Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : ApiV1BotClustersPostClusteruserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzE1YWJlNjAtYTdjOS00MzQzLWI1NTAtNmRjNTA5NzVhZTQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}
Endpoint : http://13.56.210.25/api/v1/bot-clusters
Request :
{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "7Fo1PWCT",
"live" : "1686742487",
"manual" : false,
"manualScript" : "7Fo1PWCT",
"max" : "1686742487",
"min" : "1686742487",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "7Fo1PWCT",
"nodeId" : "7Fo1PWCT",
"org" : "",
"region" : "7Fo1PWCT",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}
Response :
{
"timestamp" : "2019-03-20T10:44:59.216+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}
Logs :
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "U40eORQt",
"company" : "Pfannerstill Group",
"createdBy" : "",
"createdDate" : "",
"description" : "U40eORQt",
"id" : "",
"inactive" : false,
"location" : "U40eORQt",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "U40eORQt",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:53.063+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzcxN2ZhMGEtNzhjOS00YWRhLWI3YmItZWVhOGVlZGNhOWVj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Time [1169]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:53 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzcxN2ZhMGEtNzhjOS00YWRhLWI3YmItZWVhOGVlZGNhOWVj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzcxN2ZhMGEtNzhjOS00YWRhLWI3YmItZWVhOGVlZGNhOWVj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzcxN2ZhMGEtNzhjOS00YWRhLWI3YmItZWVhOGVlZGNhOWVj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzcxN2ZhMGEtNzhjOS00YWRhLWI3YmItZWVhOGVlZGNhOWVj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "YCqLtxyr",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "YCqLtxyr",
"org" : "",
"prop1" : "YCqLtxyr",
"prop2" : "YCqLtxyr",
"prop3" : "YCqLtxyr",
"region" : "YCqLtxyr",
"secretKey" : "YCqLtxyr",
"version" : ""
}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:54.214+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2FiMGM2OGQtY2JmNi00ZmVhLTg4YmYtYzIxN2YxMTA2MDhi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Time [1163]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:54 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2FiMGM2OGQtY2JmNi00ZmVhLTg4YmYtYzIxN2YxMTA2MDhi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2FiMGM2OGQtY2JmNi00ZmVhLTg4YmYtYzIxN2YxMTA2MDhi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2FiMGM2OGQtY2JmNi00ZmVhLTg4YmYtYzIxN2YxMTA2MDhi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2FiMGM2OGQtY2JmNi00ZmVhLTg4YmYtYzIxN2YxMTA2MDhi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Request [{
"account" : "",
"cloudType" : "AWS",
"createdBy" : "",
"createdDate" : "",
"driver" : "KUBERNETES",
"id" : "",
"inactive" : false,
"key" : "YsTMBArY",
"live" : "1290666315",
"manual" : false,
"manualScript" : "YsTMBArY",
"max" : "1290666315",
"min" : "1290666315",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "YsTMBArY",
"nodeId" : "YsTMBArY",
"org" : "",
"region" : "YsTMBArY",
"status" : "DELETING",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:55.392+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWQ0YzdmYzQtNTRlNS00MzJhLTg2NTYtNjU5MmNlNzEzNGM3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Time [1163]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1] : Size [749]
2019-03-20 10:44:55 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWQ0YzdmYzQtNTRlNS00MzJhLTg2NTYtNjU5MmNlNzEzNGM3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWQ0YzdmYzQtNTRlNS00MzJhLTg2NTYtNjU5MmNlNzEzNGM3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWQ0YzdmYzQtNTRlNS00MzJhLTg2NTYtNjU5MmNlNzEzNGM3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWQ0YzdmYzQtNTRlNS00MzJhLTg2NTYtNjU5MmNlNzEzNGM3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "j57kVyFO",
"company" : "Dickens LLC",
"createdBy" : "",
"createdDate" : "",
"description" : "j57kVyFO",
"id" : "",
"inactive" : false,
"location" : "j57kVyFO",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "j57kVyFO",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:56.820+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTE1MmY5ZjgtYTYzYi00NWJkLThmMzktZDA4ZjBlZGNiYjU0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Time [1351]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:44:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTE1MmY5ZjgtYTYzYi00NWJkLThmMzktZDA4ZjBlZGNiYjU0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTE1MmY5ZjgtYTYzYi00NWJkLThmMzktZDA4ZjBlZGNiYjU0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTE1MmY5ZjgtYTYzYi00NWJkLThmMzktZDA4ZjBlZGNiYjU0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTE1MmY5ZjgtYTYzYi00NWJkLThmMzktZDA4ZjBlZGNiYjU0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "z8ktHixE",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "z8ktHixE",
"org" : "",
"prop1" : "z8ktHixE",
"prop2" : "z8ktHixE",
"prop3" : "z8ktHixE",
"region" : "z8ktHixE",
"secretKey" : "z8ktHixE",
"version" : ""
