asriz7777
commented
5 years ago Project : FXABAC TEST
Template : ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTFkM2JhZDEtN2RmMC00ZTUxLWFmZjItNWM3ZDE4OTNkMmU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}
Endpoint : http://13.56.210.25/api/v1/runs/testsuite?region=&env=
Request :
{
"assertions" : [ "3lFOyD2d" ],
"assertionsText" : "3lFOyD2d",
"auth" : "3lFOyD2d",
"authors" : [ "3lFOyD2d" ],
"authorsText" : "3lFOyD2d",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "3lFOyD2d" ],
"cleanupText" : "3lFOyD2d",
"createdBy" : "",
"createdDate" : "",
"description" : "3lFOyD2d",
"endpoint" : "3lFOyD2d",
"headers" : [ "3lFOyD2d" ],
"headersText" : "3lFOyD2d",
"id" : "",
"inactive" : false,
"init" : [ "3lFOyD2d" ],
"initText" : "3lFOyD2d",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "3lFOyD2d",
"parent" : "3lFOyD2d",
"path" : "3lFOyD2d",
"policies" : {
"cleanupExec" : "3lFOyD2d",
"initExec" : "3lFOyD2d",
"logger" : "3lFOyD2d",
"repeat" : "1014007318",
"repeatDelay" : "1014007318",
"repeatModule" : "3lFOyD2d",
"repeatOnFailure" : "1014007318",
"timeoutSeconds" : "1014007318"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "3lFOyD2d" ],
"tagsText" : "3lFOyD2d",
"testCases" : [ {
"body" : "3lFOyD2d",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "3lFOyD2d"
}
Response :
{
"timestamp" : "2019-03-20T10:44:34.792+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/runs/testsuite"
}
Logs :
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "FO7eyNpi",
"company" : "Schmidt-Schmidt",
"createdBy" : "",
"createdDate" : "",
"description" : "FO7eyNpi",
"id" : "",
"inactive" : false,
"location" : "FO7eyNpi",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "FO7eyNpi",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:29.610+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDFhNDMyNzctZTVlNi00Y2I1LTk4Y2QtYWVmYTk2NTYxNGMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Time [865]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:29 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDFhNDMyNzctZTVlNi00Y2I1LTk4Y2QtYWVmYTk2NTYxNGMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDFhNDMyNzctZTVlNi00Y2I1LTk4Y2QtYWVmYTk2NTYxNGMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDFhNDMyNzctZTVlNi00Y2I1LTk4Y2QtYWVmYTk2NTYxNGMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:29 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDFhNDMyNzctZTVlNi00Y2I1LTk4Y2QtYWVmYTk2NTYxNGMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:28 GMT]}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "HZh1KowP",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "HZh1KowP",
"org" : "",
"prop1" : "HZh1KowP",
"prop2" : "HZh1KowP",
"prop3" : "HZh1KowP",
"region" : "HZh1KowP",
"secretKey" : "HZh1KowP",
"version" : ""
}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:30.513+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTI2ZjA4NGItMTExOS00ZDFlLTgwOGEtNTkyMWNhZWU4NTQw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Time [900]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:30 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTI2ZjA4NGItMTExOS00ZDFlLTgwOGEtNTkyMWNhZWU4NTQw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTI2ZjA4NGItMTExOS00ZDFlLTgwOGEtNTkyMWNhZWU4NTQw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTI2ZjA4NGItMTExOS00ZDFlLTgwOGEtNTkyMWNhZWU4NTQw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTI2ZjA4NGItMTExOS00ZDFlLTgwOGEtNTkyMWNhZWU4NTQw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "WITGEyWm",
"createdBy" : "",
"createdDate" : "",
"description" : "WITGEyWm",
"host" : "WITGEyWm",
"id" : "",
"inactive" : false,
"key" : "WITGEyWm",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "WITGEyWm",
"org" : "",
"prop1" : "WITGEyWm",
"prop2" : "WITGEyWm",
"prop3" : "WITGEyWm",
"prop4" : "WITGEyWm",
"prop5" : "WITGEyWm",
"secretKey" : "WITGEyWm",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:31.396+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWViMjllNWMtYzc1ZS00OGEzLThkMzQtYWU4N2NjNDVlNzlj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Time [882]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:44:31 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWViMjllNWMtYzc1ZS00OGEzLThkMzQtYWU4N2NjNDVlNzlj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWViMjllNWMtYzc1ZS00OGEzLThkMzQtYWU4N2NjNDVlNzlj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWViMjllNWMtYzc1ZS00OGEzLThkMzQtYWU4N2NjNDVlNzlj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWViMjllNWMtYzc1ZS00OGEzLThkMzQtYWU4N2NjNDVlNzlj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "AsWYQyX7",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "AsWYQyX7",
