Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : ApiV1NotificationsPostNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljNzVmMDItMTQ3Zi00ZDYxLWFlNWEtODM5YzIxOTk3YmYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:38 GMT]}
Endpoint : http://13.56.210.25/api/v1/notifications
Request :
{
"accessKey" : "hPGXx2HO",
"account" : "",
"channel" : "hPGXx2HO",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "hPGXx2HO",
"org" : "",
"secretKey" : "hPGXx2HO",
"token" : "hPGXx2HO",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}
Response :
{
"timestamp" : "2019-03-20T10:44:38.523+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}
Logs :
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "pOnC40LU",
"company" : "Swaniawski Inc",
"createdBy" : "",
"createdDate" : "",
"description" : "pOnC40LU",
"id" : "",
"inactive" : false,
"location" : "pOnC40LU",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "pOnC40LU",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:33.650+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGY1ZGFjYmQtMDJiNy00ZWZjLWE3ZWQtMmU5OWQ4YWEyZjkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Time [631]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGY1ZGFjYmQtMDJiNy00ZWZjLWE3ZWQtMmU5OWQ4YWEyZjkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGY1ZGFjYmQtMDJiNy00ZWZjLWE3ZWQtMmU5OWQ4YWEyZjkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGY1ZGFjYmQtMDJiNy00ZWZjLWE3ZWQtMmU5OWQ4YWEyZjkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGY1ZGFjYmQtMDJiNy00ZWZjLWE3ZWQtMmU5OWQ4YWEyZjkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "dh88cOT8",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "dh88cOT8",
"org" : "",
"prop1" : "dh88cOT8",
"prop2" : "dh88cOT8",
"prop3" : "dh88cOT8",
"region" : "dh88cOT8",
"secretKey" : "dh88cOT8",
"version" : ""
}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:34.406+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmExYTMwZmEtNTM5Yi00Y2YyLTgzODctMmY0MDU2NThjMzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Time [754]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmExYTMwZmEtNTM5Yi00Y2YyLTgzODctMmY0MDU2NThjMzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmExYTMwZmEtNTM5Yi00Y2YyLTgzODctMmY0MDU2NThjMzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmExYTMwZmEtNTM5Yi00Y2YyLTgzODctMmY0MDU2NThjMzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmExYTMwZmEtNTM5Yi00Y2YyLTgzODctMmY0MDU2NThjMzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Request [{
"accessKey" : "GcamCHNz",
"account" : "",
"channel" : "GcamCHNz",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "GcamCHNz",
"org" : "",
"secretKey" : "GcamCHNz",
"token" : "GcamCHNz",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:35.590+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ3MWY3MWQtN2M0Yy00MDhiLTkwNjUtZTJiMGE4NDg4NDZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Time [1182]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1] : Size [753]
2019-03-20 10:44:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ3MWY3MWQtN2M0Yy00MDhiLTkwNjUtZTJiMGE4NDg4NDZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ3MWY3MWQtN2M0Yy00MDhiLTkwNjUtZTJiMGE4NDg4NDZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ3MWY3MWQtN2M0Yy00MDhiLTkwNjUtZTJiMGE4NDg4NDZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:35 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGQ3MWY3MWQtN2M0Yy00MDhiLTkwNjUtZTJiMGE4NDg4NDZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "HH9xrRp5",
"company" : "Donnelly-Donnelly",
"createdBy" : "",
"createdDate" : "",
"description" : "HH9xrRp5",
"id" : "",
"inactive" : false,
"location" : "HH9xrRp5",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "HH9xrRp5",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:36.832+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjExNzc2MGUtYThmMy00ZDMyLThlNTMtYmFjNzZiMjIyN2U1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Time [1043]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:44:36 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjExNzc2MGUtYThmMy00ZDMyLThlNTMtYmFjNzZiMjIyN2U1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjExNzc2MGUtYThmMy00ZDMyLThlNTMtYmFjNzZiMjIyN2U1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjExNzc2MGUtYThmMy00ZDMyLThlNTMtYmFjNzZiMjIyN2U1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:36 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjExNzc2MGUtYThmMy00ZDMyLThlNTMtYmFjNzZiMjIyN2U1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "ycltVinM",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "ycltVinM",
"org" : "",
"prop1" : "ycltVinM",
"prop2" : "ycltVinM",
"prop3" : "ycltVinM",
"region" : "ycltVinM",
"secretKey" : "ycltVinM",
"version" : ""
}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:37.780+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzU0ZjM4NDktNDEwYS00MmRiLTgyOWYtYTE1NTdhYWEyNzVk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Time [946]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:44:37 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzU0ZjM4NDktNDEwYS00MmRiLTgyOWYtYTE1NTdhYWEyNzVk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzU0ZjM4NDktNDEwYS00MmRiLTgyOWYtYTE1NTdhYWEyNzVk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzU0ZjM4NDktNDEwYS00MmRiLTgyOWYtYTE1NTdhYWEyNzVk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:37 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzU0ZjM4NDktNDEwYS00MmRiLTgyOWYtYTE1NTdhYWEyNzVk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Method [POST]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request [{