}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:58.233+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAzNTBmMDUtYzI5MC00MjUxLWExMWItOTdkMTc0OWE2NDQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Time [1411]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:44:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAzNTBmMDUtYzI5MC00MjUxLWExMWItOTdkMTc0OWE2NDQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAzNTBmMDUtYzI5MC00MjUxLWExMWItOTdkMTc0OWE2NDQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAzNTBmMDUtYzI5MC00MjUxLWExMWItOTdkMTc0OWE2NDQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzAzNTBmMDUtYzI5MC00MjUxLWExMWItOTdkMTc0OWE2NDQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Method [POST]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Request [{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "7Fo1PWCT",
"live" : "1686742487",
"manual" : false,
"manualScript" : "7Fo1PWCT",
"max" : "1686742487",
"min" : "1686742487",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "7Fo1PWCT",
"nodeId" : "7Fo1PWCT",
"org" : "",
"region" : "7Fo1PWCT",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:59.216+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzE1YWJlNjAtYTdjOS00MzQzLWI1NTAtNmRjNTA5NzVhZTQx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Time [980]
2019-03-20 10:44:59 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Size [749]
2019-03-20 10:44:59 ERROR [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Method [DELETE]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request [null]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:00.169+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/bot-clusters/"
}]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjlmMzBlNGUtOTlhYi00Njk2LTlkYTctMjRlOTY5NWNiOGY2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:59 GMT]}]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : StatusCode [405]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Time [952]
2019-03-20 10:45:00 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Size [167]
2019-03-20 10:45:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:01.528+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2RiY2YzMDYtMmVkOC00ZDMwLTgzN2ItMjliMTgxZjRlNjRi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1356]
2019-03-20 10:45:01 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:01 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:03.137+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjQ1OGUxN2QtMjQ2ZS00NWExLTk0ZDktOTQxN2MyYTc0NTAw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:02 GMT]}]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1609]
2019-03-20 10:45:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:03 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1BotClustersPostClusteruserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGE0ODY0OWItNjVlMS00YWE1LWE3OWQtMWY2M2YyMDRhZjM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:11 GMT]}
Endpoint : http://13.56.210.25/api/v1/bot-clusters
Request :
{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "35f5eGyx",
"live" : "1548809835",
"manual" : false,
"manualScript" : "35f5eGyx",
"max" : "1548809835",
"min" : "1548809835",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "35f5eGyx",
"nodeId" : "35f5eGyx",
"org" : "",
"region" : "35f5eGyx",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}
Response :
{
"timestamp" : "2019-03-20T10:47:12.340+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}
Logs :
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "RmY4JelT",
"company" : "Stokes-Stokes",
"createdBy" : "",
"createdDate" : "",
"description" : "RmY4JelT",
"id" : "",
"inactive" : false,
"location" : "RmY4JelT",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "RmY4JelT",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:05.346+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzQ1MjhjODUtYjgzMi00YmZkLTk4NWEtZDEwNjA3NTc3M2Qx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:04 GMT]}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Time [1864]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:47:05 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzQ1MjhjODUtYjgzMi00YmZkLTk4NWEtZDEwNjA3NTc3M2Qx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:04 GMT]}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzQ1MjhjODUtYjgzMi00YmZkLTk4NWEtZDEwNjA3NTc3M2Qx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:04 GMT]}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzQ1MjhjODUtYjgzMi00YmZkLTk4NWEtZDEwNjA3NTc3M2Qx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:04 GMT]}]
2019-03-20 10:47:05 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzQ1MjhjODUtYjgzMi00YmZkLTk4NWEtZDEwNjA3NTc3M2Qx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:04 GMT]}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Ql87UK2n",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Ql87UK2n",
"org" : "",
"prop1" : "Ql87UK2n",
"prop2" : "Ql87UK2n",
"prop3" : "Ql87UK2n",
"region" : "Ql87UK2n",
"secretKey" : "Ql87UK2n",
"version" : ""
