Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : ApiV1EnvsPutEnvironmentuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTE3YTQ1NDQtMjU4Mi00Nzc4LWEyMmYtMGNlMGMyZDRlODBl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}
Endpoint : http://13.56.210.25/api/v1/envs
Request :
{
"auths" : [ {
"accessTokenUri" : "Vc6AUvZg",
"authType" : "BasicAuth",
"authorizationScheme" : "header",
"clientAuthenticationScheme" : "header",
"clientId" : "Vc6AUvZg",
"clientSecret" : "Vc6AUvZg",
"grantType" : "password",
"header_1" : "Vc6AUvZg",
"header_2" : "Vc6AUvZg",
"header_3" : "Vc6AUvZg",
"id" : "",
"name" : "Vc6AUvZg",
"password" : "Vc6AUvZg",
"preEstablishedRedirectUri" : "Vc6AUvZg",
"scope" : "Vc6AUvZg",
"tokenName" : "Vc6AUvZg",
"useCurrentUri" : false,
"userAuthorizationUri" : "Vc6AUvZg",
"username" : "willy.lakin"
} ],
"baseUrl" : "Vc6AUvZg",
"createdBy" : "",
"createdDate" : "",
"description" : "Vc6AUvZg",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Vc6AUvZg",
"projectId" : "Vc6AUvZg",
"refId" : "Vc6AUvZg",
"version" : ""
}
Response :
{
"requestId" : "None",
"requestTime" : "2019-03-20T10:44:35.660+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : "",
"value" : "Resource name or key already exists."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}
Logs :
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "HdENMdzF",
"company" : "Mohr-Mohr",
"createdBy" : "",
"createdDate" : "",
"description" : "HdENMdzF",
"id" : "",
"inactive" : false,
"location" : "HdENMdzF",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "HdENMdzF",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:30.602+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQ3NjMwYWEtODQ0NS00N2ZlLTk0OGMtZDg1ZjE1NGM5ZDA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Time [666]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:30 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQ3NjMwYWEtODQ0NS00N2ZlLTk0OGMtZDg1ZjE1NGM5ZDA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQ3NjMwYWEtODQ0NS00N2ZlLTk0OGMtZDg1ZjE1NGM5ZDA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQ3NjMwYWEtODQ0NS00N2ZlLTk0OGMtZDg1ZjE1NGM5ZDA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:30 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQ3NjMwYWEtODQ0NS00N2ZlLTk0OGMtZDg1ZjE1NGM5ZDA1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:29 GMT]}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "O4YNSOjL",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "O4YNSOjL",
"org" : "",
"prop1" : "O4YNSOjL",
"prop2" : "O4YNSOjL",
"prop3" : "O4YNSOjL",
"region" : "O4YNSOjL",
"secretKey" : "O4YNSOjL",
"version" : ""
}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:31.480+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlmMWU5ZTktNTQxMi00MDUyLWE3OTQtOWJkMjcyMDI2ZmZk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Time [876]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:31 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlmMWU5ZTktNTQxMi00MDUyLWE3OTQtOWJkMjcyMDI2ZmZk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlmMWU5ZTktNTQxMi00MDUyLWE3OTQtOWJkMjcyMDI2ZmZk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlmMWU5ZTktNTQxMi00MDUyLWE3OTQtOWJkMjcyMDI2ZmZk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:31 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzlmMWU5ZTktNTQxMi00MDUyLWE3OTQtOWJkMjcyMDI2ZmZk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:30 GMT]}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "D4nIg6r6",
"createdBy" : "",
"createdDate" : "",
"description" : "D4nIg6r6",
"host" : "D4nIg6r6",
"id" : "",
"inactive" : false,
"key" : "D4nIg6r6",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "D4nIg6r6",
"org" : "",
"prop1" : "D4nIg6r6",
"prop2" : "D4nIg6r6",
"prop3" : "D4nIg6r6",
"prop4" : "D4nIg6r6",
"prop5" : "D4nIg6r6",
"secretKey" : "D4nIg6r6",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:32.199+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTk2NWJlZTItZDYyOC00Y2MyLWJhNmUtZmQxZWJjY2RhODYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Time [717]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:44:32 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTk2NWJlZTItZDYyOC00Y2MyLWJhNmUtZmQxZWJjY2RhODYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTk2NWJlZTItZDYyOC00Y2MyLWJhNmUtZmQxZWJjY2RhODYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTk2NWJlZTItZDYyOC00Y2MyLWJhNmUtZmQxZWJjY2RhODYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:32 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTk2NWJlZTItZDYyOC00Y2MyLWJhNmUtZmQxZWJjY2RhODYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:31 GMT]}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "svCCMZQk",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "svCCMZQk",
"org" : "",
"prop1" : "svCCMZQk",
"prop2" : "svCCMZQk",
"prop3" : "svCCMZQk",
"prop4" : "svCCMZQk",
"prop5" : "svCCMZQk",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:33.002+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjRlNDNkMWMtMzc0NS00MjRkLWI1YjktZDlkZjExMTBhNDg4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [805]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:44:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjRlNDNkMWMtMzc0NS00MjRkLWI1YjktZDlkZjExMTBhNDg4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjRlNDNkMWMtMzc0NS00MjRkLWI1YjktZDlkZjExMTBhNDg4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjRlNDNkMWMtMzc0NS00MjRkLWI1YjktZDlkZjExMTBhNDg4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjRlNDNkMWMtMzc0NS00MjRkLWI1YjktZDlkZjExMTBhNDg4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1061217688",
"branch" : "5q1YJwBu",
"bugsOpen" : "1061217688",
"createdBy" : "",
"createdDate" : "",
"description" : "5q1YJwBu",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "5q1YJwBu",
"issueTracker" : "",
"lastCommit" : "5q1YJwBu",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5q1YJwBu",
"openAPISpec" : "5q1YJwBu",
"openText" : "5q1YJwBu",
"org" : "",
"props" : null,
"url" : "5q1YJwBu",
"version" : ""
}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:33.540+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTkyYWQ2OTEtMTAyNC00YTJlLWI2OGItMDA3M2RiZWQxNjZh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Time [531]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:44:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTkyYWQ2OTEtMTAyNC00YTJlLWI2OGItMDA3M2RiZWQxNjZh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTkyYWQ2OTEtMTAyNC00YTJlLWI2OGItMDA3M2RiZWQxNjZh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTkyYWQ2OTEtMTAyNC00YTJlLWI2OGItMDA3M2RiZWQxNjZh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:33 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTkyYWQ2OTEtMTAyNC00YTJlLWI2OGItMDA3M2RiZWQxNjZh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:33 GMT]}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/envs]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Request [{