"accessKey" : "hPGXx2HO",
"account" : "",
"channel" : "hPGXx2HO",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "hPGXx2HO",
"org" : "",
"secretKey" : "hPGXx2HO",
"token" : "hPGXx2HO",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:38.523+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljNzVmMDItMTQ3Zi00ZDYxLWFlNWEtODM5YzIxOTk3YmYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:38 GMT]}]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Time [741]
2019-03-20 10:44:38 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Size [753]
2019-03-20 10:44:38 ERROR [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:39.181+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/notifications/"
}]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTMyZGEyNGUtMWNlMi00ZDY1LWEzMTktY2ZkMjdlZWZkYTIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:39 GMT]}]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [657]
2019-03-20 10:44:39 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168]
2019-03-20 10:44:39 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:39.867+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjdhZWZhNTItYjA4Ny00NTE4LWFmMDktY2ZiZjhlMmE0MGNl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:39 GMT]}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [685]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:39 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:40.780+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWViY2JlNDctY2JmMS00NzY2LWFiMDYtMGM2NGI1MzZmOGMw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:40 GMT]}]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [911]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:40 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1NotificationsPostNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGM2MzI2MmYtMjA2Zi00NDIwLWE4NDktYmRiMjI2NzVlYzlh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:39 GMT]}
Endpoint : http://13.56.210.25/api/v1/notifications
Request :
{
"accessKey" : "Yzn8Q0eY",
"account" : "",
"channel" : "Yzn8Q0eY",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Yzn8Q0eY",
"org" : "",
"secretKey" : "Yzn8Q0eY",
"token" : "Yzn8Q0eY",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}
Response :
{
"timestamp" : "2019-03-20T10:45:40.125+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}
Logs :
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "m8THF4to",
"company" : "Terry-Terry",
"createdBy" : "",
"createdDate" : "",
"description" : "m8THF4to",
"id" : "",
"inactive" : false,
"location" : "m8THF4to",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "m8THF4to",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:33.565+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGU2ZjE4NDEtMDg3Ny00OGU5LThlZDItNzEzYTkxOTBjNGRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:33 GMT]}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Time [1084]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:45:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGU2ZjE4NDEtMDg3Ny00OGU5LThlZDItNzEzYTkxOTBjNGRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:33 GMT]}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGU2ZjE4NDEtMDg3Ny00OGU5LThlZDItNzEzYTkxOTBjNGRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:33 GMT]}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGU2ZjE4NDEtMDg3Ny00OGU5LThlZDItNzEzYTkxOTBjNGRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:33 GMT]}]
2019-03-20 10:45:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGU2ZjE4NDEtMDg3Ny00OGU5LThlZDItNzEzYTkxOTBjNGRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:33 GMT]}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "u8T3YFOn",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "u8T3YFOn",
"org" : "",
"prop1" : "u8T3YFOn",
"prop2" : "u8T3YFOn",
"prop3" : "u8T3YFOn",
"region" : "u8T3YFOn",
"secretKey" : "u8T3YFOn",
"version" : ""
}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:34.539+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYxYTc4MGEtNWVhMC00M2ZjLWJlMTUtNWM1OTExNzczYTE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:34 GMT]}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Time [972]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:45:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYxYTc4MGEtNWVhMC00M2ZjLWJlMTUtNWM1OTExNzczYTE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:34 GMT]}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYxYTc4MGEtNWVhMC00M2ZjLWJlMTUtNWM1OTExNzczYTE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:34 GMT]}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYxYTc4MGEtNWVhMC00M2ZjLWJlMTUtNWM1OTExNzczYTE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:34 GMT]}]
2019-03-20 10:45:34 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYxYTc4MGEtNWVhMC00M2ZjLWJlMTUtNWM1OTExNzczYTE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:34 GMT]}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Request [{
