Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDhjNzVmY2YtODA5MC00MzQ0LWI3MDEtMTcyMDYyMWM4N2Zm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{
"assertions" : [ "7sTjPZt6" ],
"assertionsText" : "7sTjPZt6",
"auth" : "7sTjPZt6",
"authors" : [ "7sTjPZt6" ],
"authorsText" : "7sTjPZt6",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "7sTjPZt6" ],
"cleanupText" : "7sTjPZt6",
"createdBy" : "",
"createdDate" : "",
"description" : "7sTjPZt6",
"endpoint" : "7sTjPZt6",
"headers" : [ "7sTjPZt6" ],
"headersText" : "7sTjPZt6",
"id" : "",
"inactive" : false,
"init" : [ "7sTjPZt6" ],
"initText" : "7sTjPZt6",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "7sTjPZt6",
"parent" : "7sTjPZt6",
"path" : "7sTjPZt6",
"policies" : {
"cleanupExec" : "7sTjPZt6",
"initExec" : "7sTjPZt6",
"logger" : "7sTjPZt6",
"repeat" : "1788569360",
"repeatDelay" : "1788569360",
"repeatModule" : "7sTjPZt6",
"repeatOnFailure" : "1788569360",
"timeoutSeconds" : "1788569360"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "7sTjPZt6" ],
"tagsText" : "7sTjPZt6",
"testCases" : [ {
"body" : "7sTjPZt6",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "7sTjPZt6"
}
Response :
{
"timestamp" : "2019-03-20T10:45:01.411+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}
Logs :
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "AW07bzYt",
"company" : "Cormier, Cormier and Cormier",
"createdBy" : "",
"createdDate" : "",
"description" : "AW07bzYt",
"id" : "",
"inactive" : false,
"location" : "AW07bzYt",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "AW07bzYt",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:53.287+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRmOGEwMTktNDcyNS00MDkyLWFhM2QtZDQ4OTEyY2FhMjBj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Time [1092]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:53 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRmOGEwMTktNDcyNS00MDkyLWFhM2QtZDQ4OTEyY2FhMjBj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRmOGEwMTktNDcyNS00MDkyLWFhM2QtZDQ4OTEyY2FhMjBj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRmOGEwMTktNDcyNS00MDkyLWFhM2QtZDQ4OTEyY2FhMjBj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:53 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRmOGEwMTktNDcyNS00MDkyLWFhM2QtZDQ4OTEyY2FhMjBj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:52 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "FYNB8XVM",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "FYNB8XVM",
"org" : "",
"prop1" : "FYNB8XVM",
"prop2" : "FYNB8XVM",
"prop3" : "FYNB8XVM",
"region" : "FYNB8XVM",
"secretKey" : "FYNB8XVM",
"version" : ""
}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:54.336+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjFmODQ1NmUtNzU3MS00ZmZlLWFlZjYtMzZjYTM3NDIwZjlk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Time [1048]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:54 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjFmODQ1NmUtNzU3MS00ZmZlLWFlZjYtMzZjYTM3NDIwZjlk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjFmODQ1NmUtNzU3MS00ZmZlLWFlZjYtMzZjYTM3NDIwZjlk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjFmODQ1NmUtNzU3MS00ZmZlLWFlZjYtMzZjYTM3NDIwZjlk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:54 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjFmODQ1NmUtNzU3MS00ZmZlLWFlZjYtMzZjYTM3NDIwZjlk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:53 GMT]}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "YhfB9SlM",
"createdBy" : "",
"createdDate" : "",
"description" : "YhfB9SlM",
"host" : "YhfB9SlM",
"id" : "",
"inactive" : false,
"key" : "YhfB9SlM",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "YhfB9SlM",
"org" : "",
"prop1" : "YhfB9SlM",
"prop2" : "YhfB9SlM",
"prop3" : "YhfB9SlM",
"prop4" : "YhfB9SlM",
"prop5" : "YhfB9SlM",
"secretKey" : "YhfB9SlM",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:55.404+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjllM2Q3ODAtY2ViNy00M2MxLTkxOWYtZWRjMGM0M2ZmOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Time [1066]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:44:55 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjllM2Q3ODAtY2ViNy00M2MxLTkxOWYtZWRjMGM0M2ZmOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjllM2Q3ODAtY2ViNy00M2MxLTkxOWYtZWRjMGM0M2ZmOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjllM2Q3ODAtY2ViNy00M2MxLTkxOWYtZWRjMGM0M2ZmOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:55 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjllM2Q3ODAtY2ViNy00M2MxLTkxOWYtZWRjMGM0M2ZmOWYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:54 GMT]}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "bZqYjEaG",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "bZqYjEaG",
"org" : "",
"prop1" : "bZqYjEaG",
"prop2" : "bZqYjEaG",
"prop3" : "bZqYjEaG",
"prop4" : "bZqYjEaG",
"prop5" : "bZqYjEaG",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:56.756+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjE1NDUzYWEtMmZlNi00OTExLTgzZDEtNDUwY2U0NjRkOTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1351]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:44:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjE1NDUzYWEtMmZlNi00OTExLTgzZDEtNDUwY2U0NjRkOTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjE1NDUzYWEtMmZlNi00OTExLTgzZDEtNDUwY2U0NjRkOTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjE1NDUzYWEtMmZlNi00OTExLTgzZDEtNDUwY2U0NjRkOTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:56 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjE1NDUzYWEtMmZlNi00OTExLTgzZDEtNDUwY2U0NjRkOTYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "1656732273",
"branch" : "AqYrcR37",
"bugsOpen" : "1656732273",
"createdBy" : "",
"createdDate" : "",
"description" : "AqYrcR37",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "AqYrcR37",
"issueTracker" : "",
"lastCommit" : "AqYrcR37",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "AqYrcR37",
"openAPISpec" : "AqYrcR37",
"openText" : "AqYrcR37",
"org" : "",
"props" : null,
"url" : "AqYrcR37",
"version" : ""
}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:58.041+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI4M2VlYWUtZWJhNi00NDUyLWI4MzUtNzkyM2M1NGMyMjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Time [1284]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:44:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI4M2VlYWUtZWJhNi00NDUyLWI4MzUtNzkyM2M1NGMyMjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI4M2VlYWUtZWJhNi00NDUyLWI4MzUtNzkyM2M1NGMyMjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI4M2VlYWUtZWJhNi00NDUyLWI4MzUtNzkyM2M1NGMyMjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjI4M2VlYWUtZWJhNi00NDUyLWI4MzUtNzkyM2M1NGMyMjZi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "v8ECmONi",
"auth" : "v8ECmONi",
"authorsText" : "v8ECmONi",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "v8ECmONi",
"createdBy" : "",
"createdDate" : "",
"description" : "v8ECmONi",
"endpoint" : "v8ECmONi",
"headersText" : "v8ECmONi",
"id" : "",
"inactive" : false,
"initText" : "v8ECmONi",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "v8ECmONi",
"parent" : "v8ECmONi",
"path" : "v8ECmONi",
"policie" : {
"cleanupExec" : "v8ECmONi",
"initExec" : "v8ECmONi",
"logger" : "v8ECmONi",
"repeat" : "1135255131",
