asriz7777
commented
5 years ago Project : FXABAC TEST
Template : ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E4ODhkZjMtNjUwNi00Y2Q0LWFhMmQtMGFiYjA2NDVmMjg3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:46 GMT]}
Endpoint : http://13.56.210.25/api/v1/autocode-generator
Request :
{
"abacResources" : [ {
"createBody" : "Ni0HeAEO",
"createEndpoint" : "Ni0HeAEO",
"createUserAuth" : "Ni0HeAEO",
"createdBy" : "",
"createdDate" : "",
"deleteEndpoint" : "Ni0HeAEO",
"enumValues" : "Ni0HeAEO",
"generatorId" : "Ni0HeAEO",
"id" : "",
"inactive" : false,
"initScriptName" : "Ni0HeAEO",
"lock" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"resourceName" : "Ni0HeAEO",
"scripts" : [ {
"body" : "Ni0HeAEO",
"deleteEndPoint" : "Ni0HeAEO",
"endpoint" : "Ni0HeAEO",
"resourceName" : "Ni0HeAEO",
"scriptName" : "Ni0HeAEO",
"scriptType" : "Ni0HeAEO",
"sequence" : "765487835",
"userAuth" : "Ni0HeAEO",
"validationScript" : false
} ],
"typeThreeCreateEndpoint" : "Ni0HeAEO",
"validations" : [ {
"body" : "Ni0HeAEO",
"endpoint" : "Ni0HeAEO",
"inactive" : false,
"lock" : false,
"path" : "Ni0HeAEO",
"userAuth" : "Ni0HeAEO",
"validationType" : "Ni0HeAEO"
} ],
"version" : ""
} ],
"assertionDescription" : "Ni0HeAEO",
"assertions" : [ "Ni0HeAEO" ],
"assertionsText" : "Ni0HeAEO",
"authors" : "Ni0HeAEO",
"category" : "SQL_Injection",
"coverageMultiplier" : "765487835",
"currentScripts" : "765487835",
"database" : {
"name" : "Ni0HeAEO",
"version" : ""
},
"displayHeaderDescription" : "Ni0HeAEO",
"displayHeaderLabel" : "Ni0HeAEO",
"expectedScripts" : "765487835",
"fixHours" : "Ni0HeAEO",
"id" : "",
"inactive" : false,
"matches" : [ {
"allowRoles" : "Ni0HeAEO",
"bodyProperties" : "Ni0HeAEO",
"denyRoles" : "Ni0HeAEO",
"id" : "",
"methods" : "Ni0HeAEO",
"name" : "Ni0HeAEO",
"pathPatterns" : "Ni0HeAEO",
"queryParams" : "Ni0HeAEO",
"resourceSamples" : "Ni0HeAEO",
"value" : "Ni0HeAEO"
} ],
"newlyAdded" : false,
"project" : "",
"sequenceOrder" : "765487835",
"severity" : "Major",
"tags" : [ "Ni0HeAEO" ],
"type" : "Ni0HeAEO"
}
Response :
{
"timestamp" : "2019-03-20T10:44:46.560+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.project.Project (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.project.Project (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 71, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.AutoCodeGenerator[\"project\"])",
"path" : "/api/v1/autocode-generator"
}
Logs :
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "iKtXPt65",
"company" : "Welch LLC",
"createdBy" : "",
"createdDate" : "",
"description" : "iKtXPt65",
"id" : "",
"inactive" : false,
"location" : "iKtXPt65",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "iKtXPt65",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:40.661+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQ2ZjdmNmQtYWI3ZC00YTkyLWI3NGUtMzVmNTc5M2MzNTBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:40 GMT]}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Time [841]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:40 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQ2ZjdmNmQtYWI3ZC00YTkyLWI3NGUtMzVmNTc5M2MzNTBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:40 GMT]}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQ2ZjdmNmQtYWI3ZC00YTkyLWI3NGUtMzVmNTc5M2MzNTBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:40 GMT]}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQ2ZjdmNmQtYWI3ZC00YTkyLWI3NGUtMzVmNTc5M2MzNTBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:40 GMT]}]
2019-03-20 10:44:40 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQ2ZjdmNmQtYWI3ZC00YTkyLWI3NGUtMzVmNTc5M2MzNTBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:40 GMT]}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "ImbeFo3K",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "ImbeFo3K",
"org" : "",
"prop1" : "ImbeFo3K",
"prop2" : "ImbeFo3K",
"prop3" : "ImbeFo3K",
"region" : "ImbeFo3K",
"secretKey" : "ImbeFo3K",
"version" : ""