"baseUrl" : "685QUhOw",
"createdBy" : "",
"createdDate" : "",
"description" : "685QUhOw",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "685QUhOw",
"projectId" : "",
"refId" : "685QUhOw",
"version" : ""
}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Response [{
"requestId" : "None",
"requestTime" : "2019-03-20T10:44:34.437+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : null,
"value" : "Invalid project."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZThhMWJiM2MtNWUzZi00NDg2LWFiNWItOTcwOWYxMTBmMzRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : StatusCode [200]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Time [903]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1] : Size [192]
2019-03-20 10:44:34 INFO [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [200 == 200 OR 200 == 201] result [Passed]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZThhMWJiM2MtNWUzZi00NDg2LWFiNWItOTcwOWYxMTBmMzRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZThhMWJiM2MtNWUzZi00NDg2LWFiNWItOTcwOWYxMTBmMzRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZThhMWJiM2MtNWUzZi00NDg2LWFiNWItOTcwOWYxMTBmMzRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:34 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZThhMWJiM2MtNWUzZi00NDg2LWFiNWItOTcwOWYxMTBmMzRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:34 GMT]}]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/envs]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request [{
"auths" : [ {
"accessTokenUri" : "Vc6AUvZg",
"authType" : "BasicAuth",
"authorizationScheme" : "header",
"clientAuthenticationScheme" : "header",
"clientId" : "Vc6AUvZg",
"clientSecret" : "Vc6AUvZg",
"grantType" : "password",
"header_1" : "Vc6AUvZg",
"header_2" : "Vc6AUvZg",
"header_3" : "Vc6AUvZg",
"id" : "",
"name" : "Vc6AUvZg",
"password" : "Vc6AUvZg",
"preEstablishedRedirectUri" : "Vc6AUvZg",
"scope" : "Vc6AUvZg",
"tokenName" : "Vc6AUvZg",
"useCurrentUri" : false,
"userAuthorizationUri" : "Vc6AUvZg",
"username" : "willy.lakin"
} ],
"baseUrl" : "Vc6AUvZg",
"createdBy" : "",
"createdDate" : "",
"description" : "Vc6AUvZg",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Vc6AUvZg",
"projectId" : "Vc6AUvZg",
"refId" : "Vc6AUvZg",
"version" : ""
}]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response [{
"requestId" : "None",
"requestTime" : "2019-03-20T10:44:35.660+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : "",
"value" : "Resource name or key already exists."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTE3YTQ1NDQtMjU4Mi00Nzc4LWEyMmYtMGNlMGMyZDRlODBl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:35 GMT]}]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : StatusCode [200]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Time [1161]
2019-03-20 10:44:35 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Size [210]
2019-03-20 10:44:35 ERROR [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [200 == 401 OR 200 == 403] result [Failed]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : URL [http://13.56.210.25/api/v1/envs/]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Method [DELETE]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request [null]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:36.633+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/envs/"
}]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response-Headers [{Allow=[PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWFhY2I5ODQtNzliMy00ZGM3LTk4NmItNTA1ZTAwZmYwYTRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:36 GMT]}]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : StatusCode [405]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Time [964]
2019-03-20 10:44:36 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Size [159]
2019-03-20 10:44:36 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:37.413+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWQxZmI5NDktNzg0MS00Mzg1LTllM2EtMGI0YzQ5NzMyMTk1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:37 GMT]}]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [778]
2019-03-20 10:44:37 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:44:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:38.205+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGNjNzM0ZTAtMzI4OC00N2M3LTk4NjctNzE3ODFmNDM5OTgx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:38 GMT]}]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [791]
2019-03-20 10:44:38 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:44:38 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:38.816+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmM2OTUwMTgtYWRmOS00MmFhLWE5MmUtMmZmMTE5YThhMzcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:38 GMT]}]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [611]
2019-03-20 10:44:38 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:44:38 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:39.287+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzU4ZTQyOWMtNjY5Zi00NDFhLTljY2UtN2MyYzExMDBmYzI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:39 GMT]}]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [469]
2019-03-20 10:44:39 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:39 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:40.079+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM2OTdhNGItYmQzNi00ZDEyLTgyMjgtYTUwZTUyMDI1MDdl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:39 GMT]}]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [791]
2019-03-20 10:44:40 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:40 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1EnvsPutEnvironmentuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDQ3YWI5ZjctNWJkNi00ZjkwLWJkZjQtY2UzNmQ2OGI0ZmNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:29 GMT]}
Endpoint : http://13.56.210.25/api/v1/envs
Request :
{
"auths" : [ {
"accessTokenUri" : "XoEBrYuN",
"authType" : "BasicAuth",
"authorizationScheme" : "header",
"clientAuthenticationScheme" : "header",
"clientId" : "XoEBrYuN",
