleanupExec" : "FGEOwp9T", "initExec" : "FGEOwp9T", "logger" : "FGEOwp9T", "repeat" : "446469082", "repeatDelay" : "446469082", "repeatModule" : "FGEOwp9T", "repeatOnFailure" : "446469082", "timeoutSeconds" : "446469082" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Major", "tags" : [ "FGEOwp9T" ], "tagsText" : "FGEOwp9T", "testCases" : [ { "body" : "FGEOwp9T", "id" : "", "inactive" : false } ], "type" : "Suite", "version" : "", "yaml" : "FGEOwp9T" }] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:37.319+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA0NjI1MTEtOTM2Zi00NmU3LWE2ODAtNjMwMmIxMDRiOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:37 GMT]}] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Time [497] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Size [750] 2019-03-20 10:41:37 ERROR [ApiV1TestSuitesPutTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{ "timestamp" : "2019-03-20T10:41:37.768+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/test-suites/" }] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDRhY2M2NDEtNDlmMi00NjRlLTg1MjMtYmI0MjBiZTcyZjYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:37 GMT]}] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [448] 2019-03-20 10:41:37 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166] 2019-03-20 10:41:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:38.342+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/projects/" }] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjRmZjFhNjQtZDgwNy00N2RkLWJhM2YtOTQ2Njc3ZDczYTk1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [574] 2019-03-20 10:41:38 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163] 2019-03-20 10:41:38 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:38.956+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/issue-trackers/issue-tracker-bot/" }] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTk5MjA1NjktNDNhMS00OThiLTlmYTctODhmOTk2YzBkYWE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [612] 2019-03-20 10:41:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187] 2019-03-20 10:41:38 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:39.454+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/skills/" }] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2JlNDZmNGMtOWE1My00MDZkLTg3YmQtNjRjMGY1ZDI0MTEy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [497] 2019-03-20 10:41:39 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161] 2019-03-20 10:41:39 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:40.055+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmMyNjVmODgtZDgyZS00ZDg4LThiYzAtNTFhZGQwMTJlY2Vj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [599] 2019-03-20 10:41:40 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:40 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:40.931+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWJmY2IxMGQtYzc3Ny00ZDRkLWJmOGEtOTIzZGY3ZmI5ODQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [875] 2019-03-20 10:41:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:40 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---