"accessKey" : "yWV4KAZ0",
"account" : "",
"channel" : "yWV4KAZ0",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "yWV4KAZ0",
"org" : "",
"secretKey" : "yWV4KAZ0",
"token" : "yWV4KAZ0",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:35.808+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQzZmIyOGYtZDMwYi00MWY3LThjNzgtM2U1NzY3MDljYzMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:35 GMT]}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Time [1268]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1] : Size [753]
2019-03-20 10:45:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQzZmIyOGYtZDMwYi00MWY3LThjNzgtM2U1NzY3MDljYzMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:35 GMT]}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQzZmIyOGYtZDMwYi00MWY3LThjNzgtM2U1NzY3MDljYzMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:35 GMT]}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQzZmIyOGYtZDMwYi00MWY3LThjNzgtM2U1NzY3MDljYzMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:35 GMT]}]
2019-03-20 10:45:35 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQzZmIyOGYtZDMwYi00MWY3LThjNzgtM2U1NzY3MDljYzMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:35 GMT]}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "28Dxyv6I",
"company" : "Gerlach, Gerlach and Gerlach",
"createdBy" : "",
"createdDate" : "",
"description" : "28Dxyv6I",
"id" : "",
"inactive" : false,
"location" : "28Dxyv6I",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "28Dxyv6I",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:37.292+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzBhNjQ3YjYtMDZhZC00Mzg2LWI4NzUtYjg1YWFjY2RmNDU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:36 GMT]}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Time [1419]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:45:37 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzBhNjQ3YjYtMDZhZC00Mzg2LWI4NzUtYjg1YWFjY2RmNDU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:36 GMT]}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzBhNjQ3YjYtMDZhZC00Mzg2LWI4NzUtYjg1YWFjY2RmNDU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:36 GMT]}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzBhNjQ3YjYtMDZhZC00Mzg2LWI4NzUtYjg1YWFjY2RmNDU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:36 GMT]}]
2019-03-20 10:45:37 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzBhNjQ3YjYtMDZhZC00Mzg2LWI4NzUtYjg1YWFjY2RmNDU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:36 GMT]}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "JbfQxRm3",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "JbfQxRm3",
"org" : "",
"prop1" : "JbfQxRm3",
"prop2" : "JbfQxRm3",
"prop3" : "JbfQxRm3",
"region" : "JbfQxRm3",
"secretKey" : "JbfQxRm3",
"version" : ""
}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:38.695+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlhMDE1ZTYtOWVlNC00OTAwLThiMWYtMGNjZjQ3ZDMyZTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:38 GMT]}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Time [1401]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:45:38 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlhMDE1ZTYtOWVlNC00OTAwLThiMWYtMGNjZjQ3ZDMyZTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:38 GMT]}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlhMDE1ZTYtOWVlNC00OTAwLThiMWYtMGNjZjQ3ZDMyZTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:38 GMT]}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlhMDE1ZTYtOWVlNC00OTAwLThiMWYtMGNjZjQ3ZDMyZTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:38 GMT]}]
2019-03-20 10:45:38 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlhMDE1ZTYtOWVlNC00OTAwLThiMWYtMGNjZjQ3ZDMyZTJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:38 GMT]}]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Method [POST]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request [{
"accessKey" : "Yzn8Q0eY",
"account" : "",
"channel" : "Yzn8Q0eY",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Yzn8Q0eY",
"org" : "",
"secretKey" : "Yzn8Q0eY",
"token" : "Yzn8Q0eY",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:40.125+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGM2MzI2MmYtMjA2Zi00NDIwLWE4NDktYmRiMjI2NzVlYzlh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:39 GMT]}]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Time [1428]
2019-03-20 10:45:40 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Size [753]
2019-03-20 10:45:40 ERROR [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:41.535+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/notifications/"
}]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTQ4M2U5MzctOTUzNC00NzBhLWI4NmItN2RjYjc1NmNmMWZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:40 GMT]}]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [1409]
2019-03-20 10:45:41 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168]
2019-03-20 10:45:41 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:42.632+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDFiZjRmNzItYTExNi00ZDI3LWJiMTEtMmZiZDc1NTNlOGRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:42 GMT]}]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1095]