}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:06.699+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGU3NzcyYzMtMzExYS00ZDA2LWI4MTYtMTMyM2IxMDYzMDRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Time [1352]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:47:06 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGU3NzcyYzMtMzExYS00ZDA2LWI4MTYtMTMyM2IxMDYzMDRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGU3NzcyYzMtMzExYS00ZDA2LWI4MTYtMTMyM2IxMDYzMDRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGU3NzcyYzMtMzExYS00ZDA2LWI4MTYtMTMyM2IxMDYzMDRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:06 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGU3NzcyYzMtMzExYS00ZDA2LWI4MTYtMTMyM2IxMDYzMDRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Request [{
"account" : "",
"cloudType" : "AWS",
"createdBy" : "",
"createdDate" : "",
"driver" : "KUBERNETES",
"id" : "",
"inactive" : false,
"key" : "N8VOXiLj",
"live" : "1707837609",
"manual" : false,
"manualScript" : "N8VOXiLj",
"max" : "1707837609",
"min" : "1707837609",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "N8VOXiLj",
"nodeId" : "N8VOXiLj",
"org" : "",
"region" : "N8VOXiLj",
"status" : "DELETING",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:08.140+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmU2NGE4ZDgtYjQwMi00ZTlhLWJhMzQtMDBlOTY3N2MyYTRj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:07 GMT]}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Time [1439]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1] : Size [749]
2019-03-20 10:47:08 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmU2NGE4ZDgtYjQwMi00ZTlhLWJhMzQtMDBlOTY3N2MyYTRj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:07 GMT]}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmU2NGE4ZDgtYjQwMi00ZTlhLWJhMzQtMDBlOTY3N2MyYTRj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:07 GMT]}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmU2NGE4ZDgtYjQwMi00ZTlhLWJhMzQtMDBlOTY3N2MyYTRj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:07 GMT]}]
2019-03-20 10:47:08 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmU2NGE4ZDgtYjQwMi00ZTlhLWJhMzQtMDBlOTY3N2MyYTRj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:07 GMT]}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "HE3zqA9f",
"company" : "Hahn-Hahn",
"createdBy" : "",
"createdDate" : "",
"description" : "HE3zqA9f",
"id" : "",
"inactive" : false,
"location" : "HE3zqA9f",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "HE3zqA9f",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:09.517+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODQzYWQ2YmItY2M3Yy00ODNmLTkzODUtOGRhZWJmNmY2NjE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Time [1322]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:47:09 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODQzYWQ2YmItY2M3Yy00ODNmLTkzODUtOGRhZWJmNmY2NjE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODQzYWQ2YmItY2M3Yy00ODNmLTkzODUtOGRhZWJmNmY2NjE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODQzYWQ2YmItY2M3Yy00ODNmLTkzODUtOGRhZWJmNmY2NjE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODQzYWQ2YmItY2M3Yy00ODNmLTkzODUtOGRhZWJmNmY2NjE4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "WOXHSe09",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "WOXHSe09",
"org" : "",
"prop1" : "WOXHSe09",
"prop2" : "WOXHSe09",
"prop3" : "WOXHSe09",
"region" : "WOXHSe09",
"secretKey" : "WOXHSe09",
"version" : ""
}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:11.060+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWNlMDlhZGYtMWU3ZC00NWYxLTg4MjItOWY1NWU5YTJkZmU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Time [1541]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:47:11 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWNlMDlhZGYtMWU3ZC00NWYxLTg4MjItOWY1NWU5YTJkZmU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWNlMDlhZGYtMWU3ZC00NWYxLTg4MjItOWY1NWU5YTJkZmU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWNlMDlhZGYtMWU3ZC00NWYxLTg4MjItOWY1NWU5YTJkZmU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWNlMDlhZGYtMWU3ZC00NWYxLTg4MjItOWY1NWU5YTJkZmU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Method [POST]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Request [{
"account" : "",
"cloudType" : "OTHER",
"createdBy" : "",
"createdDate" : "",
"driver" : "MANUAL",
"id" : "",
"inactive" : false,
"key" : "35f5eGyx",
"live" : "1548809835",
"manual" : false,
"manualScript" : "35f5eGyx",
"max" : "1548809835",
"min" : "1548809835",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "35f5eGyx",
"nodeId" : "35f5eGyx",
"org" : "",
"region" : "35f5eGyx",
"status" : "INACTIVE",
"version" : "",
"visibility" : "PUBLIC"
}]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:12.340+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])",
"path" : "/api/v1/bot-clusters"
}]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGE0ODY0OWItNjVlMS00YWE1LWE3OWQtMWY2M2YyMDRhZjM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:11 GMT]}]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Time [1275]
2019-03-20 10:47:12 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Size [749]