"org" : "",
"prop1" : "AsWYQyX7",
"prop2" : "AsWYQyX7",
"prop3" : "AsWYQyX7",
"prop4" : "AsWYQyX7",
"prop5" : "AsWYQyX7",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:31.955+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiZGU2MGUtN2I2MS00MDA3LWFmYTctZTZiODIwNzdkMzBh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [556]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:44:31 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiZGU2MGUtN2I2MS00MDA3LWFmYTctZTZiODIwNzdkMzBh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiZGU2MGUtN2I2MS00MDA3LWFmYTctZTZiODIwNzdkMzBh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiZGU2MGUtN2I2MS00MDA3LWFmYTctZTZiODIwNzdkMzBh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:31 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiZGU2MGUtN2I2MS00MDA3LWFmYTctZTZiODIwNzdkMzBh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "345417972",
"branch" : "EouHMQm8",
"bugsOpen" : "345417972",
"createdBy" : "",
"createdDate" : "",
"description" : "EouHMQm8",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "EouHMQm8",
"issueTracker" : "",
"lastCommit" : "EouHMQm8",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "EouHMQm8",
"openAPISpec" : "EouHMQm8",
"openText" : "EouHMQm8",
"org" : "",
"props" : null,
"url" : "EouHMQm8",
"version" : ""
}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:32.606+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE3ZTNlYWUtNWU2NS00ZTBlLWFlNDAtN2Y1MWI5MzY5MzRm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Time [650]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:44:32 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE3ZTNlYWUtNWU2NS00ZTBlLWFlNDAtN2Y1MWI5MzY5MzRm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE3ZTNlYWUtNWU2NS00ZTBlLWFlNDAtN2Y1MWI5MzY5MzRm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE3ZTNlYWUtNWU2NS00ZTBlLWFlNDAtN2Y1MWI5MzY5MzRm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE3ZTNlYWUtNWU2NS00ZTBlLWFlNDAtN2Y1MWI5MzY5MzRm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "Io1GnuMS",
"auth" : "Io1GnuMS",
"authorsText" : "Io1GnuMS",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "Io1GnuMS",
"createdBy" : "",
"createdDate" : "",
"description" : "Io1GnuMS",
"endpoint" : "Io1GnuMS",
"headersText" : "Io1GnuMS",
"id" : "",
"inactive" : false,
"initText" : "Io1GnuMS",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Io1GnuMS",
"parent" : "Io1GnuMS",
"path" : "Io1GnuMS",
"policie" : {
"cleanupExec" : "Io1GnuMS",
"initExec" : "Io1GnuMS",
"logger" : "Io1GnuMS",
"repeat" : "1270928160",
"repeatDelay" : "1270928160",
"repeatModule" : "Io1GnuMS",
"repeatOnFailure" : "1270928160",
"timeoutSeconds" : "1270928160"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "Io1GnuMS",
"type" : "Abstract",
"version" : "",
"yaml" : "Io1GnuMS"
}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:33.251+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmYyNGY3MmItNGI2Yy00MWRhLWFhNmUtZjFiOGMzZTFlMzRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [643]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:44:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmYyNGY3MmItNGI2Yy00MWRhLWFhNmUtZjFiOGMzZTFlMzRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmYyNGY3MmItNGI2Yy00MWRhLWFhNmUtZjFiOGMzZTFlMzRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmYyNGY3MmItNGI2Yy00MWRhLWFhNmUtZjFiOGMzZTFlMzRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmYyNGY3MmItNGI2Yy00MWRhLWFhNmUtZjFiOGMzZTFlMzRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1566645979",
"branch" : "JjolL98H",
"bugsOpen" : "1566645979",
"createdBy" : "",
"createdDate" : "",
"description" : "JjolL98H",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "JjolL98H",
"issueTracker" : "",
"lastCommit" : "JjolL98H",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "JjolL98H",
"openAPISpec" : "JjolL98H",
"openText" : "JjolL98H",
"org" : "",
"props" : null,
"url" : "JjolL98H",
"version" : ""