"clientSecret" : "XoEBrYuN",
"grantType" : "password",
"header_1" : "XoEBrYuN",
"header_2" : "XoEBrYuN",
"header_3" : "XoEBrYuN",
"id" : "",
"name" : "XoEBrYuN",
"password" : "XoEBrYuN",
"preEstablishedRedirectUri" : "XoEBrYuN",
"scope" : "XoEBrYuN",
"tokenName" : "XoEBrYuN",
"useCurrentUri" : false,
"userAuthorizationUri" : "XoEBrYuN",
"username" : "sandra.hammes"
} ],
"baseUrl" : "XoEBrYuN",
"createdBy" : "",
"createdDate" : "",
"description" : "XoEBrYuN",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "XoEBrYuN",
"projectId" : "XoEBrYuN",
"refId" : "XoEBrYuN",
"version" : ""
}
Response :
{
"requestId" : "None",
"requestTime" : "2019-03-20T10:45:30.114+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : "",
"value" : "Resource name or key already exists."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}
Logs :
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "9X4jzXE5",
"company" : "Altenwerth-Altenwerth",
"createdBy" : "",
"createdDate" : "",
"description" : "9X4jzXE5",
"id" : "",
"inactive" : false,
"location" : "9X4jzXE5",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "9X4jzXE5",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:23.469+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDI5MzIwMDQtODA3Mi00ZDYzLWI1ZWUtOTQyMGM2YmQ1ZjQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Time [1378]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:45:23 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDI5MzIwMDQtODA3Mi00ZDYzLWI1ZWUtOTQyMGM2YmQ1ZjQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDI5MzIwMDQtODA3Mi00ZDYzLWI1ZWUtOTQyMGM2YmQ1ZjQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDI5MzIwMDQtODA3Mi00ZDYzLWI1ZWUtOTQyMGM2YmQ1ZjQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:23 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDI5MzIwMDQtODA3Mi00ZDYzLWI1ZWUtOTQyMGM2YmQ1ZjQ2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:23 GMT]}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "ZjaVvRZQ",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "ZjaVvRZQ",
"org" : "",
"prop1" : "ZjaVvRZQ",
"prop2" : "ZjaVvRZQ",
"prop3" : "ZjaVvRZQ",
"region" : "ZjaVvRZQ",
"secretKey" : "ZjaVvRZQ",
"version" : ""
}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:24.755+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjViNGQ5NTItNTdhNC00MjYzLWFhNmItYjc1NDBiZjM2NDRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Time [1287]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:45:24 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjViNGQ5NTItNTdhNC00MjYzLWFhNmItYjc1NDBiZjM2NDRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjViNGQ5NTItNTdhNC00MjYzLWFhNmItYjc1NDBiZjM2NDRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjViNGQ5NTItNTdhNC00MjYzLWFhNmItYjc1NDBiZjM2NDRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:24 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjViNGQ5NTItNTdhNC00MjYzLWFhNmItYjc1NDBiZjM2NDRk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:24 GMT]}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "wjMBylSy",
"createdBy" : "",
"createdDate" : "",
"description" : "wjMBylSy",
"host" : "wjMBylSy",
"id" : "",
"inactive" : false,
"key" : "wjMBylSy",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "wjMBylSy",
"org" : "",
"prop1" : "wjMBylSy",
"prop2" : "wjMBylSy",
"prop3" : "wjMBylSy",
"prop4" : "wjMBylSy",
"prop5" : "wjMBylSy",
"secretKey" : "wjMBylSy",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:25.954+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWFmODI4YzEtNzFlZS00ODJiLWExYzMtYTBmZTE2YmViYTgw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Time [1194]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:45:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWFmODI4YzEtNzFlZS00ODJiLWExYzMtYTBmZTE2YmViYTgw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWFmODI4YzEtNzFlZS00ODJiLWExYzMtYTBmZTE2YmViYTgw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWFmODI4YzEtNzFlZS00ODJiLWExYzMtYTBmZTE2YmViYTgw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}]
2019-03-20 10:45:25 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWFmODI4YzEtNzFlZS00ODJiLWExYzMtYTBmZTE2YmViYTgw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:25 GMT]}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "p0HUYPbm",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "p0HUYPbm",
"org" : "",
"prop1" : "p0HUYPbm",
"prop2" : "p0HUYPbm",
"prop3" : "p0HUYPbm",
"prop4" : "p0HUYPbm",
"prop5" : "p0HUYPbm",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:27.225+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhjZDk3NzctYTJhYS00MmFhLTliYmYtMWJkN2FiODQ3ZWVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:26 GMT]}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1264]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:45:27 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhjZDk3NzctYTJhYS00MmFhLTliYmYtMWJkN2FiODQ3ZWVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:26 GMT]}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhjZDk3NzctYTJhYS00MmFhLTliYmYtMWJkN2FiODQ3ZWVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:26 GMT]}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhjZDk3NzctYTJhYS00MmFhLTliYmYtMWJkN2FiODQ3ZWVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:26 GMT]}]
2019-03-20 10:45:27 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjhjZDk3NzctYTJhYS00MmFhLTliYmYtMWJkN2FiODQ3ZWVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:26 GMT]}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1670029694",
"branch" : "tNTfNZIZ",
"bugsOpen" : "1670029694",
"createdBy" : "",
"createdDate" : "",
"description" : "tNTfNZIZ",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "tNTfNZIZ",
"issueTracker" : "",
"lastCommit" : "tNTfNZIZ",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "tNTfNZIZ",
"openAPISpec" : "tNTfNZIZ",
"openText" : "tNTfNZIZ",
"org" : "",
"props" : null,
"url" : "tNTfNZIZ",
"version" : ""
}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:28.042+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWM5MzJiYWEtNzA2Zi00Yzg2LWFjYzMtZGI4NTg2YTIyYjhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:27 GMT]}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Time [816]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:45:28 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWM5MzJiYWEtNzA2Zi00Yzg2LWFjYzMtZGI4NTg2YTIyYjhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:27 GMT]}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWM5MzJiYWEtNzA2Zi00Yzg2LWFjYzMtZGI4NTg2YTIyYjhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:27 GMT]}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWM5MzJiYWEtNzA2Zi00Yzg2LWFjYzMtZGI4NTg2YTIyYjhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:27 GMT]}]