"repeatDelay" : "1135255131",
"repeatModule" : "v8ECmONi",
"repeatOnFailure" : "1135255131",
"timeoutSeconds" : "1135255131"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "v8ECmONi",
"type" : "Abstract",
"version" : "",
"yaml" : "v8ECmONi"
}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:58.968+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRmOTZjNmUtMmZkYi00Y2FjLTg3MTYtNjRkM2IwMjk1YzU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [922]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:44:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRmOTZjNmUtMmZkYi00Y2FjLTg3MTYtNjRkM2IwMjk1YzU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRmOTZjNmUtMmZkYi00Y2FjLTg3MTYtNjRkM2IwMjk1YzU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRmOTZjNmUtMmZkYi00Y2FjLTg3MTYtNjRkM2IwMjk1YzU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:58 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWRmOTZjNmUtMmZkYi00Y2FjLTg3MTYtNjRkM2IwMjk1YzU2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "43299756",
"branch" : "1Mbm94cO",
"bugsOpen" : "43299756",
"createdBy" : "",
"createdDate" : "",
"description" : "1Mbm94cO",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "1Mbm94cO",
"issueTracker" : "",
"lastCommit" : "1Mbm94cO",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "1Mbm94cO",
"openAPISpec" : "1Mbm94cO",
"openText" : "1Mbm94cO",
"org" : "",
"props" : null,
"url" : "1Mbm94cO",
"version" : ""
}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:00.088+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGIxNjA3M2QtN2M5NC00MGVmLTkwOWYtODEzOTcwOGJjOThm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:59 GMT]}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Time [1119]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:45:00 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGIxNjA3M2QtN2M5NC00MGVmLTkwOWYtODEzOTcwOGJjOThm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:59 GMT]}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGIxNjA3M2QtN2M5NC00MGVmLTkwOWYtODEzOTcwOGJjOThm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:59 GMT]}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGIxNjA3M2QtN2M5NC00MGVmLTkwOWYtODEzOTcwOGJjOThm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:59 GMT]}]
2019-03-20 10:45:00 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGIxNjA3M2QtN2M5NC00MGVmLTkwOWYtODEzOTcwOGJjOThm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:59 GMT]}]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Method [POST]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "7sTjPZt6" ],
"assertionsText" : "7sTjPZt6",
"auth" : "7sTjPZt6",
"authors" : [ "7sTjPZt6" ],
"authorsText" : "7sTjPZt6",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "7sTjPZt6" ],
"cleanupText" : "7sTjPZt6",
"createdBy" : "",
"createdDate" : "",
"description" : "7sTjPZt6",
"endpoint" : "7sTjPZt6",
"headers" : [ "7sTjPZt6" ],
"headersText" : "7sTjPZt6",
"id" : "",
"inactive" : false,
"init" : [ "7sTjPZt6" ],
"initText" : "7sTjPZt6",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "7sTjPZt6",
"parent" : "7sTjPZt6",
"path" : "7sTjPZt6",
"policies" : {
"cleanupExec" : "7sTjPZt6",
"initExec" : "7sTjPZt6",
"logger" : "7sTjPZt6",
"repeat" : "1788569360",
"repeatDelay" : "1788569360",
"repeatModule" : "7sTjPZt6",
"repeatOnFailure" : "1788569360",
"timeoutSeconds" : "1788569360"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "7sTjPZt6" ],
"tagsText" : "7sTjPZt6",
"testCases" : [ {
"body" : "7sTjPZt6",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "7sTjPZt6"
}]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:01.411+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDhjNzVmY2YtODA5MC00MzQ0LWI3MDEtMTcyMDYyMWM4N2Zm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Time [1322]
2019-03-20 10:45:01 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Size [750]
2019-03-20 10:45:01 ERROR [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:45:02.764+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODAzNWY2ODItOTRhOC00YzUxLWI1NWQtY2FjOWRiOTU2YjE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [1350]
2019-03-20 10:45:02 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:45:02 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:04.413+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjhhZGY5MDEtOWZkYy00YmJhLThmNTgtM2MyNzU4NjQwZGU4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1650]
2019-03-20 10:45:04 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:45:04 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:05.675+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGY3YzQ2MzMtNDM2My00YjgxLWFkMmUtNmE4Y2VjMGEwM2Ew; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:05 GMT]}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1259]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:45:05 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:07.003+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGQyY2Y0ZjAtZjNjMC00NzY1LWE1MWItMDAyYTk3MzIzY2Vk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:07 GMT]}]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1362]
2019-03-20 10:45:07 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:45:07 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:08.668+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjJmOTdhODEtOTU2My00ODI3LWFmYjctNGIwNmQ2ODM0MTkz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:08 GMT]}]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1630]
2019-03-20 10:45:08 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:08 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:10.245+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTY2Y2ZlOWMtN2ZjZS00Y2U5LWIxYjMtMTQ0NGYyNjA5NjVk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:10 GMT]}]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1576]
2019-03-20 10:45:10 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:10 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTk0MTUwNzktZDczZC00NGNkLTliMTgtMGNiZjEzZmJkYTAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:52 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{
"assertions" : [ "aNMrvZTu" ],
"assertionsText" : "aNMrvZTu",
"auth" : "aNMrvZTu",
"authors" : [ "aNMrvZTu" ],
"authorsText" : "aNMrvZTu",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "aNMrvZTu" ],
"cleanupText" : "aNMrvZTu",
"createdBy" : "",
"createdDate" : "",
"description" : "aNMrvZTu",
"endpoint" : "aNMrvZTu",
"headers" : [ "aNMrvZTu" ],
"headersText" : "aNMrvZTu",
"id" : "",
"inactive" : false,
"init" : [ "aNMrvZTu" ],
"initText" : "aNMrvZTu",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "aNMrvZTu",
"parent" : "aNMrvZTu",
"path" : "aNMrvZTu",
"policies" : {
"cleanupExec" : "aNMrvZTu",
"initExec" : "aNMrvZTu",
"logger" : "aNMrvZTu",
"repeat" : "597607958",
"repeatDelay" : "597607958",
"repeatModule" : "aNMrvZTu",
"repeatOnFailure" : "597607958",
"timeoutSeconds" : "597607958"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "aNMrvZTu" ],
"tagsText" : "aNMrvZTu",
"testCases" : [ {
"body" : "aNMrvZTu",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "aNMrvZTu"
}
Response :
{
"timestamp" : "2019-03-20T10:45:53.480+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}
Logs :
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "rfIJV1fX",
