asriz7777
commented
5 years ago Project : FXABAC TEST
Template : ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODE1MGY0YjgtNjgwOS00MjNmLWI3MTAtMzdkYzg4NDFjODc1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:05 GMT]}
Endpoint : http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot
Request :
{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "MnltMIpd",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "MnltMIpd",
"opts" : [ {
"id" : "",
"label" : "MnltMIpd",
"mandatory" : false,
"value" : "MnltMIpd"
} ],
"org" : "",
"prop1" : "MnltMIpd",
"prop2" : "MnltMIpd",
"prop3" : "MnltMIpd",
"prop4" : "MnltMIpd",
"prop5" : "MnltMIpd",
"skill" : "",
"state" : "FAILED",
"version" : "",
"visibility" : "ORG_PUBLIC"
}
Response :
{
"timestamp" : "2019-03-20T10:45:05.620+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}
Logs :
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "90Mzrm7x",
"company" : "Hilll, Hilll and Hilll",
"createdBy" : "",
"createdDate" : "",
"description" : "90Mzrm7x",
"id" : "",
"inactive" : false,
"location" : "90Mzrm7x",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "90Mzrm7x",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:56.154+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmVjODNkNDItMzg5OS00NWIyLTk2ZWEtMGUzNGRlYTNiOTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:55 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Time [1218]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmVjODNkNDItMzg5OS00NWIyLTk2ZWEtMGUzNGRlYTNiOTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:55 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmVjODNkNDItMzg5OS00NWIyLTk2ZWEtMGUzNGRlYTNiOTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:55 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmVjODNkNDItMzg5OS00NWIyLTk2ZWEtMGUzNGRlYTNiOTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:55 GMT]}]
2019-03-20 10:44:56 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmVjODNkNDItMzg5OS00NWIyLTk2ZWEtMGUzNGRlYTNiOTEx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:55 GMT]}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "kRfjXJ7s",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "kRfjXJ7s",
"org" : "",
"prop1" : "kRfjXJ7s",
"prop2" : "kRfjXJ7s",
"prop3" : "kRfjXJ7s",
"region" : "kRfjXJ7s",
"secretKey" : "kRfjXJ7s",
"version" : ""
}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:57.437+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc2ZDYwZjEtZjJkMy00YTkxLWEzYTktMWEyYTUwNGRiZjg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Time [1271]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc2ZDYwZjEtZjJkMy00YTkxLWEzYTktMWEyYTUwNGRiZjg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc2ZDYwZjEtZjJkMy00YTkxLWEzYTktMWEyYTUwNGRiZjg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc2ZDYwZjEtZjJkMy00YTkxLWEzYTktMWEyYTUwNGRiZjg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Yjc2ZDYwZjEtZjJkMy00YTkxLWEzYTktMWEyYTUwNGRiZjg5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Request [{
"accessKey" : "lqM7aWRB",
"createdBy" : "",
"createdDate" : "",
"description" : "lqM7aWRB",
"host" : "lqM7aWRB",
"id" : "",
"inactive" : false,
"key" : "lqM7aWRB",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "lqM7aWRB",
"org" : "",
"prop1" : "lqM7aWRB",
"prop2" : "lqM7aWRB",
"prop3" : "lqM7aWRB",
"prop4" : "lqM7aWRB",
"prop5" : "lqM7aWRB",
"secretKey" : "lqM7aWRB",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:58.608+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2E3ZWI2NjEtYjU4Ny00NTIyLWI5ZTctYzBmMmFlYjMyNzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Time [1169]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1] : Size [716]
2019-03-20 10:44:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2E3ZWI2NjEtYjU4Ny00NTIyLWI5ZTctYzBmMmFlYjMyNzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2E3ZWI2NjEtYjU4Ny00NTIyLWI5ZTctYzBmMmFlYjMyNzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2E3ZWI2NjEtYjU4Ny00NTIyLWI5ZTctYzBmMmFlYjMyNzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2E3ZWI2NjEtYjU4Ny00NTIyLWI5ZTctYzBmMmFlYjMyNzYw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "QUb8VXg3",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "QUb8VXg3",
"org" : "",
"prop1" : "QUb8VXg3",
"prop2" : "QUb8VXg3",
"prop3" : "QUb8VXg3",
"prop4" : "QUb8VXg3",
"prop5" : "QUb8VXg3",
"skill" : "",
"state" : "INACTIVE",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:59.578+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWVjYTg0ZDEtMDhmZS00Mzg0LWEyYjMtOTJhOWM2MDBiN2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [968]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768]