2019-03-20 10:45:28 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWM5MzJiYWEtNzA2Zi00Yzg2LWFjYzMtZGI4NTg2YTIyYjhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:27 GMT]}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/envs]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Request [{
"baseUrl" : "U8yfr3EI",
"createdBy" : "",
"createdDate" : "",
"description" : "U8yfr3EI",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "U8yfr3EI",
"projectId" : "",
"refId" : "U8yfr3EI",
"version" : ""
}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Response [{
"requestId" : "None",
"requestTime" : "2019-03-20T10:45:28.981+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : null,
"value" : "Invalid project."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGUxNWYzZmYtYTZlZS00ZjcyLThlZGUtN2Q0MzgyYWU1NDIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:28 GMT]}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : StatusCode [200]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Time [939]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1] : Size [192]
2019-03-20 10:45:29 INFO [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [200 == 200 OR 200 == 201] result [Passed]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGUxNWYzZmYtYTZlZS00ZjcyLThlZGUtN2Q0MzgyYWU1NDIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:28 GMT]}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGUxNWYzZmYtYTZlZS00ZjcyLThlZGUtN2Q0MzgyYWU1NDIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:28 GMT]}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGUxNWYzZmYtYTZlZS00ZjcyLThlZGUtN2Q0MzgyYWU1NDIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:28 GMT]}]
2019-03-20 10:45:29 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGUxNWYzZmYtYTZlZS00ZjcyLThlZGUtN2Q0MzgyYWU1NDIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:28 GMT]}]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/envs]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request [{
"auths" : [ {
"accessTokenUri" : "XoEBrYuN",
"authType" : "BasicAuth",
"authorizationScheme" : "header",
"clientAuthenticationScheme" : "header",
"clientId" : "XoEBrYuN",
"clientSecret" : "XoEBrYuN",
"grantType" : "password",
"header_1" : "XoEBrYuN",
"header_2" : "XoEBrYuN",
"header_3" : "XoEBrYuN",
"id" : "",
"name" : "XoEBrYuN",
"password" : "XoEBrYuN",
"preEstablishedRedirectUri" : "XoEBrYuN",
"scope" : "XoEBrYuN",
"tokenName" : "XoEBrYuN",
"useCurrentUri" : false,
"userAuthorizationUri" : "XoEBrYuN",
"username" : "sandra.hammes"
} ],
"baseUrl" : "XoEBrYuN",
"createdBy" : "",
"createdDate" : "",
"description" : "XoEBrYuN",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "XoEBrYuN",
"projectId" : "XoEBrYuN",
"refId" : "XoEBrYuN",
"version" : ""
}]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response [{
"requestId" : "None",
"requestTime" : "2019-03-20T10:45:30.114+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : "",
"value" : "Resource name or key already exists."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDQ3YWI5ZjctNWJkNi00ZjkwLWJkZjQtY2UzNmQ2OGI0ZmNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:29 GMT]}]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : StatusCode [200]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Time [1095]
2019-03-20 10:45:30 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Size [210]
2019-03-20 10:45:30 ERROR [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [200 == 401 OR 200 == 403] result [Failed]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : URL [http://13.56.210.25/api/v1/envs/]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Method [DELETE]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request [null]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:31.487+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/envs/"
}]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response-Headers [{Allow=[PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjE5ZDRmZTMtYmZkNS00MGE0LTlhZGQtZGM5OWQzYjY5NGM0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:31 GMT]}]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : StatusCode [405]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Time [1342]
2019-03-20 10:45:31 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Size [159]
2019-03-20 10:45:31 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:32.599+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTM2MTYyMzgtNjQ0OC00OTY0LTgzMGQtOGU4MGYzMmFmNWVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:32 GMT]}]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1109]
2019-03-20 10:45:32 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:45:32 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:33.812+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODlhZThmNGYtNWQ3My00ODllLTgzMWMtNjFiNmZkNjRkZWFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:33 GMT]}]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1212]
2019-03-20 10:45:33 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:45:33 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:35.251+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmM4MTk0OGMtOWNiNC00ODM4LTk1ZGMtYTU4NWE3ZTkyODI0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:34 GMT]}]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1439]
2019-03-20 10:45:35 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:45:35 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:36.436+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTQ1ODZlMDgtM2IzMy00MjVmLThlODUtNWUxYzNjYTA2YmRm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:35 GMT]}]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1183]
2019-03-20 10:45:36 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:36 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:37.785+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQ2Zjk0YjQtNTYwZi00N2UwLWIwNmQtNTA2OTQzM2Y2Y2Rj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:37 GMT]}]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1347]
2019-03-20 10:45:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1EnvsPutEnvironmentuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRkMmMyZTAtYmY5ZS00NzM0LWFmNjMtYzQwODUwYmIzODhh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}