"company" : "Dietrich-Dietrich",
"createdBy" : "",
"createdDate" : "",
"description" : "rfIJV1fX",
"id" : "",
"inactive" : false,
"location" : "rfIJV1fX",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "rfIJV1fX",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:42.621+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjgzZTRiMTktMjIxMy00ZGYzLWEyMDEtNGVmYjQ2MGM0M2I3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:42 GMT]}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Time [1112]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:45:42 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjgzZTRiMTktMjIxMy00ZGYzLWEyMDEtNGVmYjQ2MGM0M2I3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:42 GMT]}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjgzZTRiMTktMjIxMy00ZGYzLWEyMDEtNGVmYjQ2MGM0M2I3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:42 GMT]}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjgzZTRiMTktMjIxMy00ZGYzLWEyMDEtNGVmYjQ2MGM0M2I3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:42 GMT]}]
2019-03-20 10:45:42 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjgzZTRiMTktMjIxMy00ZGYzLWEyMDEtNGVmYjQ2MGM0M2I3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:42 GMT]}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "BOkIgOt7",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "BOkIgOt7",
"org" : "",
"prop1" : "BOkIgOt7",
"prop2" : "BOkIgOt7",
"prop3" : "BOkIgOt7",
"region" : "BOkIgOt7",
"secretKey" : "BOkIgOt7",
"version" : ""
}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:43.909+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2ExMTAzOTgtMzFmMi00MjdiLTlkMjQtZjY4MTJkNTI3OTRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:43 GMT]}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Time [1286]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:45:43 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2ExMTAzOTgtMzFmMi00MjdiLTlkMjQtZjY4MTJkNTI3OTRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:43 GMT]}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2ExMTAzOTgtMzFmMi00MjdiLTlkMjQtZjY4MTJkNTI3OTRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:43 GMT]}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2ExMTAzOTgtMzFmMi00MjdiLTlkMjQtZjY4MTJkNTI3OTRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:43 GMT]}]
2019-03-20 10:45:43 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2ExMTAzOTgtMzFmMi00MjdiLTlkMjQtZjY4MTJkNTI3OTRh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:43 GMT]}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "PO5UmMcf",
"createdBy" : "",
"createdDate" : "",
"description" : "PO5UmMcf",
"host" : "PO5UmMcf",
"id" : "",
"inactive" : false,
"key" : "PO5UmMcf",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "PO5UmMcf",
"org" : "",
"prop1" : "PO5UmMcf",
"prop2" : "PO5UmMcf",
"prop3" : "PO5UmMcf",
"prop4" : "PO5UmMcf",
"prop5" : "PO5UmMcf",
"secretKey" : "PO5UmMcf",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:45.490+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTJlN2JhYjItYTUwMy00ZTU0LWE3YjAtZGZjNWQyMTJmYTg0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:44 GMT]}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Time [1579]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:45:45 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTJlN2JhYjItYTUwMy00ZTU0LWE3YjAtZGZjNWQyMTJmYTg0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:44 GMT]}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTJlN2JhYjItYTUwMy00ZTU0LWE3YjAtZGZjNWQyMTJmYTg0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:44 GMT]}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTJlN2JhYjItYTUwMy00ZTU0LWE3YjAtZGZjNWQyMTJmYTg0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:44 GMT]}]
2019-03-20 10:45:45 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTJlN2JhYjItYTUwMy00ZTU0LWE3YjAtZGZjNWQyMTJmYTg0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:44 GMT]}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "NQOo11iU",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "NQOo11iU",
"org" : "",
"prop1" : "NQOo11iU",
"prop2" : "NQOo11iU",
"prop3" : "NQOo11iU",
"prop4" : "NQOo11iU",
"prop5" : "NQOo11iU",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:47.320+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM0MmQzNWYtNjZhMy00YzM0LWFkMTUtNGYyYzA3ZWU5MGVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:46 GMT]}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1835]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:45:47 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM0MmQzNWYtNjZhMy00YzM0LWFkMTUtNGYyYzA3ZWU5MGVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:46 GMT]}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM0MmQzNWYtNjZhMy00YzM0LWFkMTUtNGYyYzA3ZWU5MGVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:46 GMT]}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM0MmQzNWYtNjZhMy00YzM0LWFkMTUtNGYyYzA3ZWU5MGVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:46 GMT]}]
2019-03-20 10:45:47 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM0MmQzNWYtNjZhMy00YzM0LWFkMTUtNGYyYzA3ZWU5MGVi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:46 GMT]}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "835311580",
"branch" : "Otb9tESV",
"bugsOpen" : "835311580",
"createdBy" : "",
"createdDate" : "",
"description" : "Otb9tESV",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "Otb9tESV",
"issueTracker" : "",
"lastCommit" : "Otb9tESV",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Otb9tESV",
"openAPISpec" : "Otb9tESV",
"openText" : "Otb9tESV",
"org" : "",
"props" : null,
"url" : "Otb9tESV",
"version" : ""
}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:49.062+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTgwNWZiODItNWY1ZS00NWI3LThmMDktYzBkMmI5MjFkMjVl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:48 GMT]}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Time [1733]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:45:49 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTgwNWZiODItNWY1ZS00NWI3LThmMDktYzBkMmI5MjFkMjVl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:48 GMT]}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTgwNWZiODItNWY1ZS00NWI3LThmMDktYzBkMmI5MjFkMjVl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:48 GMT]}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTgwNWZiODItNWY1ZS00NWI3LThmMDktYzBkMmI5MjFkMjVl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:48 GMT]}]
2019-03-20 10:45:49 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTgwNWZiODItNWY1ZS00NWI3LThmMDktYzBkMmI5MjFkMjVl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:48 GMT]}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "PHTHh0DF",
"auth" : "PHTHh0DF",
"authorsText" : "PHTHh0DF",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "PHTHh0DF",
"createdBy" : "",
"createdDate" : "",
"description" : "PHTHh0DF",
"endpoint" : "PHTHh0DF",
"headersText" : "PHTHh0DF",
"id" : "",
"inactive" : false,
"initText" : "PHTHh0DF",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "PHTHh0DF",
"parent" : "PHTHh0DF",
"path" : "PHTHh0DF",
"policie" : {
"cleanupExec" : "PHTHh0DF",
"initExec" : "PHTHh0DF",
"logger" : "PHTHh0DF",
"repeat" : "563643040",
"repeatDelay" : "563643040",