}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:41.299+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzJmYWMxNTctYzVmZi00NzNhLTg3OTUtNDQ1ODM0ZDJlNGY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Time [637]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:41 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzJmYWMxNTctYzVmZi00NzNhLTg3OTUtNDQ1ODM0ZDJlNGY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzJmYWMxNTctYzVmZi00NzNhLTg3OTUtNDQ1ODM0ZDJlNGY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzJmYWMxNTctYzVmZi00NzNhLTg3OTUtNDQ1ODM0ZDJlNGY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:41 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzJmYWMxNTctYzVmZi00NzNhLTg3OTUtNDQ1ODM0ZDJlNGY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "93mlQTdM",
"createdBy" : "",
"createdDate" : "",
"description" : "93mlQTdM",
"host" : "93mlQTdM",
"id" : "",
"inactive" : false,
"key" : "93mlQTdM",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "93mlQTdM",
"org" : "",
"prop1" : "93mlQTdM",
"prop2" : "93mlQTdM",
"prop3" : "93mlQTdM",
"prop4" : "93mlQTdM",
"prop5" : "93mlQTdM",
"secretKey" : "93mlQTdM",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:42.180+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2Y1ZmU5ZDQtMWVmYS00OWY1LTkyOWUtZDRkNzhkYjkyY2Jh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Time [876]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:44:42 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2Y1ZmU5ZDQtMWVmYS00OWY1LTkyOWUtZDRkNzhkYjkyY2Jh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2Y1ZmU5ZDQtMWVmYS00OWY1LTkyOWUtZDRkNzhkYjkyY2Jh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2Y1ZmU5ZDQtMWVmYS00OWY1LTkyOWUtZDRkNzhkYjkyY2Jh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:42 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2Y1ZmU5ZDQtMWVmYS00OWY1LTkyOWUtZDRkNzhkYjkyY2Jh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:41 GMT]}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "dn9veJTY",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "dn9veJTY",
"org" : "",
"prop1" : "dn9veJTY",
"prop2" : "dn9veJTY",
"prop3" : "dn9veJTY",
"prop4" : "dn9veJTY",
"prop5" : "dn9veJTY",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:42.913+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IwMmEwODctMWIwYi00OWY0LWFmOGItNTE4ZjQzOGRjYzlm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:42 GMT]}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [732]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:44:42 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IwMmEwODctMWIwYi00OWY0LWFmOGItNTE4ZjQzOGRjYzlm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:42 GMT]}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IwMmEwODctMWIwYi00OWY0LWFmOGItNTE4ZjQzOGRjYzlm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:42 GMT]}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IwMmEwODctMWIwYi00OWY0LWFmOGItNTE4ZjQzOGRjYzlm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:42 GMT]}]
2019-03-20 10:44:42 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IwMmEwODctMWIwYi00OWY0LWFmOGItNTE4ZjQzOGRjYzlm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:42 GMT]}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "651414424",
"branch" : "L2l5ID2A",
"bugsOpen" : "651414424",
"createdBy" : "",
"createdDate" : "",
"description" : "L2l5ID2A",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "L2l5ID2A",
"issueTracker" : "",
"lastCommit" : "L2l5ID2A",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "L2l5ID2A",
"openAPISpec" : "L2l5ID2A",
"openText" : "L2l5ID2A",
"org" : "",
"props" : null,
"url" : "L2l5ID2A",
"version" : ""
}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:43.548+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTY1MzU3M2QtNjQ0OC00ZGEwLTg2MGQtNWQyMGQ0MjM5ZTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:43 GMT]}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Time [633]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:44:43 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTY1MzU3M2QtNjQ0OC00ZGEwLTg2MGQtNWQyMGQ0MjM5ZTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:43 GMT]}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTY1MzU3M2QtNjQ0OC00ZGEwLTg2MGQtNWQyMGQ0MjM5ZTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:43 GMT]}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTY1MzU3M2QtNjQ0OC00ZGEwLTg2MGQtNWQyMGQ0MjM5ZTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:43 GMT]}]