Endpoint : http://13.56.210.25/api/v1/envs
Request :
{
"auths" : [ {
"accessTokenUri" : "8e4pcfCg",
"authType" : "BasicAuth",
"authorizationScheme" : "header",
"clientAuthenticationScheme" : "header",
"clientId" : "8e4pcfCg",
"clientSecret" : "8e4pcfCg",
"grantType" : "password",
"header_1" : "8e4pcfCg",
"header_2" : "8e4pcfCg",
"header_3" : "8e4pcfCg",
"id" : "",
"name" : "8e4pcfCg",
"password" : "8e4pcfCg",
"preEstablishedRedirectUri" : "8e4pcfCg",
"scope" : "8e4pcfCg",
"tokenName" : "8e4pcfCg",
"useCurrentUri" : false,
"userAuthorizationUri" : "8e4pcfCg",
"username" : "zechariah.ratke"
} ],
"baseUrl" : "8e4pcfCg",
"createdBy" : "",
"createdDate" : "",
"description" : "8e4pcfCg",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "8e4pcfCg",
"projectId" : "8e4pcfCg",
"refId" : "8e4pcfCg",
"version" : ""
}
Response :
{
"requestId" : "None",
"requestTime" : "2019-03-20T10:46:41.089+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : "",
"value" : "Resource name or key already exists."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}
Logs :
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "VlASK7G4",
"company" : "Friesen, Friesen and Friesen",
"createdBy" : "",
"createdDate" : "",
"description" : "VlASK7G4",
"id" : "",
"inactive" : false,
"location" : "VlASK7G4",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "VlASK7G4",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:31.308+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzIzNzA5NzEtYmRhZS00MTIxLWJhMjQtNzNmYjlkYmU3YzA3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:30 GMT]}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Time [1574]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:46:31 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzIzNzA5NzEtYmRhZS00MTIxLWJhMjQtNzNmYjlkYmU3YzA3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:30 GMT]}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzIzNzA5NzEtYmRhZS00MTIxLWJhMjQtNzNmYjlkYmU3YzA3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:30 GMT]}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzIzNzA5NzEtYmRhZS00MTIxLWJhMjQtNzNmYjlkYmU3YzA3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:30 GMT]}]
2019-03-20 10:46:31 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzIzNzA5NzEtYmRhZS00MTIxLWJhMjQtNzNmYjlkYmU3YzA3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:30 GMT]}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Mx1basGV",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Mx1basGV",
"org" : "",
"prop1" : "Mx1basGV",
"prop2" : "Mx1basGV",
"prop3" : "Mx1basGV",
"region" : "Mx1basGV",
"secretKey" : "Mx1basGV",
"version" : ""
}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:32.964+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2MzMWFiNjUtNjkxMy00MDg5LWJmZWQtODcwNzVhMGYwODFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:32 GMT]}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Time [1654]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:46:32 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2MzMWFiNjUtNjkxMy00MDg5LWJmZWQtODcwNzVhMGYwODFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:32 GMT]}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2MzMWFiNjUtNjkxMy00MDg5LWJmZWQtODcwNzVhMGYwODFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:32 GMT]}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2MzMWFiNjUtNjkxMy00MDg5LWJmZWQtODcwNzVhMGYwODFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:32 GMT]}]
2019-03-20 10:46:32 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2MzMWFiNjUtNjkxMy00MDg5LWJmZWQtODcwNzVhMGYwODFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:32 GMT]}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "qNTH4zNq",
"createdBy" : "",
"createdDate" : "",
"description" : "qNTH4zNq",
"host" : "qNTH4zNq",
"id" : "",
"inactive" : false,
"key" : "qNTH4zNq",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "qNTH4zNq",
"org" : "",
"prop1" : "qNTH4zNq",
"prop2" : "qNTH4zNq",
"prop3" : "qNTH4zNq",
"prop4" : "qNTH4zNq",
"prop5" : "qNTH4zNq",
"secretKey" : "qNTH4zNq",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:34.290+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmZmZGEyYWUtZWYyZi00YTM3LTgxZjItODE2ZDBkYzA2Yzcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Time [1325]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:46:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmZmZGEyYWUtZWYyZi00YTM3LTgxZjItODE2ZDBkYzA2Yzcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmZmZGEyYWUtZWYyZi00YTM3LTgxZjItODE2ZDBkYzA2Yzcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmZmZGEyYWUtZWYyZi00YTM3LTgxZjItODE2ZDBkYzA2Yzcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:34 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmZmZGEyYWUtZWYyZi00YTM3LTgxZjItODE2ZDBkYzA2Yzcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:33 GMT]}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "GrAi7p5q",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "GrAi7p5q",
"org" : "",
"prop1" : "GrAi7p5q",
"prop2" : "GrAi7p5q",
"prop3" : "GrAi7p5q",
"prop4" : "GrAi7p5q",
"prop5" : "GrAi7p5q",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:35.797+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmEyY2M1YzEtMmRiNi00MjZhLThhMWEtYzE1ZDZhZGYwODZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1504]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:46:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmEyY2M1YzEtMmRiNi00MjZhLThhMWEtYzE1ZDZhZGYwODZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmEyY2M1YzEtMmRiNi00MjZhLThhMWEtYzE1ZDZhZGYwODZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmEyY2M1YzEtMmRiNi00MjZhLThhMWEtYzE1ZDZhZGYwODZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:35 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmEyY2M1YzEtMmRiNi00MjZhLThhMWEtYzE1ZDZhZGYwODZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:35 GMT]}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1654015893",
"branch" : "os9U0OWT",
"bugsOpen" : "1654015893",
"createdBy" : "",
"createdDate" : "",
"description" : "os9U0OWT",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "os9U0OWT",
"issueTracker" : "",
"lastCommit" : "os9U0OWT",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "os9U0OWT",
"openAPISpec" : "os9U0OWT",
"openText" : "os9U0OWT",
"org" : "",
"props" : null,
"url" : "os9U0OWT",
"version" : ""