"repeatModule" : "PHTHh0DF",
"repeatOnFailure" : "563643040",
"timeoutSeconds" : "563643040"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "PHTHh0DF",
"type" : "Abstract",
"version" : "",
"yaml" : "PHTHh0DF"
}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:50.659+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzAyYzhiNWYtMTgzNC00OGFkLWJiZTYtNDI5YTA2N2U0MTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:49 GMT]}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [1594]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:45:50 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzAyYzhiNWYtMTgzNC00OGFkLWJiZTYtNDI5YTA2N2U0MTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:49 GMT]}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzAyYzhiNWYtMTgzNC00OGFkLWJiZTYtNDI5YTA2N2U0MTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:49 GMT]}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzAyYzhiNWYtMTgzNC00OGFkLWJiZTYtNDI5YTA2N2U0MTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:49 GMT]}]
2019-03-20 10:45:50 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzAyYzhiNWYtMTgzNC00OGFkLWJiZTYtNDI5YTA2N2U0MTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:49 GMT]}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "921910453",
"branch" : "KnwHIStO",
"bugsOpen" : "921910453",
"createdBy" : "",
"createdDate" : "",
"description" : "KnwHIStO",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "KnwHIStO",
"issueTracker" : "",
"lastCommit" : "KnwHIStO",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "KnwHIStO",
"openAPISpec" : "KnwHIStO",
"openText" : "KnwHIStO",
"org" : "",
"props" : null,
"url" : "KnwHIStO",
"version" : ""
}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:52.244+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWQ0ZWRmYjktYzg3OC00ZDQ5LTg0YTEtZWJkNTcxN2I4NGYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:51 GMT]}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Time [1592]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:45:52 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWQ0ZWRmYjktYzg3OC00ZDQ5LTg0YTEtZWJkNTcxN2I4NGYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:51 GMT]}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWQ0ZWRmYjktYzg3OC00ZDQ5LTg0YTEtZWJkNTcxN2I4NGYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:51 GMT]}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWQ0ZWRmYjktYzg3OC00ZDQ5LTg0YTEtZWJkNTcxN2I4NGYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:51 GMT]}]
2019-03-20 10:45:52 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWQ0ZWRmYjktYzg3OC00ZDQ5LTg0YTEtZWJkNTcxN2I4NGYy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:51 GMT]}]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Method [POST]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "aNMrvZTu" ],
"assertionsText" : "aNMrvZTu",
"auth" : "aNMrvZTu",
"authors" : [ "aNMrvZTu" ],
"authorsText" : "aNMrvZTu",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "aNMrvZTu" ],
"cleanupText" : "aNMrvZTu",
"createdBy" : "",
"createdDate" : "",
"description" : "aNMrvZTu",
"endpoint" : "aNMrvZTu",
"headers" : [ "aNMrvZTu" ],
"headersText" : "aNMrvZTu",
"id" : "",
"inactive" : false,
"init" : [ "aNMrvZTu" ],
"initText" : "aNMrvZTu",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "aNMrvZTu",
"parent" : "aNMrvZTu",
"path" : "aNMrvZTu",
"policies" : {
"cleanupExec" : "aNMrvZTu",
"initExec" : "aNMrvZTu",
"logger" : "aNMrvZTu",
"repeat" : "597607958",
"repeatDelay" : "597607958",
"repeatModule" : "aNMrvZTu",
"repeatOnFailure" : "597607958",
"timeoutSeconds" : "597607958"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "aNMrvZTu" ],
"tagsText" : "aNMrvZTu",
"testCases" : [ {
"body" : "aNMrvZTu",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "aNMrvZTu"
}]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:53.480+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTk0MTUwNzktZDczZC00NGNkLTliMTgtMGNiZjEzZmJkYTAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:52 GMT]}]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Time [1226]
2019-03-20 10:45:53 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Size [750]
2019-03-20 10:45:53 ERROR [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:45:55.040+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTcxNTBlNzAtMDFhYS00Y2QwLWJkMGEtZjVmZDNjNGQ0Mjg2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:54 GMT]}]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [1557]
2019-03-20 10:45:55 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:45:55 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:56.913+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGY3NjZjNDQtOGUwMi00NmQ3LWFjZGUtOThmN2NjNTU2YzM3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:56 GMT]}]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1872]
2019-03-20 10:45:56 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:45:56 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:58.949+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=N2E3YTczOGItN2I2MC00ZDY4LTg4ZjYtMmIyOTdlMGY5YTY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:58 GMT]}]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [2036]
2019-03-20 10:45:58 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:45:58 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:46:00.827+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWM1NTZlZWQtZWFkOC00ZGJmLTkxMjItYjk1ZjZjYzA0NzFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:00 GMT]}]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1878]
2019-03-20 10:46:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:46:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:46:02.273+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OTVkYjdkMDgtNzRlMS00MmZiLWE2MTUtZmJhODljZjNkNzhl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:01 GMT]}]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1448]
2019-03-20 10:46:02 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:46:02 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:46:03.633+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODFlN2RlNWUtYzdjMC00YjhjLWJmM2ItNTljYzNmMTQwZGI2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:46:02 GMT]}]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1364]
2019-03-20 10:46:03 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:46:03 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGZlZWFiY2QtODJjMC00YmYzLThiZTEtODdhNzJmMjFiZGJm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:13 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{
"assertions" : [ "nnPASKxZ" ],
"assertionsText" : "nnPASKxZ",
"auth" : "nnPASKxZ",
"authors" : [ "nnPASKxZ" ],
"authorsText" : "nnPASKxZ",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "nnPASKxZ" ],
"cleanupText" : "nnPASKxZ",
"createdBy" : "",
"createdDate" : "",
"description" : "nnPASKxZ",
"endpoint" : "nnPASKxZ",
"headers" : [ "nnPASKxZ" ],
"headersText" : "nnPASKxZ",
"id" : "",
"inactive" : false,
"init" : [ "nnPASKxZ" ],
"initText" : "nnPASKxZ",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "nnPASKxZ",
"parent" : "nnPASKxZ",
"path" : "nnPASKxZ",
"policies" : {
"cleanupExec" : "nnPASKxZ",
"initExec" : "nnPASKxZ",
"logger" : "nnPASKxZ",
"repeat" : "672311439",
"repeatDelay" : "672311439",