2019-03-20 10:47:12 ERROR [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Method [DELETE]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request [null]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response [{
"timestamp" : "2019-03-20T10:47:13.776+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/bot-clusters/"
}]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTllZDM2ZmMtZjE2YS00YmNlLThjZmQtZjU4ZWVlYzkxYWEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:13 GMT]}]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : StatusCode [405]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Time [1434]
2019-03-20 10:47:13 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Size [167]
2019-03-20 10:47:13 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:47:14.646+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjNmMTQxMGItMGQwMC00NjNmLThhZDAtMDVhYzlhY2ExZmM5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:14 GMT]}]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [869]
2019-03-20 10:47:14 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:47:14 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:47:16.073+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWU0ZjFmZjgtM2YxNy00NTUyLTgyZTItNjRmN2Y2ODc5MmE3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:15 GMT]}]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1425]
2019-03-20 10:47:16 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:47:16 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1BotClustersPostClusteruserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmM5ZjMwOGItNTQ1NC00ZWVjLTk5NDEtMmVmZDVjZTg0YjBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}
Endpoint : http://13.56.210.25/api/v1/bot-clusters
Request :
{ "account" : "", "cloudType" : "OTHER", "createdBy" : "", "createdDate" : "", "driver" : "MANUAL", "id" : "", "inactive" : false, "key" : "lOumBr0Q", "live" : "1446588852", "manual" : false, "manualScript" : "lOumBr0Q", "max" : "1446588852", "min" : "1446588852", "modifiedBy" : "", "modifiedDate" : "", "name" : "lOumBr0Q", "nodeId" : "lOumBr0Q", "org" : "", "region" : "lOumBr0Q", "status" : "INACTIVE", "version" : "", "visibility" : "PUBLIC" }
Response :
{ "timestamp" : "2019-03-20T10:41:56.759+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])", "path" : "/api/v1/bot-clusters" }Logs :
2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "0DcRwACV", "company" : "Schultz, Schultz and Schultz", "createdBy" : "", "createdDate" : "", "description" : "0DcRwACV", "id" : "", "inactive" : false, "location" : "0DcRwACV", "modifiedBy" : "", "modifiedDate" : "", "name" : "0DcRwACV", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:53.872+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA4M2JiMzYtZTUwMi00ZDQ5LTg2YTctYWVkODg2MGVhY2I1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Time [704] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:53 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA4M2JiMzYtZTUwMi00ZDQ5LTg2YTctYWVkODg2MGVhY2I1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA4M2JiMzYtZTUwMi00ZDQ5LTg2YTctYWVkODg2MGVhY2I1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA4M2JiMzYtZTUwMi00ZDQ5LTg2YTctYWVkODg2MGVhY2I1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:53 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA4M2JiMzYtZTUwMi00ZDQ5LTg2YTctYWVkODg2MGVhY2I1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:53 GMT]}] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "RCQWWaWy", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "RCQWWaWy", "org" : "", "prop1" : "RCQWWaWy", "prop2" : "RCQWWaWy", "prop3" : "RCQWWaWy", "region" : "RCQWWaWy", "secretKey" : "RCQWWaWy", "version" : "" }] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:54.459+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NThmZDU0NjEtOGY4YS00OWY4LWEyMzEtMGZjNTMwNzRkMDA2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Time [586] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:54 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NThmZDU0NjEtOGY4YS00OWY4LWEyMzEtMGZjNTMwNzRkMDA2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NThmZDU0NjEtOGY4YS00OWY4LWEyMzEtMGZjNTMwNzRkMDA2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NThmZDU0NjEtOGY4YS00OWY4LWEyMzEtMGZjNTMwNzRkMDA2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:54 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NThmZDU0NjEtOGY4YS00OWY4LWEyMzEtMGZjNTMwNzRkMDA2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Request [{ "account" : "", "cloudType" : "AWS", "createdBy" : "", "createdDate" : "", "driver" : "KUBERNETES", "id" : "", "inactive" : false, "key" : "KfdYawOk", "live" : "951937876", "manual" : false, "manualScript" : "KfdYawOk", "max" : "951937876", "min" : "951937876", "modifiedBy" : "", "modifiedDate" : "", "name" : "KfdYawOk", "nodeId" : "KfdYawOk", "org" : "", "region" : "KfdYawOk", "status" : "DELETING", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:55.025+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])", "path" : "/api/v1/bot-clusters" }] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI0MzUxZDgtNTBjNy00ZjYzLWI3NjYtNzQyOWE5MmI0Y2Zk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Time [564] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1] : Size [749] 2019-03-20 10:41:55 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI0MzUxZDgtNTBjNy00ZjYzLWI3NjYtNzQyOWE5MmI0Y2Zk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI0MzUxZDgtNTBjNy00ZjYzLWI3NjYtNzQyOWE5MmI0Y2Zk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI0MzUxZDgtNTBjNy00ZjYzLWI3NjYtNzQyOWE5MmI0Y2Zk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [ClusterCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI0MzUxZDgtNTBjNy00ZjYzLWI3NjYtNzQyOWE5MmI0Y2Zk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Request [{ "billingEmail" : "3Qj7SKLU", "company" : "Barrows-Barrows", "createdBy" : "", "createdDate" : "", "description" : "3Qj7SKLU", "id" : "", "inactive" : false, "location" : "3Qj7SKLU", "modifiedBy" : "", "modifiedDate" : "", "name" : "3Qj7SKLU", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:55.762+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTM3NTZkMjAtMDhhMi00M2QyLWI2NzgtOWMxMGYxMjg5YzY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Time [612] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1] : Size [121] 2019-03-20 10:41:55 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTM3NTZkMjAtMDhhMi00M2QyLWI2NzgtOWMxMGYxMjg5YzY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTM3NTZkMjAtMDhhMi00M2QyLWI2NzgtOWMxMGYxMjg5YzY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTM3NTZkMjAtMDhhMi00M2QyLWI2NzgtOWMxMGYxMjg5YzY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTM3NTZkMjAtMDhhMi00M2QyLWI2NzgtOWMxMGYxMjg5YzY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Request [{ "accessKey" : "078sNMT8", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "078sNMT8", "org" : "", "prop1" : "078sNMT8", "prop2" : "078sNMT8", "prop3" : "078sNMT8", "region" : "078sNMT8", "secretKey" : "078sNMT8", "version" : "" }] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:56.368+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Njc4ZWZiNGQtZTM4Ny00ZjZlLWJiNDAtMjExMjNiZmNlZmUz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Time [605] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1] : Size [722] 2019-03-20 10:41:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Njc4ZWZiNGQtZTM4Ny00ZjZlLWJiNDAtMjExMjNiZmNlZmUz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Njc4ZWZiNGQtZTM4Ny00ZjZlLWJiNDAtMjExMjNiZmNlZmUz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Njc4ZWZiNGQtZTM4Ny00ZjZlLWJiNDAtMjExMjNiZmNlZmUz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Njc4ZWZiNGQtZTM4Ny00ZjZlLWJiNDAtMjExMjNiZmNlZmUz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/bot-clusters] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Method [POST] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Request [{ "account" : "", "cloudType" : "OTHER", "createdBy" : "", "createdDate" : "", "driver" : "MANUAL", "id" : "", "inactive" : false, "key" : "lOumBr0Q", "live" : "1446588852", "manual" : false, "manualScript" : "lOumBr0Q", "max" : "1446588852", "min" : "1446588852", "modifiedBy" : "", "modifiedDate" : "", "name" : "lOumBr0Q", "nodeId" : "lOumBr0Q", "org" : "", "region" : "lOumBr0Q", "status" : "INACTIVE", "version" : "", "visibility" : "PUBLIC" }] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:56.759+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.clusters.Cluster[\"account\"])", "path" : "/api/v1/bot-clusters" }] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmM5ZjMwOGItNTQ1NC00ZWVjLTk5NDEtMmVmZDVjZTg0YjBi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Time [388] 2019-03-20 10:41:56 DEBUG [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Size [749] 2019-03-20 10:41:56 ERROR [ApiV1BotClustersPostClusteruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : URL [http://13.56.210.25/api/v1/bot-clusters/] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Method [DELETE] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request [null] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.369+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/bot-clusters/" }] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGJkYTI1NDMtMmM1MS00YTUzLWJjYjItMDc3M2I0YTZiMzhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : StatusCode [405] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Time [610] 2019-03-20 10:41:57 DEBUG [ApiV1BotClustersIdDeleteClusterhijack1] : Size [167] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.877+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGI5ZjYzNjItZDM3Ni00MGYxLWJmNGQtMWZiYWU0ODFjOTFk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [504] 2019-03-20 10:41:57 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:58.295+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGVhNzVjZDQtNWVmYy00ZjYyLTgyNGUtZTU5YTU5YWRhMjQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [416] 2019-03-20 10:41:58 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:58 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---