2019-03-20 10:44:59 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWVjYTg0ZDEtMDhmZS00Mzg0LWEyYjMtOTJhOWM2MDBiN2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWVjYTg0ZDEtMDhmZS00Mzg0LWEyYjMtOTJhOWM2MDBiN2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWVjYTg0ZDEtMDhmZS00Mzg0LWEyYjMtOTJhOWM2MDBiN2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWVjYTg0ZDEtMDhmZS00Mzg0LWEyYjMtOTJhOWM2MDBiN2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "bBlvvShE",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "bBlvvShE",
"org" : "",
"prop1" : "bBlvvShE",
"prop2" : "bBlvvShE",
"prop3" : "bBlvvShE",
"region" : "bBlvvShE",
"secretKey" : "bBlvvShE",
"version" : ""
}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:01.064+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRlZmM3MmEtZDgzYS00NWZiLTlmMDMtN2EzNzkxNzgxYmQ4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Time [1484]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:45:01 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRlZmM3MmEtZDgzYS00NWZiLTlmMDMtN2EzNzkxNzgxYmQ4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRlZmM3MmEtZDgzYS00NWZiLTlmMDMtN2EzNzkxNzgxYmQ4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRlZmM3MmEtZDgzYS00NWZiLTlmMDMtN2EzNzkxNzgxYmQ4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWRlZmM3MmEtZDgzYS00NWZiLTlmMDMtN2EzNzkxNzgxYmQ4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "CAtk6qXG",
"company" : "Zulauf and Sons",
"createdBy" : "",
"createdDate" : "",
"description" : "CAtk6qXG",
"id" : "",
"inactive" : false,
"location" : "CAtk6qXG",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "CAtk6qXG",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:02.609+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY2ODY3NDQtYzhjZi00ZDBjLTkxMjItZGY2Mjk5ZmYwZjM1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Time [1474]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:45:02 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY2ODY3NDQtYzhjZi00ZDBjLTkxMjItZGY2Mjk5ZmYwZjM1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY2ODY3NDQtYzhjZi00ZDBjLTkxMjItZGY2Mjk5ZmYwZjM1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY2ODY3NDQtYzhjZi00ZDBjLTkxMjItZGY2Mjk5ZmYwZjM1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZDY2ODY3NDQtYzhjZi00ZDBjLTkxMjItZGY2Mjk5ZmYwZjM1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/skills]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Request [{
"accessKey" : "ynPHZIlY",
"createdBy" : "",
"createdDate" : "",
"description" : "ynPHZIlY",
"host" : "ynPHZIlY",
"id" : "",
"inactive" : false,
"key" : "ynPHZIlY",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "ynPHZIlY",
"org" : "",
"prop1" : "ynPHZIlY",
"prop2" : "ynPHZIlY",
"prop3" : "ynPHZIlY",
"prop4" : "ynPHZIlY",
"prop5" : "ynPHZIlY",
"secretKey" : "ynPHZIlY",
"skillType" : "BOT_DEPLOYMENT",
"version" : ""
}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:04.098+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])",
"path" : "/api/v1/skills"
}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYyZmI0M2EtYTYyNS00NmZjLWEzZDYtMzMyY2UwNmRlNGMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Time [1456]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1] : Size [716]
2019-03-20 10:45:04 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYyZmI0M2EtYTYyNS00NmZjLWEzZDYtMzMyY2UwNmRlNGMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYyZmI0M2EtYTYyNS00NmZjLWEzZDYtMzMyY2UwNmRlNGMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYyZmI0M2EtYTYyNS00NmZjLWEzZDYtMzMyY2UwNmRlNGMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [SkillCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYyZmI0M2EtYTYyNS00NmZjLWEzZDYtMzMyY2UwNmRlNGMx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Method [POST]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Request [{
"account" : "",
"createdBy" : "",
"createdDate" : "",
"description" : "MnltMIpd",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "MnltMIpd",
"opts" : [ {
"id" : "",
"label" : "MnltMIpd",
"mandatory" : false,
"value" : "MnltMIpd"
} ],
"org" : "",
"prop1" : "MnltMIpd",
"prop2" : "MnltMIpd",
"prop3" : "MnltMIpd",
"prop4" : "MnltMIpd",
"prop5" : "MnltMIpd",
"skill" : "",
"state" : "FAILED",
"version" : "",
"visibility" : "ORG_PUBLIC"
}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:05.620+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])",
"path" : "/api/v1/issue-trackers/issue-tracker-bot"
}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODE1MGY0YjgtNjgwOS00MjNmLWI3MTAtMzdkYzg4NDFjODc1; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:05 GMT]}]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : StatusCode [400]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Time [1511]