2019-03-20 10:44:43 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTY1MzU3M2QtNjQ0OC00ZGEwLTg2MGQtNWQyMGQ0MjM5ZTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:43 GMT]}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/autocode-generator]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Request [{
"assertionDescription" : "2zHBQCry",
"assertionsText" : "2zHBQCry",
"authors" : "2zHBQCry",
"category" : "ABAC_Level1_Positive",
"coverageMultiplier" : "184333181",
"currentScripts" : "184333181",
"database" : {
"name" : "2zHBQCry",
"version" : ""
},
"displayHeaderDescription" : "2zHBQCry",
"displayHeaderLabel" : "2zHBQCry",
"expectedScripts" : "184333181",
"fixHours" : "2zHBQCry",
"id" : "",
"inactive" : false,
"newlyAdded" : false,
"project" : "",
"sequenceOrder" : "184333181",
"severity" : "Major",
"type" : "2zHBQCry"
}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:44.705+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.project.Project (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.project.Project (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 19, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.AutoCodeGenerator[\"project\"])",
"path" : "/api/v1/autocode-generator"
}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDQ3OTgyOTMtODhjYS00M2UwLTliM2YtY2Y2NjhmMGIxZTE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:44 GMT]}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Time [1153]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Size [751]
2019-03-20 10:44:44 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDQ3OTgyOTMtODhjYS00M2UwLTliM2YtY2Y2NjhmMGIxZTE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:44 GMT]}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDQ3OTgyOTMtODhjYS00M2UwLTliM2YtY2Y2NjhmMGIxZTE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:44 GMT]}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDQ3OTgyOTMtODhjYS00M2UwLTliM2YtY2Y2NjhmMGIxZTE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:44 GMT]}]
2019-03-20 10:44:44 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDQ3OTgyOTMtODhjYS00M2UwLTliM2YtY2Y2NjhmMGIxZTE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:44 GMT]}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1505879980",
"branch" : "c7iB1BVs",
"bugsOpen" : "1505879980",
"createdBy" : "",
"createdDate" : "",
"description" : "c7iB1BVs",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "c7iB1BVs",
"issueTracker" : "",
"lastCommit" : "c7iB1BVs",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "c7iB1BVs",
"openAPISpec" : "c7iB1BVs",
"openText" : "c7iB1BVs",
"org" : "",
"props" : null,
"url" : "c7iB1BVs",
"version" : ""
}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:45.560+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTUyOGUzY2ItNTBhMi00NGY5LTg3ZGQtNjFiMTNjZDI5YjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:45 GMT]}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Time [853]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:44:45 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTUyOGUzY2ItNTBhMi00NGY5LTg3ZGQtNjFiMTNjZDI5YjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:45 GMT]}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTUyOGUzY2ItNTBhMi00NGY5LTg3ZGQtNjFiMTNjZDI5YjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:45 GMT]}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTUyOGUzY2ItNTBhMi00NGY5LTg3ZGQtNjFiMTNjZDI5YjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:45 GMT]}]
2019-03-20 10:44:45 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTUyOGUzY2ItNTBhMi00NGY5LTg3ZGQtNjFiMTNjZDI5YjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:45 GMT]}]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/autocode-generator]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Method [PUT]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Request [{
"abacResources" : [ {
"createBody" : "Ni0HeAEO",
"createEndpoint" : "Ni0HeAEO",
"createUserAuth" : "Ni0HeAEO",
"createdBy" : "",
"createdDate" : "",
"deleteEndpoint" : "Ni0HeAEO",
"enumValues" : "Ni0HeAEO",
"generatorId" : "Ni0HeAEO",
"id" : "",
"inactive" : false,
"initScriptName" : "Ni0HeAEO",
"lock" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"resourceName" : "Ni0HeAEO",
"scripts" : [ {
"body" : "Ni0HeAEO",