2019-03-20 10:45:42 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:42 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:44.052+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTA2ZjkyZGYtZmFhMS00ODliLWExNGMtNzk1OTAyODUzODMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:43 GMT]}]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1419]
2019-03-20 10:45:44 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:44 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1NotificationsPostNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Mzg1MDdhMTAtZDE4Yi00ODUyLThkZWQtOWNkM2I2YTJlYjEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:42 GMT]}
Endpoint : http://13.56.210.25/api/v1/notifications
Request :
{
"accessKey" : "bBy6mwC0",
"account" : "",
"channel" : "bBy6mwC0",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "bBy6mwC0",
"org" : "",
"secretKey" : "bBy6mwC0",
"token" : "bBy6mwC0",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}
Response :
{
"timestamp" : "2019-03-20T10:46:43.098+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}
Logs :
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "5AekViGM",
"company" : "Lubowitz, Lubowitz and Lubowitz",
"createdBy" : "",
"createdDate" : "",
"description" : "5AekViGM",
"id" : "",
"inactive" : false,
"location" : "5AekViGM",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5AekViGM",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:34.540+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmMwNjFlMjQtNzBkMS00NWUzLTg0YzMtYmIxMjRiMTA2MWUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Time [1422]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:46:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmMwNjFlMjQtNzBkMS00NWUzLTg0YzMtYmIxMjRiMTA2MWUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmMwNjFlMjQtNzBkMS00NWUzLTg0YzMtYmIxMjRiMTA2MWUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmMwNjFlMjQtNzBkMS00NWUzLTg0YzMtYmIxMjRiMTA2MWUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmMwNjFlMjQtNzBkMS00NWUzLTg0YzMtYmIxMjRiMTA2MWUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "v77Rl7i8",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "v77Rl7i8",
"org" : "",
"prop1" : "v77Rl7i8",
"prop2" : "v77Rl7i8",
"prop3" : "v77Rl7i8",
"region" : "v77Rl7i8",
"secretKey" : "v77Rl7i8",
"version" : ""
}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:36.059+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWI2ZGZmZmQtNTA4OS00NDhmLWEzOGMtY2M4NmUzMmM0ZjMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Time [1518]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:46:36 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWI2ZGZmZmQtNTA4OS00NDhmLWEzOGMtY2M4NmUzMmM0ZjMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWI2ZGZmZmQtNTA4OS00NDhmLWEzOGMtY2M4NmUzMmM0ZjMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWI2ZGZmZmQtNTA4OS00NDhmLWEzOGMtY2M4NmUzMmM0ZjMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:36 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWI2ZGZmZmQtNTA4OS00NDhmLWEzOGMtY2M4NmUzMmM0ZjMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Request [{
"accessKey" : "JcrGNoe6",
"account" : "",
"channel" : "JcrGNoe6",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "JcrGNoe6",
"org" : "",
"secretKey" : "JcrGNoe6",
"token" : "JcrGNoe6",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:37.882+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODljNzU2ZjAtNjU2Ni00ZDEzLWI0NjUtMDJhM2NlZjgyYjIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:37 GMT]}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Time [1816]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1] : Size [753]
2019-03-20 10:46:37 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODljNzU2ZjAtNjU2Ni00ZDEzLWI0NjUtMDJhM2NlZjgyYjIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:37 GMT]}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODljNzU2ZjAtNjU2Ni00ZDEzLWI0NjUtMDJhM2NlZjgyYjIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:37 GMT]}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODljNzU2ZjAtNjU2Ni00ZDEzLWI0NjUtMDJhM2NlZjgyYjIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:37 GMT]}]
2019-03-20 10:46:37 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODljNzU2ZjAtNjU2Ni00ZDEzLWI0NjUtMDJhM2NlZjgyYjIz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:37 GMT]}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "5GCUnmsg",
"company" : "Rowe-Rowe",
"createdBy" : "",
"createdDate" : "",
"description" : "5GCUnmsg",
"id" : "",
"inactive" : false,
"location" : "5GCUnmsg",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5GCUnmsg",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:39.520+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjRhYzczODQtOTY0Zi00YWVlLThjNjItZDZhMTQ5MmFmMTli; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Time [1581]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:46:39 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjRhYzczODQtOTY0Zi00YWVlLThjNjItZDZhMTQ5MmFmMTli; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjRhYzczODQtOTY0Zi00YWVlLThjNjItZDZhMTQ5MmFmMTli; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjRhYzczODQtOTY0Zi00YWVlLThjNjItZDZhMTQ5MmFmMTli; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjRhYzczODQtOTY0Zi00YWVlLThjNjItZDZhMTQ5MmFmMTli; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "nha0sYTQ",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "nha0sYTQ",