"repeatModule" : "nnPASKxZ",
"repeatOnFailure" : "672311439",
"timeoutSeconds" : "672311439"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "nnPASKxZ" ],
"tagsText" : "nnPASKxZ",
"testCases" : [ {
"body" : "nnPASKxZ",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "nnPASKxZ"
}
Response :
{
"timestamp" : "2019-03-20T10:47:13.848+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}
Logs :
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "xWRobZzd",
"company" : "Stokes Inc",
"createdBy" : "",
"createdDate" : "",
"description" : "xWRobZzd",
"id" : "",
"inactive" : false,
"location" : "xWRobZzd",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "xWRobZzd",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:03.829+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjgzMDU4OGYtYTI2Zi00Y2Q3LWFkMjgtMmFlMGNiN2U2OTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:03 GMT]}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Time [1795]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:47:03 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjgzMDU4OGYtYTI2Zi00Y2Q3LWFkMjgtMmFlMGNiN2U2OTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:03 GMT]}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjgzMDU4OGYtYTI2Zi00Y2Q3LWFkMjgtMmFlMGNiN2U2OTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:03 GMT]}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjgzMDU4OGYtYTI2Zi00Y2Q3LWFkMjgtMmFlMGNiN2U2OTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:03 GMT]}]
2019-03-20 10:47:03 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjgzMDU4OGYtYTI2Zi00Y2Q3LWFkMjgtMmFlMGNiN2U2OTdi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:03 GMT]}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "eVUQ1cSf",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "eVUQ1cSf",
"org" : "",
"prop1" : "eVUQ1cSf",
"prop2" : "eVUQ1cSf",
"prop3" : "eVUQ1cSf",
"region" : "eVUQ1cSf",
"secretKey" : "eVUQ1cSf",
"version" : ""
}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:05.575+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDdjZTlmYjYtZmIwOC00OWEyLWI1ZmYtNjc3NmM2YzNlZjYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:05 GMT]}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Time [1744]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:47:05 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDdjZTlmYjYtZmIwOC00OWEyLWI1ZmYtNjc3NmM2YzNlZjYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:05 GMT]}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDdjZTlmYjYtZmIwOC00OWEyLWI1ZmYtNjc3NmM2YzNlZjYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:05 GMT]}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDdjZTlmYjYtZmIwOC00OWEyLWI1ZmYtNjc3NmM2YzNlZjYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:05 GMT]}]
2019-03-20 10:47:05 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDdjZTlmYjYtZmIwOC00OWEyLWI1ZmYtNjc3NmM2YzNlZjYz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:05 GMT]}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "5jDZdq8M",
"createdBy" : "",
"createdDate" : "",
"description" : "5jDZdq8M",
"host" : "5jDZdq8M",
"id" : "",
"inactive" : false,
"key" : "5jDZdq8M",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5jDZdq8M",
"org" : "",
"prop1" : "5jDZdq8M",
"prop2" : "5jDZdq8M",
"prop3" : "5jDZdq8M",
"prop4" : "5jDZdq8M",
"prop5" : "5jDZdq8M",
"secretKey" : "5jDZdq8M",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:07.030+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQzOTQ3NDQtZTk0NC00OWEwLWFmOWItMDc2OGI1Zjc5ODIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Time [1455]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:47:07 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQzOTQ3NDQtZTk0NC00OWEwLWFmOWItMDc2OGI1Zjc5ODIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQzOTQ3NDQtZTk0NC00OWEwLWFmOWItMDc2OGI1Zjc5ODIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQzOTQ3NDQtZTk0NC00OWEwLWFmOWItMDc2OGI1Zjc5ODIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:07 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NWQzOTQ3NDQtZTk0NC00OWEwLWFmOWItMDc2OGI1Zjc5ODIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:06 GMT]}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "kKp1UOzJ",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "kKp1UOzJ",
"org" : "",
"prop1" : "kKp1UOzJ",
"prop2" : "kKp1UOzJ",
"prop3" : "kKp1UOzJ",
"prop4" : "kKp1UOzJ",
"prop5" : "kKp1UOzJ",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:08.472+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDExM2E0ODYtOTQ1Zi00MDU0LWEzNWItNDhiMmIwMzk2ZGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:08 GMT]}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [1438]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:47:08 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDExM2E0ODYtOTQ1Zi00MDU0LWEzNWItNDhiMmIwMzk2ZGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:08 GMT]}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDExM2E0ODYtOTQ1Zi00MDU0LWEzNWItNDhiMmIwMzk2ZGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:08 GMT]}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDExM2E0ODYtOTQ1Zi00MDU0LWEzNWItNDhiMmIwMzk2ZGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:08 GMT]}]
2019-03-20 10:47:08 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDExM2E0ODYtOTQ1Zi00MDU0LWEzNWItNDhiMmIwMzk2ZGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:08 GMT]}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "263867003",
"branch" : "MJmH62Om",
"bugsOpen" : "263867003",
"createdBy" : "",
"createdDate" : "",
"description" : "MJmH62Om",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "MJmH62Om",
"issueTracker" : "",
"lastCommit" : "MJmH62Om",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "MJmH62Om",
"openAPISpec" : "MJmH62Om",
"openText" : "MJmH62Om",
"org" : "",
"props" : null,
"url" : "MJmH62Om",
"version" : ""
}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:09.964+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjBlNTYyNTItZTYyZS00Y2FlLWI3ZDktYzI1NTA3YWE5NGY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Time [1494]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1] : Size [744]
2019-03-20 10:47:09 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjBlNTYyNTItZTYyZS00Y2FlLWI3ZDktYzI1NTA3YWE5NGY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjBlNTYyNTItZTYyZS00Y2FlLWI3ZDktYzI1NTA3YWE5NGY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjBlNTYyNTItZTYyZS00Y2FlLWI3ZDktYzI1NTA3YWE5NGY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:09 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjBlNTYyNTItZTYyZS00Y2FlLWI3ZDktYzI1NTA3YWE5NGY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:09 GMT]}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{
"assertionsText" : "5EyvIW2M",
"auth" : "5EyvIW2M",
"authorsText" : "5EyvIW2M",
"autoGenerated" : false,
"category" : "Special_Chars",
"cleanupText" : "5EyvIW2M",
"createdBy" : "",
"createdDate" : "",
"description" : "5EyvIW2M",
"endpoint" : "5EyvIW2M",
"headersText" : "5EyvIW2M",
"id" : "",
"inactive" : false,
"initText" : "5EyvIW2M",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5EyvIW2M",
"parent" : "5EyvIW2M",
"path" : "5EyvIW2M",
"policie" : {
"cleanupExec" : "5EyvIW2M",
"initExec" : "5EyvIW2M",
"logger" : "5EyvIW2M",