}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:33.977+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWIxYjBkMDYtYjZmOC00MGY1LWE4NDQtMjdjMDdlODA5MDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Time [723]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:44:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWIxYjBkMDYtYjZmOC00MGY1LWE4NDQtMjdjMDdlODA5MDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWIxYjBkMDYtYjZmOC00MGY1LWE4NDQtMjdjMDdlODA5MDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWIxYjBkMDYtYjZmOC00MGY1LWE4NDQtMjdjMDdlODA5MDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWIxYjBkMDYtYjZmOC00MGY1LWE4NDQtMjdjMDdlODA5MDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/runs/testsuite?region=&env=]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "3lFOyD2d" ],
"assertionsText" : "3lFOyD2d",
"auth" : "3lFOyD2d",
"authors" : [ "3lFOyD2d" ],
"authorsText" : "3lFOyD2d",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "3lFOyD2d" ],
"cleanupText" : "3lFOyD2d",
"createdBy" : "",
"createdDate" : "",
"description" : "3lFOyD2d",
"endpoint" : "3lFOyD2d",
"headers" : [ "3lFOyD2d" ],
"headersText" : "3lFOyD2d",
"id" : "",
"inactive" : false,
"init" : [ "3lFOyD2d" ],
"initText" : "3lFOyD2d",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "3lFOyD2d",
"parent" : "3lFOyD2d",
"path" : "3lFOyD2d",
"policies" : {
"cleanupExec" : "3lFOyD2d",
"initExec" : "3lFOyD2d",
"logger" : "3lFOyD2d",
"repeat" : "1014007318",
"repeatDelay" : "1014007318",
"repeatModule" : "3lFOyD2d",
"repeatOnFailure" : "1014007318",
"timeoutSeconds" : "1014007318"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "3lFOyD2d" ],
"tagsText" : "3lFOyD2d",
"testCases" : [ {
"body" : "3lFOyD2d",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "3lFOyD2d"
}]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:34.792+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/runs/testsuite"
}]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTFkM2JhZDEtN2RmMC00ZTUxLWFmZjItNWM3ZDE4OTNkMmU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Time [813]
2019-03-20 10:44:34 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Size [753]
2019-03-20 10:44:34 ERROR [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:44:35.769+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDI3ZDA1ZWMtYzdmZC00NWNiLWFhMWYtN2FmNjhiZTQ3ZDE1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [985]
2019-03-20 10:44:35 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:44:35 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:36.842+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGI0MDcyMjktMzhhNC00Yzc3LWJhOTAtOWQxYzhmOWE1ODk5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1062]
2019-03-20 10:44:36 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:44:36 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:37.618+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2JjODk1YzktNTU2MS00ZmU4LTk4MjMtNjVhNTZkZDJlNzVm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [774]
2019-03-20 10:44:37 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:44:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:38.481+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTllYjcwZDItNWIyNC00ZmNhLTg3Y2QtM2IwMjg2OTZhMzA4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:38 GMT]}]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [863]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:44:38 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:39.096+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzE5MDc1NDYtN2E2MC00MjMyLWJkMmItZjgwNjI1ZmU3N2M0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:38 GMT]}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [613]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:39 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:39.746+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTI0ZTJlZDctYzdhOC00M2Y4LWJmYjYtMTliYTdjNzZhZDlj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:39 GMT]}]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [649]
2019-03-20 10:44:39 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:39 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTQxYWE5MTgtNWIyNS00MzkyLTg1YzQtY2Y1MjdmZGZkYjc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}
Endpoint : http://13.56.210.25/api/v1/runs/testsuite?region=&env=
Request :