"org" : "",
"prop1" : "nha0sYTQ",
"prop2" : "nha0sYTQ",
"prop3" : "nha0sYTQ",
"region" : "nha0sYTQ",
"secretKey" : "nha0sYTQ",
"version" : ""
}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:41.614+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDZkMzU2YTMtNzY1ZS00MTlmLTk4NDctN2QwN2M3MmM2ZTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Time [2097]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:46:41 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDZkMzU2YTMtNzY1ZS00MTlmLTk4NDctN2QwN2M3MmM2ZTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDZkMzU2YTMtNzY1ZS00MTlmLTk4NDctN2QwN2M3MmM2ZTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDZkMzU2YTMtNzY1ZS00MTlmLTk4NDctN2QwN2M3MmM2ZTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}]
2019-03-20 10:46:41 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDZkMzU2YTMtNzY1ZS00MTlmLTk4NDctN2QwN2M3MmM2ZTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Method [POST]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request [{
"accessKey" : "bBy6mwC0",
"account" : "",
"channel" : "bBy6mwC0",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "bBy6mwC0",
"org" : "",
"secretKey" : "bBy6mwC0",
"token" : "bBy6mwC0",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:43.098+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Mzg1MDdhMTAtZDE4Yi00ODUyLThkZWQtOWNkM2I2YTJlYjEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:42 GMT]}]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Time [1487]
2019-03-20 10:46:43 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Size [753]
2019-03-20 10:46:43 ERROR [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{
"timestamp" : "2019-03-20T10:46:44.390+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/notifications/"
}]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjE1NWYzN2YtODUyNy00NTk4LWJiYTAtYmUyZGRlOTg0YzFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:43 GMT]}]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [1282]
2019-03-20 10:46:44 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168]
2019-03-20 10:46:44 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:46.135+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2ZmNzkyYzctMjdmZi00YmQ4LTg3ZTYtNTc1OWVkMjFjYWUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:45 GMT]}]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1744]
2019-03-20 10:46:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:46:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:46:47.659+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDM4ZTU2NWEtN2JhZi00NTNlLTkyYWYtZDNkYjczMTJkOWZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:47 GMT]}]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1522]
2019-03-20 10:46:47 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:46:47 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1NotificationsPostNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGY1ZmU3MDMtM2E0Yi00MjJlLTk0NzktZmY1NDZjNWFjZjY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:44 GMT]}
Endpoint : http://13.56.210.25/api/v1/notifications
Request :
{ "accessKey" : "BcYHSdQr", "account" : "", "channel" : "BcYHSdQr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "BcYHSdQr", "org" : "", "secretKey" : "BcYHSdQr", "token" : "BcYHSdQr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }
Response :
{ "timestamp" : "2019-03-20T10:41:45.210+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])", "path" : "/api/v1/notifications" }Logs :
2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "ddoVOPa3", "company" : "Dare and Sons", "createdBy" : "", "createdDate" : "", "description" : "ddoVOPa3", "id" : "", "inactive" : false, "location" : "ddoVOPa3", "modifiedBy" : "", "modifiedDate" : "", "name" : "ddoVOPa3", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:41.699+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBkNjY4OTQtY2ZjNi00NmIwLThlOGMtNGNhZjhkNGVlNTgx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Time [623] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:41 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBkNjY4OTQtY2ZjNi00NmIwLThlOGMtNGNhZjhkNGVlNTgx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBkNjY4OTQtY2ZjNi00NmIwLThlOGMtNGNhZjhkNGVlNTgx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBkNjY4OTQtY2ZjNi00NmIwLThlOGMtNGNhZjhkNGVlNTgx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBkNjY4OTQtY2ZjNi00NmIwLThlOGMtNGNhZjhkNGVlNTgx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "hxVuhnEU", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "hxVuhnEU", "org" : "", "prop1" : "hxVuhnEU", "prop2" : "hxVuhnEU", "prop3" : "hxVuhnEU", "region" : "hxVuhnEU", "secretKey" : "hxVuhnEU", "version" : "" }] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:42.286+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzcyZjM1ODYtMTQ3OC00Yzg4LWE0MmItZmJlYzRkMTY5NmFl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Time [587] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:42 