}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:46:37.364+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjQ5MDZjOGUtOTgyMC00NWMxLThmNmItZDM5ZTNjY2Q2NTdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:36 GMT]}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Time [1569]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:46:37 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjQ5MDZjOGUtOTgyMC00NWMxLThmNmItZDM5ZTNjY2Q2NTdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:36 GMT]}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjQ5MDZjOGUtOTgyMC00NWMxLThmNmItZDM5ZTNjY2Q2NTdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:36 GMT]}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjQ5MDZjOGUtOTgyMC00NWMxLThmNmItZDM5ZTNjY2Q2NTdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:36 GMT]}]
2019-03-20 10:46:37 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjQ5MDZjOGUtOTgyMC00NWMxLThmNmItZDM5ZTNjY2Q2NTdk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:36 GMT]}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/envs]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Request [{
"baseUrl" : "mdr6n9uo",
"createdBy" : "",
"createdDate" : "",
"description" : "mdr6n9uo",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "mdr6n9uo",
"projectId" : "",
"refId" : "mdr6n9uo",
"version" : ""
}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Response [{
"requestId" : "None",
"requestTime" : "2019-03-20T10:46:39.069+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : null,
"value" : "Invalid project."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWRmZjRkYWItNjVhNy00YmE4LThhMDctYmVlYjRhNmE4NTkz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : StatusCode [200]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Time [1709]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1] : Size [192]
2019-03-20 10:46:39 INFO [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [200 == 200 OR 200 == 201] result [Passed]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWRmZjRkYWItNjVhNy00YmE4LThhMDctYmVlYjRhNmE4NTkz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWRmZjRkYWItNjVhNy00YmE4LThhMDctYmVlYjRhNmE4NTkz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWRmZjRkYWItNjVhNy00YmE4LThhMDctYmVlYjRhNmE4NTkz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:39 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWRmZjRkYWItNjVhNy00YmE4LThhMDctYmVlYjRhNmE4NTkz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:38 GMT]}]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/envs]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request [{
"auths" : [ {
"accessTokenUri" : "8e4pcfCg",
"authType" : "BasicAuth",
"authorizationScheme" : "header",
"clientAuthenticationScheme" : "header",
"clientId" : "8e4pcfCg",
"clientSecret" : "8e4pcfCg",
"grantType" : "password",
"header_1" : "8e4pcfCg",
"header_2" : "8e4pcfCg",
"header_3" : "8e4pcfCg",
"id" : "",
"name" : "8e4pcfCg",
"password" : "8e4pcfCg",
"preEstablishedRedirectUri" : "8e4pcfCg",
"scope" : "8e4pcfCg",
"tokenName" : "8e4pcfCg",
"useCurrentUri" : false,
"userAuthorizationUri" : "8e4pcfCg",
"username" : "zechariah.ratke"
} ],
"baseUrl" : "8e4pcfCg",
"createdBy" : "",
"createdDate" : "",
"description" : "8e4pcfCg",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "8e4pcfCg",
"projectId" : "8e4pcfCg",
"refId" : "8e4pcfCg",
"version" : ""
}]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response [{
"requestId" : "None",
"requestTime" : "2019-03-20T10:46:41.089+0000",
"errors" : true,
"messages" : [ {
"type" : "ERROR",
"key" : "",
"value" : "Resource name or key already exists."
} ],
"data" : null,
"totalPages" : 0,
"totalElements" : 0
}]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRkMmMyZTAtYmY5ZS00NzM0LWFmNjMtYzQwODUwYmIzODhh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:40 GMT]}]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : StatusCode [200]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Time [1959]
2019-03-20 10:46:41 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Size [210]
2019-03-20 10:46:41 ERROR [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [200 == 401 OR 200 == 403] result [Failed]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : URL [http://13.56.210.25/api/v1/envs/]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Method [DELETE]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request [null]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:42.756+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/envs/"
}]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response-Headers [{Allow=[PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YThiZmMwOTQtYjc0ZS00MmI1LWJmNmYtYTdlMzgyNzc2Zjg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:41 GMT]}]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : StatusCode [405]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Time [1646]
2019-03-20 10:46:42 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Size [159]
2019-03-20 10:46:42 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:44.204+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODNkOTdmM2ItNGE4Ni00OWY5LWFjYmMtNDQ3ZjhiYTk1NWMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:43 GMT]}]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1447]
2019-03-20 10:46:44 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:46:44 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:46:45.764+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI1ODY3MDgtNzZmMy00NjM5LTliODItZWVkYmNkNWY5YTY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:44 GMT]}]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1559]
2019-03-20 10:46:45 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:46:45 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:46:46.645+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODhkYWE4ZDktY2E2YS00NjU2LWEzMjMtZjMxMzk4OTc0M2E1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:45 GMT]}]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [881]
2019-03-20 10:46:46 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:46:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:48.342+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDRjNGQ2MDItMGY0Mi00ZDU5LWEwMTYtMWYzYWU5NGZjZGM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:48 GMT]}]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1696]
2019-03-20 10:46:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:46:48 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:46:50.044+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjYwODQzY2ItNmIxMC00NDJlLTliODctY2IwMGM1MzQyMjZm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:49 GMT]}]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1702]