{ "assertions" : [ "MnUzaM64" ], "assertionsText" : "MnUzaM64", "auth" : "MnUzaM64", "authors" : [ "MnUzaM64" ], "authorsText" : "MnUzaM64", "autoGenerated" : false, "category" : "XSS_Injection", "cleanup" : [ "MnUzaM64" ], "cleanupText" : "MnUzaM64", "createdBy" : "", "createdDate" : "", "description" : "MnUzaM64", "endpoint" : "MnUzaM64", "headers" : [ "MnUzaM64" ], "headersText" : "MnUzaM64", "id" : "", "inactive" : false, "init" : [ "MnUzaM64" ], "initText" : "MnUzaM64", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "MnUzaM64", "parent" : "MnUzaM64", "path" : "MnUzaM64", "policies" : { "cleanupExec" : "MnUzaM64", "initExec" : "MnUzaM64", "logger" : "MnUzaM64", "repeat" : "1209329611", "repeatDelay" : "1209329611", "repeatModule" : "MnUzaM64", "repeatOnFailure" : "1209329611", "timeoutSeconds" : "1209329611" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Major", "tags" : [ "MnUzaM64" ], "tagsText" : "MnUzaM64", "testCases" : [ { "body" : "MnUzaM64", "id" : "", "inactive" : false } ], "type" : "Suite", "version" : "", "yaml" : "MnUzaM64" }
Response :
{ "timestamp" : "2019-03-20T10:41:42.907+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.ProjectMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/runs/testsuite" }Logs :
2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "2iBqfJWs", "company" : "Reichel, Reichel and Reichel", "createdBy" : "", "createdDate" : "", "description" : "2iBqfJWs", "id" : "", "inactive" : false, "location" : "2iBqfJWs", "modifiedBy" : "", "modifiedDate" : "", "name" : "2iBqfJWs", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:38.515+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IzOTgwNGYtYTljMS00MGI2LWFkMWYtZWNjMjVlZjI1MTk2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Time [728] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:38 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IzOTgwNGYtYTljMS00MGI2LWFkMWYtZWNjMjVlZjI1MTk2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IzOTgwNGYtYTljMS00MGI2LWFkMWYtZWNjMjVlZjI1MTk2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IzOTgwNGYtYTljMS00MGI2LWFkMWYtZWNjMjVlZjI1MTk2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:38 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IzOTgwNGYtYTljMS00MGI2LWFkMWYtZWNjMjVlZjI1MTk2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "VXFvWcjc", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "VXFvWcjc", "org" : "", "prop1" : "VXFvWcjc", "prop2" : "VXFvWcjc", "prop3" : "VXFvWcjc", "region" : "VXFvWcjc", "secretKey" : "VXFvWcjc", "version" : "" }] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:39.156+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM3YTQ2M2QtMTQ0Mi00NWM3LThiYzktYjIwZjNmZWIyNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Time [637] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:39 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM3YTQ2M2QtMTQ0Mi00NWM3LThiYzktYjIwZjNmZWIyNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM3YTQ2M2QtMTQ0Mi00NWM3LThiYzktYjIwZjNmZWIyNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM3YTQ2M2QtMTQ0Mi00NWM3LThiYzktYjIwZjNmZWIyNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:39 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM3YTQ2M2QtMTQ0Mi00NWM3LThiYzktYjIwZjNmZWIyNDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:38 GMT]}] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Request [{ "accessKey" : "hBB8hbkh", "createdBy" : "", "createdDate" : "", "description" : "hBB8hbkh", "host" : "hBB8hbkh", "id" : "", "inactive" : false, "key" : "hBB8hbkh", "modifiedBy" : "", "modifiedDate" : "", "name" : "hBB8hbkh", "org" : "", "prop1" : "hBB8hbkh", "prop2" : "hBB8hbkh", "prop3" : "hBB8hbkh", "prop4" : "hBB8hbkh", "prop5" : "hBB8hbkh", "secretKey" : "hBB8hbkh", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:39.691+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmQwMzA0MzEtMDJlMy00MjM0LTkyZmUtOGQ3ODY5MWY4Njkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Time [531] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1] : Size [716] 2019-03-20 10:41:39 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmQwMzA0MzEtMDJlMy00MjM0LTkyZmUtOGQ3ODY5MWY4Njkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmQwMzA0MzEtMDJlMy00MjM0LTkyZmUtOGQ3ODY5MWY4Njkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmQwMzA0MzEtMDJlMy00MjM0LTkyZmUtOGQ3ODY5MWY4Njkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:39 