"repeat" : "267723716",
"repeatDelay" : "267723716",
"repeatModule" : "5EyvIW2M",
"repeatOnFailure" : "267723716",
"timeoutSeconds" : "267723716"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Trivial",
"tagsText" : "5EyvIW2M",
"type" : "Abstract",
"version" : "",
"yaml" : "5EyvIW2M"
}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:11.394+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDkzNzZkMjAtODc0NS00NzdhLWI0ZWItNjkwY2QxMTY2NDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [1426]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750]
2019-03-20 10:47:11 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDkzNzZkMjAtODc0NS00NzdhLWI0ZWItNjkwY2QxMTY2NDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDkzNzZkMjAtODc0NS00NzdhLWI0ZWItNjkwY2QxMTY2NDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDkzNzZkMjAtODc0NS00NzdhLWI0ZWItNjkwY2QxMTY2NDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:11 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDkzNzZkMjAtODc0NS00NzdhLWI0ZWItNjkwY2QxMTY2NDU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:10 GMT]}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Request [{
"account" : "",
"autoGenSuites" : "931839412",
"branch" : "DoV3jnfc",
"bugsOpen" : "931839412",
"createdBy" : "",
"createdDate" : "",
"description" : "DoV3jnfc",
"genPolicy" : "Create",
"id" : "",
"inactive" : false,
"isFileLoad" : "DoV3jnfc",
"issueTracker" : "",
"lastCommit" : "DoV3jnfc",
"lastSync" : null,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "DoV3jnfc",
"openAPISpec" : "DoV3jnfc",
"openText" : "DoV3jnfc",
"org" : "",
"props" : null,
"url" : "DoV3jnfc",
"version" : ""
}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:12.689+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])",
"path" : "/api/v1/projects"
}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ4ZjdjOTItNDk4YS00NWViLTljNjctMDNmMzViZTVlMDQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:12 GMT]}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Time [1290]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1] : Size [744]
2019-03-20 10:47:12 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ4ZjdjOTItNDk4YS00NWViLTljNjctMDNmMzViZTVlMDQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:12 GMT]}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ4ZjdjOTItNDk4YS00NWViLTljNjctMDNmMzViZTVlMDQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:12 GMT]}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ4ZjdjOTItNDk4YS00NWViLTljNjctMDNmMzViZTVlMDQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:12 GMT]}]
2019-03-20 10:47:12 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ4ZjdjOTItNDk4YS00NWViLTljNjctMDNmMzViZTVlMDQ3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:12 GMT]}]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Method [POST]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request [{
"assertions" : [ "nnPASKxZ" ],
"assertionsText" : "nnPASKxZ",
"auth" : "nnPASKxZ",
"authors" : [ "nnPASKxZ" ],
"authorsText" : "nnPASKxZ",
"autoGenerated" : false,
"category" : "XSS_Injection",
"cleanup" : [ "nnPASKxZ" ],
"cleanupText" : "nnPASKxZ",
"createdBy" : "",
"createdDate" : "",
"description" : "nnPASKxZ",
"endpoint" : "nnPASKxZ",
"headers" : [ "nnPASKxZ" ],
"headersText" : "nnPASKxZ",
"id" : "",
"inactive" : false,
"init" : [ "nnPASKxZ" ],
"initText" : "nnPASKxZ",
"method" : "OPTIONS",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "nnPASKxZ",
"parent" : "nnPASKxZ",
"path" : "nnPASKxZ",
"policies" : {
"cleanupExec" : "nnPASKxZ",
"initExec" : "nnPASKxZ",
"logger" : "nnPASKxZ",
"repeat" : "672311439",
"repeatDelay" : "672311439",
"repeatModule" : "nnPASKxZ",
"repeatOnFailure" : "672311439",
"timeoutSeconds" : "672311439"
},
"project" : "",
"props" : null,
"publishToMarketplace" : false,
"severity" : "Major",
"tags" : [ "nnPASKxZ" ],
"tagsText" : "nnPASKxZ",
"testCases" : [ {
"body" : "nnPASKxZ",
"id" : "",
"inactive" : false
} ],
"type" : "Suite",
"version" : "",
"yaml" : "nnPASKxZ"
}]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:47:13.848+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])",
"path" : "/api/v1/test-suites"
}]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGZlZWFiY2QtODJjMC00YmYzLThiZTEtODdhNzJmMjFiZGJm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:13 GMT]}]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Time [1158]
2019-03-20 10:47:13 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Size [750]
2019-03-20 10:47:13 ERROR [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{
"timestamp" : "2019-03-20T10:47:15.170+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/test-suites/"
}]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NGNkODBiN2QtNjg4NC00YTYyLWFjYmMtMjU3Y2Y3ODJmYjdm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:14 GMT]}]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [1320]
2019-03-20 10:47:15 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166]
2019-03-20 10:47:15 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{
"timestamp" : "2019-03-20T10:47:16.380+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/projects/"
}]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjZmNzA4ZDYtNWY3Ni00ZWUwLTkyZDYtY2VmNzViNzE2Yzhk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:15 GMT]}]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [1210]
2019-03-20 10:47:16 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163]
2019-03-20 10:47:16 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:47:17.591+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDE2NTNhYmQtYzg0Mi00ZmMxLWEwMDQtNTZiZDVlNjYxZWNi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:17 GMT]}]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1209]
2019-03-20 10:47:17 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:47:17 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:47:18.704+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzFmYWY0NWEtODJiMy00ZjUzLTg2MDMtMjY2MDJhOWYzNzY3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:18 GMT]}]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1113]
2019-03-20 10:47:18 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:47:18 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:47:19.841+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDdhN2Y2NTYtYzYxOS00ZDE5LTgyMGQtMGFkNjk2ZGQ3OGMw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:19 GMT]}]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1136]
2019-03-20 10:47:19 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:47:19 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:47:21.043+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGJhZjRjYzctMTI3Yy00YzY2LTliOTUtNGRkN2QyNThmYTZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:47:20 GMT]}]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1200]
2019-03-20 10:47:21 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:47:21 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2Q3NDU2NDctMWE2Ni00ZDliLWJjMzEtNGQ4MTdiYTQ1ZThi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}
Endpoint : http://13.56.210.25/api/v1/test-suites
Request :