2019-03-20 10:46:50 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:46:50 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1EnvsPutEnvironmentuserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI0MmU2ZDEtNzBhMi00NzA3LWJjMjYtZDI4Y2JkZmYzM2Fk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}
Endpoint : http://13.56.210.25/api/v1/envs
Request :
{ "auths" : [ { "accessTokenUri" : "ZvUMMUP4", "authType" : "BasicAuth", "authorizationScheme" : "header", "clientAuthenticationScheme" : "header", "clientId" : "ZvUMMUP4", "clientSecret" : "ZvUMMUP4", "grantType" : "password", "header_1" : "ZvUMMUP4", "header_2" : "ZvUMMUP4", "header_3" : "ZvUMMUP4", "id" : "", "name" : "ZvUMMUP4", "password" : "ZvUMMUP4", "preEstablishedRedirectUri" : "ZvUMMUP4", "scope" : "ZvUMMUP4", "tokenName" : "ZvUMMUP4", "useCurrentUri" : false, "userAuthorizationUri" : "ZvUMMUP4", "username" : "sofia.kuvalis" } ], "baseUrl" : "ZvUMMUP4", "createdBy" : "", "createdDate" : "", "description" : "ZvUMMUP4", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "ZvUMMUP4", "projectId" : "ZvUMMUP4", "refId" : "ZvUMMUP4", "version" : "" }
Response :
{ "requestId" : "None", "requestTime" : "2019-03-20T10:41:44.613+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : "Resource name or key already exists." } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }
Logs :
2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "CGh7Dg3d", "company" : "Rosenbaum, Rosenbaum and Rosenbaum", "createdBy" : "", "createdDate" : "", "description" : "CGh7Dg3d", "id" : "", "inactive" : false, "location" : "CGh7Dg3d", "modifiedBy" : "", "modifiedDate" : "", "name" : "CGh7Dg3d", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:40.069+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2I3ZWI0ODQtNGQwMy00MWRjLTg5NzgtN2UwODhiMGE4NGUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Time [494] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:40 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2I3ZWI0ODQtNGQwMy00MWRjLTg5NzgtN2UwODhiMGE4NGUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2I3ZWI0ODQtNGQwMy00MWRjLTg5NzgtN2UwODhiMGE4NGUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2I3ZWI0ODQtNGQwMy00MWRjLTg5NzgtN2UwODhiMGE4NGUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2I3ZWI0ODQtNGQwMy00MWRjLTg5NzgtN2UwODhiMGE4NGUw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:39 GMT]}] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "RFhcyGu8", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "RFhcyGu8", "org" : "", "prop1" : "RFhcyGu8", "prop2" : "RFhcyGu8", "prop3" : "RFhcyGu8", "region" : "RFhcyGu8", "secretKey" : "RFhcyGu8", "version" : "" }] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:40.920+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjY1NjdlOGItNWI5ZS00MzNlLTk4MTEtNjNiNDRjOGMxZGU1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Time [847] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:40 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjY1NjdlOGItNWI5ZS00MzNlLTk4MTEtNjNiNDRjOGMxZGU1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjY1NjdlOGItNWI5ZS00MzNlLTk4MTEtNjNiNDRjOGMxZGU1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjY1NjdlOGItNWI5ZS00MzNlLTk4MTEtNjNiNDRjOGMxZGU1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:40 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjY1NjdlOGItNWI5ZS00MzNlLTk4MTEtNjNiNDRjOGMxZGU1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:40 GMT]}] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Request [{ "accessKey" : "zNLFknyj", "createdBy" : "", "createdDate" : "", "description" : "zNLFknyj", "host" : "zNLFknyj", "id" : "", "inactive" : false, "key" : "zNLFknyj", "modifiedBy" : "", "modifiedDate" : "", "name" : "zNLFknyj", "org" : "", "prop1" : "zNLFknyj", "prop2" : "zNLFknyj", "prop3" : "zNLFknyj", "prop4" : "zNLFknyj", "prop5" : "zNLFknyj", "secretKey" : "zNLFknyj", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:41.655+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2U5NmQzMWEtZDYyYi00NjA4LWI0N2YtZjM4ZjQ1NzRiZjFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Time [717] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1] : Size [716] 2019-03-20 10:41:41 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2U5NmQzMWEtZDYyYi00NjA4LWI0N2YtZjM4ZjQ1NzRiZjFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2U5NmQzMWEtZDYyYi00NjA4LWI0N2YtZjM4ZjQ1NzRiZjFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2U5NmQzMWEtZDYyYi00NjA4LWI0N2YtZjM4ZjQ1NzRiZjFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:41 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2U5NmQzMWEtZDYyYi00NjA4LWI0N2YtZjM4ZjQ1NzRiZjFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "1oqejWpi", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "1oqejWpi", "org" : "", "prop1" : "1oqejWpi", "prop2" : "1oqejWpi", "prop3" : "1oqejWpi", "prop4" : "1oqejWpi", "prop5" : "1oqejWpi", "skill" : "", "state" : "INACTIVE", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:42.445+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmE1NTNiNGQtNDM0My00MDEwLWJiMzYtOTViNGQyY2U3Y2Yx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [789] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768] 2019-03-20 10:41:42 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmE1NTNiNGQtNDM0My00MDEwLWJiMzYtOTViNGQyY2U3Y2Yx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmE1NTNiNGQtNDM0My00MDEwLWJiMzYtOTViNGQyY2U3Y2Yx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmE1NTNiNGQtNDM0My00MDEwLWJiMzYtOTViNGQyY2U3Y2Yx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmE1NTNiNGQtNDM0My00MDEwLWJiMzYtOTViNGQyY2U3Y2Yx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:41 GMT]}] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "815957040", "branch" : "3KdIt4NG", "bugsOpen" : "815957040", "createdBy" : "", "createdDate" : "", "description" : "3KdIt4NG", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "3KdIt4NG", "issueTracker" : "", "lastCommit" : "3KdIt4NG", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "3KdIt4NG", "openAPISpec" : "3KdIt4NG", "openText" : "3KdIt4NG", "org" : "", "props" : null, "url" : "3KdIt4NG", "version" : "" }] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:43.140+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmY5ZmU4MDEtNTYyOS00NDdiLTljY2UtYTE5NjhmZmI3YmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Time [693] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1] : Size [744] 2019-03-20 10:41:43 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmY5ZmU4MDEtNTYyOS00NDdiLTljY2UtYTE5NjhmZmI3YmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmY5ZmU4MDEtNTYyOS00NDdiLTljY2UtYTE5NjhmZmI3YmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmY5ZmU4MDEtNTYyOS00NDdiLTljY2UtYTE5NjhmZmI3YmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmY5ZmU4MDEtNTYyOS00NDdiLTljY2UtYTE5NjhmZmI3YmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:42 GMT]}] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/envs] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Request [{ "baseUrl" : "WFMVCSDO", "createdBy" : "", "createdDate" : "", "description" : "WFMVCSDO", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "WFMVCSDO", "projectId" : "", "refId" : "WFMVCSDO", "version" : "" }] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Response [{ "requestId" : "None", "requestTime" : "2019-03-20T10:41:43.737+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid project." } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGE2ODY5OWItYTEzZi00ZTY2LTk3OTQtZTY2YTAyZTMwNDc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : StatusCode [200] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Time [597] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1] : Size [192] 2019-03-20 10:41:43 INFO [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [200 == 200 OR 200 == 201] result [Passed] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGE2ODY5OWItYTEzZi00ZTY2LTk3OTQtZTY2YTAyZTMwNDc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGE2ODY5OWItYTEzZi00ZTY2LTk3OTQtZTY2YTAyZTMwNDc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGE2ODY5OWItYTEzZi00ZTY2LTk3OTQtZTY2YTAyZTMwNDc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:43 DEBUG [EnvironmentCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGE2ODY5OWItYTEzZi00ZTY2LTk3OTQtZTY2YTAyZTMwNDc2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/envs] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Method [PUT] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request [{ "auths" : [ { "accessTokenUri" : "ZvUMMUP4", "authType" : "BasicAuth", "authorizationScheme" : "header", "clientAuthenticationScheme" : "header", "clientId" : "ZvUMMUP4", "clientSecret" : "ZvUMMUP4", "grantType" : "password", "header_1" : "ZvUMMUP4", "header_2" : "ZvUMMUP4", "header_3" : "ZvUMMUP4", "id" : "", "name" : "ZvUMMUP4", "password" : "ZvUMMUP4", "preEstablishedRedirectUri" : "ZvUMMUP4", "scope" : "ZvUMMUP4", "tokenName" : "ZvUMMUP4", "useCurrentUri" : false, "userAuthorizationUri" : "ZvUMMUP4", "username" : "sofia.kuvalis" } ], "baseUrl" : "ZvUMMUP4", "createdBy" : "", "createdDate" : "", "description" : "ZvUMMUP4", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "ZvUMMUP4", "projectId" : "ZvUMMUP4", "refId" : "ZvUMMUP4", "version" : "" }] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response [{ "requestId" : "None", "requestTime" : "2019-03-20T10:41:44.613+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : "Resource name or key already exists." } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI0MmU2ZDEtNzBhMi00NzA3LWJjMjYtZDI4Y2JkZmYzM2Fk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:43 GMT]}] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : StatusCode [200] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Time [727] 2019-03-20 10:41:44 DEBUG [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Size [210] 2019-03-20 10:41:44 ERROR [ApiV1EnvsPutEnvironmentuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [200 == 401 OR 200 == 403] result [Failed] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : URL [http://13.56.210.25/api/v1/envs/] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Method [DELETE] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request [null] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:45.556+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/envs/" }] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Response-Headers [{Allow=[PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjkxMjhhYjAtYWRjYS00Mjc2LWJjNzctNGQ4MTlkNjYwMmE3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:44 GMT]}] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : StatusCode [405] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Time [926] 2019-03-20 10:41:45 DEBUG [ApiV1EnvsIdDeleteEnvironmenthijack1] : Size [159] 2019-03-20 10:41:45 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:46.175+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/projects/" }] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjNlZTYyZjgtMWJhMS00Yzc2LTlmNTgtNTMzZmYwMWZkNzg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:45 GMT]}] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [618] 2019-03-20 10:41:46 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163] 2019-03-20 10:41:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:46.833+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/issue-trackers/issue-tracker-bot/" }] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjQyZjEyNzktYWE3MC00ZWY0LWE4YzEtODcyZDE5NWFhYjA0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:45 GMT]}] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [656] 2019-03-20 10:41:46 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187] 2019-03-20 10:41:46 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:47.361+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/skills/" }] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmM1Yzc1ZjYtMGM3Zi00MzE5LWFhZjAtNDM5MDQzNjc3Y2Y4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:46 GMT]}] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [527] 2019-03-20 10:41:47 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161] 2019-03-20 10:41:47 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:47.995+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjBmZTc2MmEtMDk2My00MDI1LThiZjEtODNmNTdmMmM2Y2Mz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [634] 2019-03-20 10:41:48 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:48 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:48.615+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWZhN2YxNmMtOTkwMC00Y2E5LWE4ZDMtNjdkZGQ4MTk4YzE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [619] 2019-03-20 10:41:48 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:48 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---