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmQwMzA0MzEtMDJlMy00MjM0LTkyZmUtOGQ3ODY5MWY4Njkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "IqjqxOfh", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "IqjqxOfh", "org" : "", "prop1" : "IqjqxOfh", "prop2" : "IqjqxOfh", "prop3" : "IqjqxOfh", "prop4" : "IqjqxOfh", "prop5" : "IqjqxOfh", "skill" : "", "state" : "INACTIVE", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:40.107+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDc2OWZlNmItYjc0NS00Mjg4LWIyNjAtYzQ0MGRkYmNlMzA4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [415] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768] 2019-03-20 10:41:40 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDc2OWZlNmItYjc0NS00Mjg4LWIyNjAtYzQ0MGRkYmNlMzA4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDc2OWZlNmItYjc0NS00Mjg4LWIyNjAtYzQ0MGRkYmNlMzA4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDc2OWZlNmItYjc0NS00Mjg4LWIyNjAtYzQ0MGRkYmNlMzA4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDc2OWZlNmItYjc0NS00Mjg4LWIyNjAtYzQ0MGRkYmNlMzA4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "919357351", "branch" : "qqGQcbFy", "bugsOpen" : "919357351", "createdBy" : "", "createdDate" : "", "description" : "qqGQcbFy", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "qqGQcbFy", "issueTracker" : "", "lastCommit" : "qqGQcbFy", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "qqGQcbFy", "openAPISpec" : "qqGQcbFy", "openText" : "qqGQcbFy", "org" : "", "props" : null, "url" : "qqGQcbFy", "version" : "" }] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:40.943+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2I5MThjNmUtY2YwNC00MTZkLWI3YWMtODliMTEyNmMzYjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Time [833] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1] : Size [744] 2019-03-20 10:41:40 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2I5MThjNmUtY2YwNC00MTZkLWI3YWMtODliMTEyNmMzYjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2I5MThjNmUtY2YwNC00MTZkLWI3YWMtODliMTEyNmMzYjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2I5MThjNmUtY2YwNC00MTZkLWI3YWMtODliMTEyNmMzYjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2I5MThjNmUtY2YwNC00MTZkLWI3YWMtODliMTEyNmMzYjJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{ "assertionsText" : "hKHeaz4Q", "auth" : "hKHeaz4Q", "authorsText" : "hKHeaz4Q", "autoGenerated" : false, "category" : "Special_Chars", "cleanupText" : "hKHeaz4Q", "createdBy" : "", "createdDate" : "", "description" : "hKHeaz4Q", "endpoint" : "hKHeaz4Q", "headersText" : "hKHeaz4Q", "id" : "", "inactive" : false, "initText" : "hKHeaz4Q", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "hKHeaz4Q", "parent" : "hKHeaz4Q", "path" : "hKHeaz4Q", "policie" : { "cleanupExec" : "hKHeaz4Q", "initExec" : "hKHeaz4Q", "logger" : "hKHeaz4Q", "repeat" : "1240894294", "repeatDelay" : "1240894294", "repeatModule" : "hKHeaz4Q", "repeatOnFailure" : "1240894294", "timeoutSeconds" : "1240894294" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Trivial", "tagsText" : "hKHeaz4Q", "type" : "Abstract", "version" : "", "yaml" : "hKHeaz4Q" }] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:41.550+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDViOGExMmEtNjFmYS00Mzc3LTgxZDAtNGVkNjI4MjE3NTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [605] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750] 2019-03-20 10:41:41 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDViOGExMmEtNjFmYS00Mzc3LTgxZDAtNGVkNjI4MjE3NTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDViOGExMmEtNjFmYS00Mzc3LTgxZDAtNGVkNjI4MjE3NTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDViOGExMmEtNjFmYS00Mzc3LTgxZDAtNGVkNjI4MjE3NTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDViOGExMmEtNjFmYS00Mzc3LTgxZDAtNGVkNjI4MjE3NTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "1198085509", "branch" : "DWxMEGqb", "bugsOpen" : "1198085509", "createdBy" : "", "createdDate" : "", "description" : "DWxMEGqb", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "DWxMEGqb", "issueTracker" : "", "lastCommit" : "DWxMEGqb", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "DWxMEGqb", "openAPISpec" : "DWxMEGqb", "openText" : "DWxMEGqb", "org" : "", "props" : null, "url" : "DWxMEGqb", "version" : "" }] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:42.295+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTRhMTY3NWItY2RiMy00MjExLTljZmYtYTk5MmIyMDIyNjI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Time [743] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1] : Size [744] 2019-03-20 10:41:42 