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzcyZjM1ODYtMTQ3OC00Yzg4LWE0MmItZmJlYzRkMTY5NmFl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzcyZjM1ODYtMTQ3OC00Yzg4LWE0MmItZmJlYzRkMTY5NmFl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzcyZjM1ODYtMTQ3OC00Yzg4LWE0MmItZmJlYzRkMTY5NmFl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzcyZjM1ODYtMTQ3OC00Yzg4LWE0MmItZmJlYzRkMTY5NmFl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Request [{ "accessKey" : "NXE9U38l", "account" : "", "channel" : "NXE9U38l", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "NXE9U38l", "org" : "", "secretKey" : "NXE9U38l", "token" : "NXE9U38l", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:42.977+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])", "path" : "/api/v1/notifications" }] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc4N2Q0NWUtZDdiMi00MWE5LWE5MDktODIzNzEzYTY2NDY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Time [687] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1] : Size [753] 2019-03-20 10:41:43 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc4N2Q0NWUtZDdiMi00MWE5LWE5MDktODIzNzEzYTY2NDY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc4N2Q0NWUtZDdiMi00MWE5LWE5MDktODIzNzEzYTY2NDY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc4N2Q0NWUtZDdiMi00MWE5LWE5MDktODIzNzEzYTY2NDY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc4N2Q0NWUtZDdiMi00MWE5LWE5MDktODIzNzEzYTY2NDY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Request [{ "billingEmail" : "Yj4Klc70", "company" : "O'Hara and Sons", "createdBy" : "", "createdDate" : "", "description" : "Yj4Klc70", "id" : "", "inactive" : false, "location" : "Yj4Klc70", "modifiedBy" : "", "modifiedDate" : "", "name" : "Yj4Klc70", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:43.577+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRiM2E3YWQtZGZmNy00ZDkwLWIzMmItYWE2NmNmZTZjNjA0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Time [541] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1] : Size [121] 2019-03-20 10:41:43 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRiM2E3YWQtZGZmNy00ZDkwLWIzMmItYWE2NmNmZTZjNjA0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRiM2E3YWQtZGZmNy00ZDkwLWIzMmItYWE2NmNmZTZjNjA0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRiM2E3YWQtZGZmNy00ZDkwLWIzMmItYWE2NmNmZTZjNjA0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRiM2E3YWQtZGZmNy00ZDkwLWIzMmItYWE2NmNmZTZjNjA0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Request [{ "accessKey" : "QRtE6wFs", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "QRtE6wFs", "org" : "", "prop1" : "QRtE6wFs", "prop2" : "QRtE6wFs", "prop3" : "QRtE6wFs", "region" : "QRtE6wFs", "secretKey" : "QRtE6wFs", "version" : "" }] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:44.388+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTAzYmEwNzUtMTFlMi00NjJkLWFlYzktYWUwZjRlNzJiNWFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Time [809] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1] : Size [722] 2019-03-20 10:41:44 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTAzYmEwNzUtMTFlMi00NjJkLWFlYzktYWUwZjRlNzJiNWFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTAzYmEwNzUtMTFlMi00NjJkLWFlYzktYWUwZjRlNzJiNWFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTAzYmEwNzUtMTFlMi00NjJkLWFlYzktYWUwZjRlNzJiNWFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTAzYmEwNzUtMTFlMi00NjJkLWFlYzktYWUwZjRlNzJiNWFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/notifications] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Method [POST] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request [{ "accessKey" : "BcYHSdQr", "account" : "", "channel" : "BcYHSdQr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "BcYHSdQr", "org" : "", "secretKey" : "BcYHSdQr", "token" : "BcYHSdQr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:45.210+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])", "path" : "/api/v1/notifications" }] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGY1ZmU3MDMtM2E0Yi00MjJlLTk0NzktZmY1NDZjNWFjZjY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:44 GMT]}] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Time [819] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Size [753] 2019-03-20 10:41:45 ERROR [ApiV1NotificationsPostNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:45.616+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/notifications/" }] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjMzMDU4Y2YtMzBkMi00NzAwLWJlM2MtNGNiMjljYzcyODNl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:44 GMT]}] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [405] 2019-03-20 10:41:45 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168] 2019-03-20 10:41:45 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:46.079+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjkxZTE2MGEtYTI3Zi00ZTMyLThmYzItOWMwOTA3MjdjY2Nl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:45 GMT]}] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [476] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:46.599+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmZkMWJmMDItMjE3YS00N2Q4LThjMTItOWNiOGZjMjAyOGU1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:45 GMT]}] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [505] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---