"deleteEndPoint" : "Ni0HeAEO",
"endpoint" : "Ni0HeAEO",
"resourceName" : "Ni0HeAEO",
"scriptName" : "Ni0HeAEO",
"scriptType" : "Ni0HeAEO",
"sequence" : "765487835",
"userAuth" : "Ni0HeAEO",
"validationScript" : false
} ],
"typeThreeCreateEndpoint" : "Ni0HeAEO",
"validations" : [ {
"body" : "Ni0HeAEO",
"endpoint" : "Ni0HeAEO",
"inactive" : false,
"lock" : false,
"path" : "Ni0HeAEO",
"userAuth" : "Ni0HeAEO",
"validationType" : "Ni0HeAEO"
} ],
"version" : ""
} ],
"assertionDescription" : "Ni0HeAEO",
"assertions" : [ "Ni0HeAEO" ],
"assertionsText" : "Ni0HeAEO",
"authors" : "Ni0HeAEO",
"category" : "SQL_Injection",
"coverageMultiplier" : "765487835",
"currentScripts" : "765487835",
"database" : {
"name" : "Ni0HeAEO",
"version" : ""
},
"displayHeaderDescription" : "Ni0HeAEO",
"displayHeaderLabel" : "Ni0HeAEO",
"expectedScripts" : "765487835",
"fixHours" : "Ni0HeAEO",
"id" : "",
"inactive" : false,
"matches" : [ {
"allowRoles" : "Ni0HeAEO",
"bodyProperties" : "Ni0HeAEO",
"denyRoles" : "Ni0HeAEO",
"id" : "",
"methods" : "Ni0HeAEO",
"name" : "Ni0HeAEO",
"pathPatterns" : "Ni0HeAEO",
"queryParams" : "Ni0HeAEO",
"resourceSamples" : "Ni0HeAEO",
"value" : "Ni0HeAEO"
} ],
"newlyAdded" : false,
"project" : "",
"sequenceOrder" : "765487835",
"severity" : "Major",
"tags" : [ "Ni0HeAEO" ],
"type" : "Ni0HeAEO"
}]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:46.560+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.project.Project (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.project.Project (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 71, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.AutoCodeGenerator[\"project\"])",
"path" : "/api/v1/autocode-generator"
}]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E4ODhkZjMtNjUwNi00Y2Q0LWFhMmQtMGFiYjA2NDVmMjg3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:46 GMT]}]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Time [999]
2019-03-20 10:44:46 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Size [751]
2019-03-20 10:44:46 ERROR [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : URL [http://13.56.210.25/api/v1/autocode-generator/]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Method [DELETE]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Request [null]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:47.415+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/autocode-generator/"
}]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NTY1NjZmMDMtNjY3NC00Njk4LWFlOGYtYzA5YWQ4NGVjYTcw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:46 GMT]}]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : StatusCode [405]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Time [853]
2019-03-20 10:44:47 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Size [173]
2019-03-20 10:44:47 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:48.500+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmQxMjQ5MmYtNmRkMC00NjQyLThkMzQtYTVlYWJiYThlNGU3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:47 GMT]}]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1083]
2019-03-20 10:44:48 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:44:48 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:49.633+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA0MGYyYjgtZGY1Yi00ZTI4LWEwZmItZjUyNTRkNTk2ZTUx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:49 GMT]}]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1134]
2019-03-20 10:44:49 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:44:49 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:50.532+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJjM2VhOGUtNzA1Zi00MzUyLWI5NWQtZjU5YWE3YzUxNTBh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:49 GMT]}]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [951]
2019-03-20 10:44:50 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:44:50 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:51.185+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjYyNmNjM2QtNjVlNi00MGEyLWIwOWEtZjc0MDkyZWY1Mjg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:50 GMT]}]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [595]