{ "assertions" : [ "MiCqLqsK" ], "assertionsText" : "MiCqLqsK", "auth" : "MiCqLqsK", "authors" : [ "MiCqLqsK" ], "authorsText" : "MiCqLqsK", "autoGenerated" : false, "category" : "XSS_Injection", "cleanup" : [ "MiCqLqsK" ], "cleanupText" : "MiCqLqsK", "createdBy" : "", "createdDate" : "", "description" : "MiCqLqsK", "endpoint" : "MiCqLqsK", "headers" : [ "MiCqLqsK" ], "headersText" : "MiCqLqsK", "id" : "", "inactive" : false, "init" : [ "MiCqLqsK" ], "initText" : "MiCqLqsK", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "MiCqLqsK", "parent" : "MiCqLqsK", "path" : "MiCqLqsK", "policies" : { "cleanupExec" : "MiCqLqsK", "initExec" : "MiCqLqsK", "logger" : "MiCqLqsK", "repeat" : "457581464", "repeatDelay" : "457581464", "repeatModule" : "MiCqLqsK", "repeatOnFailure" : "457581464", "timeoutSeconds" : "457581464" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Major", "tags" : [ "MiCqLqsK" ], "tagsText" : "MiCqLqsK", "testCases" : [ { "body" : "MiCqLqsK", "id" : "", "inactive" : false } ], "type" : "Suite", "version" : "", "yaml" : "MiCqLqsK" }
Response :
{ "timestamp" : "2019-03-20T10:41:58.718+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }Logs :
2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "Wc888OAh", "company" : "Balistreri-Balistreri", "createdBy" : "", "createdDate" : "", "description" : "Wc888OAh", "id" : "", "inactive" : false, "location" : "Wc888OAh", "modifiedBy" : "", "modifiedDate" : "", "name" : "Wc888OAh", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:55.206+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzNkNmM0MzQtNTA3Mi00MWM3LThlNDUtYjQxNDY5ODhhZjY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Time [395] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:55 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzNkNmM0MzQtNTA3Mi00MWM3LThlNDUtYjQxNDY5ODhhZjY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzNkNmM0MzQtNTA3Mi00MWM3LThlNDUtYjQxNDY5ODhhZjY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzNkNmM0MzQtNTA3Mi00MWM3LThlNDUtYjQxNDY5ODhhZjY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzNkNmM0MzQtNTA3Mi00MWM3LThlNDUtYjQxNDY5ODhhZjY1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:54 GMT]}] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "BMnU4KNo", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "BMnU4KNo", "org" : "", "prop1" : "BMnU4KNo", "prop2" : "BMnU4KNo", "prop3" : "BMnU4KNo", "region" : "BMnU4KNo", "secretKey" : "BMnU4KNo", "version" : "" }] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:55.867+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRkY2ZkNjktOGY5OC00NGZkLWI1OTUtNWViYTA1MGUxNjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Time [655] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:55 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRkY2ZkNjktOGY5OC00NGZkLWI1OTUtNWViYTA1MGUxNjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRkY2ZkNjktOGY5OC00NGZkLWI1OTUtNWViYTA1MGUxNjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRkY2ZkNjktOGY5OC00NGZkLWI1OTUtNWViYTA1MGUxNjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:55 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmRkY2ZkNjktOGY5OC00NGZkLWI1OTUtNWViYTA1MGUxNjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Request [{ "accessKey" : "5AuqdaTZ", "createdBy" : "", "createdDate" : "", "description" : "5AuqdaTZ", "host" : "5AuqdaTZ", "id" : "", "inactive" : false, "key" : "5AuqdaTZ", "modifiedBy" : "", "modifiedDate" : "", "name" : "5AuqdaTZ", "org" : "", "prop1" : "5AuqdaTZ", "prop2" : "5AuqdaTZ", "prop3" : "5AuqdaTZ", "prop4" : "5AuqdaTZ", "prop5" : "5AuqdaTZ", "secretKey" : "5AuqdaTZ", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:56.507+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjhlOGUyN2EtNjA3Zi00ODk0LWIzZDEtMWEyZDM1OGE2OGU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Time [639] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1] : Size [716] 2019-03-20 10:41:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjhlOGUyN2EtNjA3Zi00ODk0LWIzZDEtMWEyZDM1OGE2OGU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjhlOGUyN2EtNjA3Zi00ODk0LWIzZDEtMWEyZDM1OGE2OGU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjhlOGUyN2EtNjA3Zi00ODk0LWIzZDEtMWEyZDM1OGE2OGU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZjhlOGUyN2EtNjA3Zi00ODk0LWIzZDEtMWEyZDM1OGE2OGU5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "2UzZCRbp", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "2UzZCRbp", "org" : "", "prop1" : "2UzZCRbp", "prop2" : "2UzZCRbp", "prop3" : "2UzZCRbp", "prop4" : "2UzZCRbp", "prop5" : "2UzZCRbp", "skill" : "", "state" : "INACTIVE", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.113+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzYyZDc5ZWQtYmJjYy00OGY0LTlkYjUtNGVmMzcwMmM5MTQy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [604] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzYyZDc5ZWQtYmJjYy00OGY0LTlkYjUtNGVmMzcwMmM5MTQy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzYyZDc5ZWQtYmJjYy00OGY0LTlkYjUtNGVmMzcwMmM5MTQy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzYyZDc5ZWQtYmJjYy00OGY0LTlkYjUtNGVmMzcwMmM5MTQy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzYyZDc5ZWQtYmJjYy00OGY0LTlkYjUtNGVmMzcwMmM5MTQy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "836622518", "branch" : "zRbCVC9Q", "bugsOpen" : "836622518", "createdBy" : "", "createdDate" : "", "description" : "zRbCVC9Q", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "zRbCVC9Q", "issueTracker" : "", "lastCommit" : "zRbCVC9Q", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "zRbCVC9Q", "openAPISpec" : "zRbCVC9Q", "openText" : "zRbCVC9Q", "org" : "", "props" : null, "url" : "zRbCVC9Q", "version" : "" }] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.513+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ5NzM0YjMtNTk1Zi00ZWY2LWJjOTQtNDVhODE0OTdmNjkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Time [399] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1] : Size [744] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ5NzM0YjMtNTk1Zi00ZWY2LWJjOTQtNDVhODE0OTdmNjkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ5NzM0YjMtNTk1Zi00ZWY2LWJjOTQtNDVhODE0OTdmNjkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ5NzM0YjMtNTk1Zi00ZWY2LWJjOTQtNDVhODE0OTdmNjkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [ProjectCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzQ5NzM0YjMtNTk1Zi00ZWY2LWJjOTQtNDVhODE0OTdmNjkx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/test-suites] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Request [{ "assertionsText" : "a5ldUsRc", "auth" : "a5ldUsRc", "authorsText" : "a5ldUsRc", "autoGenerated" : false, "category" : "Special_Chars", "cleanupText" : "a5ldUsRc", "createdBy" : "", "createdDate" : "", "description" : "a5ldUsRc", "endpoint" : "a5ldUsRc", "headersText" : "a5ldUsRc", "id" : "", "inactive" : false, "initText" : "a5ldUsRc", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "a5ldUsRc", "parent" : "a5ldUsRc", "path" : "a5ldUsRc", "policie" : { "cleanupExec" : "a5ldUsRc", "initExec" : "a5ldUsRc", "logger" : "a5ldUsRc", "repeat" : "614142875", "repeatDelay" : "614142875", "repeatModule" : "a5ldUsRc", "repeatOnFailure" : "614142875", "timeoutSeconds" : "614142875" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Trivial", "tagsText" : "a5ldUsRc", "type" : "Abstract", "version" : "", "yaml" : "a5ldUsRc" }] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.894+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 32, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjRiNzhmYmQtN2NmMi00MTgwLTg2MmUtMGFmOTE2YTMxMmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Time [375] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1] : Size [750] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjRiNzhmYmQtN2NmMi00MTgwLTg2MmUtMGFmOTE2YTMxMmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjRiNzhmYmQtN2NmMi00MTgwLTg2MmUtMGFmOTE2YTMxMmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjRiNzhmYmQtN2NmMi00MTgwLTg2MmUtMGFmOTE2YTMxMmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [TestSuiteCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjRiNzhmYmQtN2NmMi00MTgwLTg2MmUtMGFmOTE2YTMxMmE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/projects] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Request [{ "account" : "", "autoGenSuites" : "569122071", "branch" : "C84ugXWq", "bugsOpen" : "569122071", "createdBy" : "", "createdDate" : "", "description" : "C84ugXWq", "genPolicy" : "Create", "id" : "", "inactive" : false, "isFileLoad" : "C84ugXWq", "issueTracker" : "", "lastCommit" : "C84ugXWq", "lastSync" : null, "modifiedBy" : "", "modifiedDate" : "", "name" : "C84ugXWq", "openAPISpec" : "C84ugXWq", "openText" : "C84ugXWq", "org" : "", "props" : null, "url" : "C84ugXWq", "version" : "" }] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:58.245+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.Project[\"account\"])", "path" : "/api/v1/projects" }] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzJkYTg2OTUtYWZmYS00Zjc5LTg4OWYtYmIxMjQzY2I4OGZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Time [370] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1] : Size [744] 2019-03-20 10:41:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzJkYTg2OTUtYWZmYS00Zjc5LTg4OWYtYmIxMjQzY2I4OGZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzJkYTg2OTUtYWZmYS00Zjc5LTg4OWYtYmIxMjQzY2I4OGZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzJkYTg2OTUtYWZmYS00Zjc5LTg4OWYtYmIxMjQzY2I4OGZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ProjectCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzJkYTg2OTUtYWZmYS00Zjc5LTg4OWYtYmIxMjQzY2I4OGZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/test-suites] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Method [POST] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request [{ "assertions" : [ "MiCqLqsK" ], "assertionsText" : "MiCqLqsK", "auth" : "MiCqLqsK", "authors" : [ "MiCqLqsK" ], "authorsText" : "MiCqLqsK", "autoGenerated" : false, "category" : "XSS_Injection", "cleanup" : [ "MiCqLqsK" ], "cleanupText" : "MiCqLqsK", "createdBy" : "", "createdDate" : "", "description" : "MiCqLqsK", "endpoint" : "MiCqLqsK", "headers" : [ "MiCqLqsK" ], "headersText" : "MiCqLqsK", "id" : "", "inactive" : false, "init" : [ "MiCqLqsK" ], "initText" : "MiCqLqsK", "method" : "OPTIONS", "modifiedBy" : "", "modifiedDate" : "", "name" : "MiCqLqsK", "parent" : "MiCqLqsK", "path" : "MiCqLqsK", "policies" : { "cleanupExec" : "MiCqLqsK", "initExec" : "MiCqLqsK", "logger" : "MiCqLqsK", "repeat" : "457581464", "repeatDelay" : "457581464", "repeatModule" : "MiCqLqsK", "repeatOnFailure" : "457581464", "timeoutSeconds" : "457581464" }, "project" : "", "props" : null, "publishToMarketplace" : false, "severity" : "Major", "tags" : [ "MiCqLqsK" ], "tagsText" : "MiCqLqsK", "testCases" : [ { "body" : "MiCqLqsK", "id" : "", "inactive" : false } ], "type" : "Suite", "version" : "", "yaml" : "MiCqLqsK" }] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:58.718+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.ProjectMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 37, column: 15] (through reference chain: com.fxlabs.fxt.dto.project.TestSuite[\"project\"])", "path" : "/api/v1/test-suites" }] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2Q3NDU2NDctMWE2Ni00ZDliLWJjMzEtNGQ4MTdiYTQ1ZThi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Time [449] 2019-03-20 10:41:58 DEBUG [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Size [750] 2019-03-20 10:41:58 ERROR [ApiV1TestSuitesPostTestsuiteuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : URL [http://13.56.210.25/api/v1/test-suites/] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Method [DELETE] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request [null] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response [{ "timestamp" : "2019-03-20T10:41:59.067+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/test-suites/" }] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Response-Headers [{Allow=[GET, PUT, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM5MTc0NDctMGYxMC00YmE0LWJmNzEtNTRjY2VmMjNiNzBm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : StatusCode [405] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Time [348] 2019-03-20 10:41:59 DEBUG [ApiV1TestSuitesIdDeleteTestsuitehijack1] : Size [166] 2019-03-20 10:41:59 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : URL [http://13.56.210.25/api/v1/projects/] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Method [DELETE] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request [null] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:59.484+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/projects/" }] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjMwYjg2NmUtNzM4Ni00MTQ4LWJmYjktZWMxNWE2M2ZjMGE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : StatusCode [405] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Time [416] 2019-03-20 10:41:59 DEBUG [ApiV1ProjectsIdDeleteProjecthijack1] : Size [163] 2019-03-20 10:41:59 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:59.846+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/issue-trackers/issue-tracker-bot/" }] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGYyNGQzNDYtYzQ1OC00N2RhLTk2MDQtOTUzZTYxZWZhYWNl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:59 GMT]}] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [360] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187] 2019-03-20 10:41:59 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{ "timestamp" : "2019-03-20T10:42:00.200+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/skills/" }] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODZhMzYzM2MtZjg1OC00OTNlLWEzYTEtYjNiMWRkYzI3NzQ5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:59 GMT]}] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [353] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161] 2019-03-20 10:42:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:42:00.581+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTI1NWZlZWItODBmZC00MDViLWEzYTAtMjg4YWU5MWNkODY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:59 GMT]}] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [380] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:42:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:42:00.976+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDA4ZDAzZDAtMzVhZi00NzJkLWFkNWItM2MxYjM3NjhhNzZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:42:00 GMT]}] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [395] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:42:01 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---