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTRhMTY3NWItY2RiMy00MjExLTljZmYtYTk5MmIyMDIyNjI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTRhMTY3NWItY2RiMy00MjExLTljZmYtYTk5MmIyMDIyNjI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTRhMTY3NWItY2RiMy00MjExLTljZmYtYTk5MmIyMDIyNjI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTRhMTY3NWItY2RiMy00MjExLTljZmYtYTk5MmIyMDIyNjI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/runs/testsuite?region=&env=] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Method [PUT] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Request [{ "assertions" : [ "MnUzaM64" ], "assertionsText" : "MnUzaM64", "auth" : "MnUzaM64", "authors" : [ "MnUzaM64" ], "authorsText" : "MnUzaM64", "autoGenerated" : false, "category" : "XSS_Injection", "cleanup" : [ "MnUzaM64" ], "cleanupText" : "MnUzaM64", "createdBy" : "", "createdDate" : "", "description" : "MnUzaM64", "endpoint" : "MnUzaM64", "headers" : [ "MnUzaM64" ], "headersText" : "MnUzaM64", "id" : "", "inactive" : false, "init" : [ "MnUzaM64" ], "initText" : "MnUzaM64", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "MnUzaM64", "parent" : "MnUzaM64", "path" : "MnUzaM64", "policies" : { "cleanupExec" : "MnUzaM64", "initExec" : "MnUzaM64", "logger" : "MnUzaM64", "repeat" : "1209329611", "repeatDelay" : "1209329611", "repeatModule" : "MnUzaM64", "repeatOnFailure" : "1209329611", "timeoutSeconds" : "1209329611" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Major", "tags" : [ "MnUzaM64" ], "tagsText" : "MnUzaM64", "testCases" : [ { "body" : "MnUzaM64", "id" : "", "inactive" : false } ], "type" : "Suite", "version" : "", "yaml" : "MnUzaM64" }] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:42.907+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/runs/testsuite" }] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTQxYWE5MTgtNWIyNS00MzkyLTg1YzQtY2Y1MjdmZGZkYjc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Time [609] 2019-03-20 10:41:42 DEBUG [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Size [753] 2019-03-20 10:41:42 ERROR [ApiV1RunsTestsuiteRegionNullEnvEnvPutTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{ "timestamp" : "2019-03-20T10:41:43.622+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/test-suites/" }] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjQwODg1MGItZjY4MS00YWNjLThkYTAtMzFhOGY2MTQxODY2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [714] 2019-03-20 10:41:43 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166] 2019-03-20 10:41:43 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:44.042+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/projects/" }] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzZmNmU1M2MtOTg3Ny00NGIyLWE5OTktYzQyNGIzMzNkY2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [417] 2019-03-20 10:41:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163] 2019-03-20 10:41:44 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:44.744+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/issue-trackers/issue-tracker-bot/" }] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTBmMjg0NWUtYTNlZi00MDlmLTg5ZWMtZWNhMTk3MzZlOTBj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:44 GMT]}] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [702] 2019-03-20 10:41:44 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187] 2019-03-20 10:41:44 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:45.567+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/skills/" }] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDFkZDI4Y2QtMGEyMC00ZGI1LThjMDQtM2E4ZWFhMTJjMjQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:44 GMT]}] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [841] 2019-03-20 10:41:45 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161] 2019-03-20 10:41:45 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:46.256+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmQ5OTQwYjUtMmQyMi00YzZmLWJjZGYtM2ZjOGRlMTQ3MmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:45 GMT]}] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [669] 2019-03-20 10:41:46 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:46.802+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2NiMzk1ZTMtNTNjOS00NDhmLWE2YTgtOTcwMGZhNmJkMWJk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:45 GMT]}] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [545] 2019-03-20 10:41:46 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---