2019-03-20 10:44:51 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:51 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:52.134+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzJkOTczZjctYTk5Mi00YmZlLWJhNjItNzE1Y2M3OGM4NjNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:51 GMT]}]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [947]
2019-03-20 10:44:52 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:52 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2Y0N2FmODYtY2MyZC00Mzc4LThiMTAtOTkxZTdhODAyNzA5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:51 GMT]}
Endpoint : http://13.56.210.25/api/v1/autocode-generator
Request :
{ "abacResources" : [ { "createBody" : "fNmW8oXm", "createEndpoint" : "fNmW8oXm", "createUserAuth" : "fNmW8oXm", "createdBy" : "", "createdDate" : "", "deleteEndpoint" : "fNmW8oXm", "enumValues" : "fNmW8oXm", "generatorId" : "fNmW8oXm", "id" : "", "inactive" : false, "initScriptName" : "fNmW8oXm", "lock" : false, "modifiedBy" : "", "modifiedDate" : "", "resourceName" : "fNmW8oXm", "scripts" : [ { "body" : "fNmW8oXm", "deleteEndPoint" : "fNmW8oXm", "endpoint" : "fNmW8oXm", "resourceName" : "fNmW8oXm", "scriptName" : "fNmW8oXm", "scriptType" : "fNmW8oXm", "sequence" : "1516579080", "userAuth" : "fNmW8oXm", "validationScript" : false } ], "typeThreeCreateEndpoint" : "fNmW8oXm", "validations" : [ { "body" : "fNmW8oXm", "endpoint" : "fNmW8oXm", "inactive" : false, "lock" : false, "path" : "fNmW8oXm", "userAuth" : "fNmW8oXm", "validationType" : "fNmW8oXm" } ], "version" : "" } ], "assertionDescription" : "fNmW8oXm", "assertions" : [ "fNmW8oXm" ], "assertionsText" : "fNmW8oXm", "authors" : "fNmW8oXm", "category" : "SQL_Injection", "coverageMultiplier" : "1516579080", "currentScripts" : "1516579080", "database" : { "name" : "fNmW8oXm", "version" : "" }, "displayHeaderDescription" : "fNmW8oXm", "displayHeaderLabel" : "fNmW8oXm", "expectedScripts" : "1516579080", "fixHours" : "fNmW8oXm", "id" : "", "inactive" : false, "matches" : [ { "allowRoles" : "fNmW8oXm", "bodyProperties" : "fNmW8oXm", "denyRoles" : "fNmW8oXm", "id" : "", "methods" : "fNmW8oXm", "name" : "fNmW8oXm", "pathPatterns" : "fNmW8oXm", "queryParams" : "fNmW8oXm", "resourceSamples" : "fNmW8oXm", "value" : "fNmW8oXm" } ], "newlyAdded" : false, "project" : "", "sequenceOrder" : "1516579080", "severity" : "Major", "tags" : [ "fNmW8oXm" ], "type" : "fNmW8oXm" }
Response :
{ "timestamp" : "2019-03-20T10:41:51.061+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.project.Project(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.project.Project(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 71, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.AutoCodeGenerator[\"project\"])", "path" : "/api/v1/autocode-generator" }Logs :
2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "Hp3idEYy", "company" : "Schiller Inc", "createdBy" : "", "createdDate" : "", "description" : "Hp3idEYy", "id" : "", "inactive" : false, "location" : "Hp3idEYy", "modifiedBy" : "", "modifiedDate" : "", "name" : "Hp3idEYy", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:47.353+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM4N2MxMWMtNjgwNC00NDNlLWE1YTEtZjFiM2Y0YTc1NzAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:46 GMT]}] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Time [483] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:47 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM4N2MxMWMtNjgwNC00NDNlLWE1YTEtZjFiM2Y0YTc1NzAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:46 GMT]}] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM4N2MxMWMtNjgwNC00NDNlLWE1YTEtZjFiM2Y0YTc1NzAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:46 GMT]}] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM4N2MxMWMtNjgwNC00NDNlLWE1YTEtZjFiM2Y0YTc1NzAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:46 GMT]}] 2019-03-20 10:41:47 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM4N2MxMWMtNjgwNC00NDNlLWE1YTEtZjFiM2Y0YTc1NzAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:46 GMT]}] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "MoVNcXxQ", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "MoVNcXxQ", "org" : "", "prop1" : "MoVNcXxQ", "prop2" : "MoVNcXxQ", "prop3" : "MoVNcXxQ", "region" : "MoVNcXxQ", "secretKey" : "MoVNcXxQ", "version" : "" }] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:48.066+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTg1NzUzNTktYWVhMS00MmU2LWE5OGEtZTZkZDRhZTM3ZjQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Time [710] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:48 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTg1NzUzNTktYWVhMS00MmU2LWE5OGEtZTZkZDRhZTM3ZjQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTg1NzUzNTktYWVhMS00MmU2LWE5OGEtZTZkZDRhZTM3ZjQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTg1NzUzNTktYWVhMS00MmU2LWE5OGEtZTZkZDRhZTM3ZjQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTg1NzUzNTktYWVhMS00MmU2LWE5OGEtZTZkZDRhZTM3ZjQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Request [{ "accessKey" : "DOzb2GFH", "createdBy" : "", "createdDate" : "", "description" : "DOzb2GFH", "host" : "DOzb2GFH", "id" : "", "inactive" : false, "key" : "DOzb2GFH", "modifiedBy" : "", "modifiedDate" : "", "name" : "DOzb2GFH", "org" : "", "prop1" : "DOzb2GFH", "prop2" : "DOzb2GFH", "prop3" : "DOzb2GFH", "prop4" : "DOzb2GFH", "prop5" : "DOzb2GFH", "secretKey" : "DOzb2GFH", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:48.638+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWE3NGJhOGYtNTZjMC00NWY1LTkxNDAtNmQ3MGEzY2IzMTEw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Time [570] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1] : Size [716] 2019-03-20 10:41:48 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWE3NGJhOGYtNTZjMC00NWY1LTkxNDAtNmQ3MGEzY2IzMTEw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWE3NGJhOGYtNTZjMC00NWY1LTkxNDAtNmQ3MGEzY2IzMTEw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWE3NGJhOGYtNTZjMC00NWY1LTkxNDAtNmQ3MGEzY2IzMTEw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:48 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWE3NGJhOGYtNTZjMC00NWY1LTkxNDAtNmQ3MGEzY2IzMTEw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:47 GMT]}] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "kxlDl9ZM", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "kxlDl9ZM", "org" : "", "prop1" : "kxlDl9ZM", "prop2" : "kxlDl9ZM", "prop3" : "kxlDl9ZM", "prop4" : "kxlDl9ZM", "prop5" : "kxlDl9ZM", "skill" : "", "state" : "INACTIVE", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:49.223+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODcwMDg4N2ItNDZmZS00OGZkLWIwYzAtZDc0Yzc5YzUzMGNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [583] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768] 2019-03-20 10:41:49 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODcwMDg4N2ItNDZmZS00OGZkLWIwYzAtZDc0Yzc5YzUzMGNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODcwMDg4N2ItNDZmZS00OGZkLWIwYzAtZDc0Yzc5YzUzMGNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODcwMDg4N2ItNDZmZS00OGZkLWIwYzAtZDc0Yzc5YzUzMGNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODcwMDg4N2ItNDZmZS00OGZkLWIwYzAtZDc0Yzc5YzUzMGNh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "518531772", "branch" : "rT1eWyYF", "bugsOpen" : "518531772", "createdBy" : "", "createdDate" : "", "description" : "rT1eWyYF", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "rT1eWyYF", "issueTracker" : "", "lastCommit" : "rT1eWyYF", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "rT1eWyYF", "openAPISpec" : "rT1eWyYF", "openText" : "rT1eWyYF", "org" : "", "props" : null, "url" : "rT1eWyYF", "version" : "" }] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:49.617+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjFjYTlkZjUtMjlkNi00MmUwLWFjNTktOTA5M2RjNTRhOGEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Time [390] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1] : Size [744] 2019-03-20 10:41:49 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjFjYTlkZjUtMjlkNi00MmUwLWFjNTktOTA5M2RjNTRhOGEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjFjYTlkZjUtMjlkNi00MmUwLWFjNTktOTA5M2RjNTRhOGEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjFjYTlkZjUtMjlkNi00MmUwLWFjNTktOTA5M2RjNTRhOGEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:49 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjFjYTlkZjUtMjlkNi00MmUwLWFjNTktOTA5M2RjNTRhOGEz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:48 GMT]}] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/autocode-generator] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Request [{ "assertionDescription" : "p6kQysgA", "assertionsText" : "p6kQysgA", "authors" : "p6kQysgA", "category" : "ABAC_Level1_Positive", "coverageMultiplier" : "461530262", "currentScripts" : "461530262", "database" : { "name" : "p6kQysgA", "version" : "" }, "displayHeaderDescription" : "p6kQysgA", "displayHeaderLabel" : "p6kQysgA", "expectedScripts" : "461530262", "fixHours" : "p6kQysgA", "id" : "", "inactive" : false, "newlyAdded" : false, "project" : "", "sequenceOrder" : "461530262", "severity" : "Major", "type" : "p6kQysgA" }] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:49.975+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.project.Project(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.project.Project(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 19, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.AutoCodeGenerator[\"project\"])", "path" : "/api/v1/autocode-generator" }] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTE4ZWUwZTQtNmNlNS00N2U3LTlhYTMtNWNlNzZmNDU3Njhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Time [355] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1] : Size [751] 2019-03-20 10:41:50 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTE4ZWUwZTQtNmNlNS00N2U3LTlhYTMtNWNlNzZmNDU3Njhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTE4ZWUwZTQtNmNlNS00N2U3LTlhYTMtNWNlNzZmNDU3Njhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTE4ZWUwZTQtNmNlNS00N2U3LTlhYTMtNWNlNzZmNDU3Njhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [AutoCodeGeneratorCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTE4ZWUwZTQtNmNlNS00N2U3LTlhYTMtNWNlNzZmNDU3Njhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "507247379", "branch" : "d792Tp5V", "bugsOpen" : "507247379", "createdBy" : "", "createdDate" : "", "description" : "d792Tp5V", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "d792Tp5V", "issueTracker" : "", "lastCommit" : "d792Tp5V", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "d792Tp5V", "openAPISpec" : "d792Tp5V", "openText" : "d792Tp5V", "org" : "", "props" : null, "url" : "d792Tp5V", "version" : "" }] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:50.353+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGFkZWJmZDMtMDhiYi00ZjUxLWFiODctMTk3Njc1NGViNTll; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Time [377] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1] : Size [744] 2019-03-20 10:41:50 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGFkZWJmZDMtMDhiYi00ZjUxLWFiODctMTk3Njc1NGViNTll; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGFkZWJmZDMtMDhiYi00ZjUxLWFiODctMTk3Njc1NGViNTll; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGFkZWJmZDMtMDhiYi00ZjUxLWFiODctMTk3Njc1NGViNTll; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:50 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGFkZWJmZDMtMDhiYi00ZjUxLWFiODctMTk3Njc1NGViNTll; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:49 GMT]}] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/autocode-generator] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Method [PUT] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Request [{ "abacResources" : [ { "createBody" : "fNmW8oXm", "createEndpoint" : "fNmW8oXm", "createUserAuth" : "fNmW8oXm", "createdBy" : "", "createdDate" : "", "deleteEndpoint" : "fNmW8oXm", "enumValues" : "fNmW8oXm", "generatorId" : "fNmW8oXm", "id" : "", "inactive" : false, "initScriptName" : "fNmW8oXm", "lock" : false, "modifiedBy" : "", "modifiedDate" : "", "resourceName" : "fNmW8oXm", "scripts" : [ { "body" : "fNmW8oXm", "deleteEndPoint" : "fNmW8oXm", "endpoint" : "fNmW8oXm", "resourceName" : "fNmW8oXm", "scriptName" : "fNmW8oXm", "scriptType" : "fNmW8oXm", "sequence" : "1516579080", "userAuth" : "fNmW8oXm", "validationScript" : false } ], "typeThreeCreateEndpoint" : "fNmW8oXm", "validations" : [ { "body" : "fNmW8oXm", "endpoint" : "fNmW8oXm", "inactive" : false, "lock" : false, "path" : "fNmW8oXm", "userAuth" : "fNmW8oXm", "validationType" : "fNmW8oXm" } ], "version" : "" } ], "assertionDescription" : "fNmW8oXm", "assertions" : [ "fNmW8oXm" ], "assertionsText" : "fNmW8oXm", "authors" : "fNmW8oXm", "category" : "SQL_Injection", "coverageMultiplier" : "1516579080", "currentScripts" : "1516579080", "database" : { "name" : "fNmW8oXm", "version" : "" }, "displayHeaderDescription" : "fNmW8oXm", "displayHeaderLabel" : "fNmW8oXm", "expectedScripts" : "1516579080", "fixHours" : "fNmW8oXm", "id" : "", "inactive" : false, "matches" : [ { "allowRoles" : "fNmW8oXm", "bodyProperties" : "fNmW8oXm", "denyRoles" : "fNmW8oXm", "id" : "", "methods" : "fNmW8oXm", "name" : "fNmW8oXm", "pathPatterns" : "fNmW8oXm", "queryParams" : "fNmW8oXm", "resourceSamples" : "fNmW8oXm", "value" : "fNmW8oXm" } ], "newlyAdded" : false, "project" : "", "sequenceOrder" : "1516579080", "severity" : "Major", "tags" : [ "fNmW8oXm" ], "type" : "fNmW8oXm" }] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:51.061+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.project.Project(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.project.Project(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 71, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.AutoCodeGenerator[\"project\"])", "path" : "/api/v1/autocode-generator" }] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2Y0N2FmODYtY2MyZC00Mzc4LThiMTAtOTkxZTdhODAyNzA5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:51 GMT]}] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Time [713] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Size [751] 2019-03-20 10:41:51 ERROR [ApiV1AutocodeGeneratorPutAutocodegeneratoruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : URL [http://13.56.210.25/api/v1/autocode-generator/] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Method [DELETE] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Request [null] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:51.638+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/autocode-generator/" }] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2JmYWQ0ODktMzcwOS00NjkzLWE4MDAtMjQ4MzFlNzY2OGJk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:51 GMT]}] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : StatusCode [405] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Time [568] 2019-03-20 10:41:51 DEBUG [ApiV1AutocodeGeneratorIdDeleteAutocodegeneratorhijack1] : Size [173] 2019-03-20 10:41:51 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:52.368+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/projects/" }] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWEyYmUzNGEtZjc0NC00ZDhkLTlhOTYtMDExOTk5ODc3NzQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:52 GMT]}] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [729] 2019-03-20 10:41:52 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163] 2019-03-20 10:41:52 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:52.994+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/issue-trackers/issue-tracker-bot/" }] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2IwZmI3MjUtY2VlYS00ZGFlLTg1NTAtZDBhNzk0ZWJjZTk5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:52 GMT]}] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [626] 2019-03-20 10:41:53 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187] 2019-03-20 10:41:53 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:53.515+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/skills/" }] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MGU5YzdlOGItMGI0MC00N2NjLWIyY2UtMzlmNGE1NDczMDFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [517] 2019-03-20 10:41:53 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161] 2019-03-20 10:41:53 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:54.261+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmYwZDc0YTQtZjU2MC00MWRjLThmMWUtNzgxODgyNjBlNDJl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [745] 2019-03-20 10:41:54 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:54 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:54.755+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjI5NDJiZDItYTQ0NS00MDZkLWJkNWUtOWUwZDhhZDUxZWNm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [492] 2019-03-20 10:41:54 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:54 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---