2019-03-20 10:45:05 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Size [768]
2019-03-20 10:45:05 ERROR [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:06.952+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/issue-trackers/issue-tracker-bot/"
}]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OGY0MzhhMGMtMmZiMy00YzNhLWIyZTYtNTE3MTFhMzA5NTkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:06 GMT]}]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [1334]
2019-03-20 10:45:06 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187]
2019-03-20 10:45:06 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:08.825+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/skills/"
}]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTE0MmNmOTEtZGQ5MS00NzA2LThlNzgtMWVmYjBkZTczNzQ0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:08 GMT]}]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [1868]
2019-03-20 10:45:08 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161]
2019-03-20 10:45:08 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:10.745+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmI4MWQyYzMtYTIxMi00M2U2LWEyYmUtYmU5MGI1NTdlM2Rk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:10 GMT]}]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1922]
2019-03-20 10:45:10 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:10 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:11.962+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTYzMzY0ZjYtOWJjOS00ZTk2LWEwYTktMTZhMTE4ZDNlNWE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:11 GMT]}]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1225]
2019-03-20 10:45:12 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:12 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI0MzkxZTAtZjE0My00YTgxLWI4MmYtN2NkM2IzMGExNjE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}
Endpoint : http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot
Request :
{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "JKAu4E9T", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "JKAu4E9T", "opts" : [ { "id" : "", "label" : "JKAu4E9T", "mandatory" : false, "value" : "JKAu4E9T" } ], "org" : "", "prop1" : "JKAu4E9T", "prop2" : "JKAu4E9T", "prop3" : "JKAu4E9T", "prop4" : "JKAu4E9T", "prop5" : "JKAu4E9T", "skill" : "", "state" : "FAILED", "version" : "", "visibility" : "ORG_PUBLIC" }
Response :
{ "timestamp" : "2019-03-20T10:41:59.563+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }Logs :
2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "nnDXPA0Q", "company" : "Feil LLC", "createdBy" : "", "createdDate" : "", "description" : "nnDXPA0Q", "id" : "", "inactive" : false, "location" : "nnDXPA0Q", "modifiedBy" : "", "modifiedDate" : "", "name" : "nnDXPA0Q", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:56.232+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OThmYmZmNWUtMDAzMy00ODM5LWFmNDAtMzAyNjIxY2U3Nzkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Time [392] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OThmYmZmNWUtMDAzMy00ODM5LWFmNDAtMzAyNjIxY2U3Nzkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OThmYmZmNWUtMDAzMy00ODM5LWFmNDAtMzAyNjIxY2U3Nzkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OThmYmZmNWUtMDAzMy00ODM5LWFmNDAtMzAyNjIxY2U3Nzkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OThmYmZmNWUtMDAzMy00ODM5LWFmNDAtMzAyNjIxY2U3Nzkw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:55 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "KwxC7HyR", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "KwxC7HyR", "org" : "", "prop1" : "KwxC7HyR", "prop2" : "KwxC7HyR", "prop3" : "KwxC7HyR", "region" : "KwxC7HyR", "secretKey" : "KwxC7HyR", "version" : "" }] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:56.637+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5MDY1NzItODA0Ny00NDBkLWIzZWItMTg0YWM2MGE5YTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Time [402] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:56 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5MDY1NzItODA0Ny00NDBkLWIzZWItMTg0YWM2MGE5YTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5MDY1NzItODA0Ny00NDBkLWIzZWItMTg0YWM2MGE5YTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5MDY1NzItODA0Ny00NDBkLWIzZWItMTg0YWM2MGE5YTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:56 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2E5MDY1NzItODA0Ny00NDBkLWIzZWItMTg0YWM2MGE5YTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Request [{ "accessKey" : "kAH9ejbe", "createdBy" : "", "createdDate" : "", "description" : "kAH9ejbe", "host" : "kAH9ejbe", "id" : "", "inactive" : false, "key" : "kAH9ejbe", "modifiedBy" : "", "modifiedDate" : "", "name" : "kAH9ejbe", "org" : "", "prop1" : "kAH9ejbe", "prop2" : "kAH9ejbe", "prop3" : "kAH9ejbe", "prop4" : "kAH9ejbe", "prop5" : "kAH9ejbe", "secretKey" : "kAH9ejbe", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.160+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzhhMjA1ZWEtM2VjMy00ZmY5LTk5NGUtOTRmNzJmMjI3ZjI2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Time [521] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1] : Size [716] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzhhMjA1ZWEtM2VjMy00ZmY5LTk5NGUtOTRmNzJmMjI3ZjI2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzhhMjA1ZWEtM2VjMy00ZmY5LTk5NGUtOTRmNzJmMjI3ZjI2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzhhMjA1ZWEtM2VjMy00ZmY5LTk5NGUtOTRmNzJmMjI3ZjI2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [SkillCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzhhMjA1ZWEtM2VjMy00ZmY5LTk5NGUtOTRmNzJmMjI3ZjI2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:56 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "ppYe7vpR", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "ppYe7vpR", "org" : "", "prop1" : "ppYe7vpR", "prop2" : "ppYe7vpR", "prop3" : "ppYe7vpR", "prop4" : "ppYe7vpR", "prop5" : "ppYe7vpR", "skill" : "", "state" : "INACTIVE", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:57.700+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI3OWYxZGYtNmE4Zi00MjQ1LTg0NmItYmJmMWRlMzU1ZDcy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Time [535] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1] : Size [768] 2019-03-20 10:41:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI3OWYxZGYtNmE4Zi00MjQ1LTg0NmItYmJmMWRlMzU1ZDcy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI3OWYxZGYtNmE4Zi00MjQ1LTg0NmItYmJmMWRlMzU1ZDcy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI3OWYxZGYtNmE4Zi00MjQ1LTg0NmItYmJmMWRlMzU1ZDcy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:57 DEBUG [IssueTrackerCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI3OWYxZGYtNmE4Zi00MjQ1LTg0NmItYmJmMWRlMzU1ZDcy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Request [{ "accessKey" : "nvzTinOr", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "nvzTinOr", "org" : "", "prop1" : "nvzTinOr", "prop2" : "nvzTinOr", "prop3" : "nvzTinOr", "region" : "nvzTinOr", "secretKey" : "nvzTinOr", "version" : "" }] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:58.082+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTQyN2FjN2UtNzEwZS00ZjFmLWFlZWMtYzIyYjNhYWRjMWNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Time [381] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1] : Size [722] 2019-03-20 10:41:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTQyN2FjN2UtNzEwZS00ZjFmLWFlZWMtYzIyYjNhYWRjMWNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTQyN2FjN2UtNzEwZS00ZjFmLWFlZWMtYzIyYjNhYWRjMWNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTQyN2FjN2UtNzEwZS00ZjFmLWFlZWMtYzIyYjNhYWRjMWNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTQyN2FjN2UtNzEwZS00ZjFmLWFlZWMtYzIyYjNhYWRjMWNk; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:57 GMT]}] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Request [{ "billingEmail" : "037zt8UG", "company" : "Morar, Morar and Morar", "createdBy" : "", "createdDate" : "", "description" : "037zt8UG", "id" : "", "inactive" : false, "location" : "037zt8UG", "modifiedBy" : "", "modifiedDate" : "", "name" : "037zt8UG", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:58.762+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM5MzI5OTYtYWFkZi00Yzc0LTg5MzgtYzg3OGJiZGFlMTIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Time [387] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1] : Size [121] 2019-03-20 10:41:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM5MzI5OTYtYWFkZi00Yzc0LTg5MzgtYzg3OGJiZGFlMTIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM5MzI5OTYtYWFkZi00Yzc0LTg5MzgtYzg3OGJiZGFlMTIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM5MzI5OTYtYWFkZi00Yzc0LTg5MzgtYzg3OGJiZGFlMTIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:58 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzM5MzI5OTYtYWFkZi00Yzc0LTg5MzgtYzg3OGJiZGFlMTIx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/skills] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Request [{ "accessKey" : "9RScMnja", "createdBy" : "", "createdDate" : "", "description" : "9RScMnja", "host" : "9RScMnja", "id" : "", "inactive" : false, "key" : "9RScMnja", "modifiedBy" : "", "modifiedDate" : "", "name" : "9RScMnja", "org" : "", "prop1" : "9RScMnja", "prop2" : "9RScMnja", "prop3" : "9RScMnja", "prop4" : "9RScMnja", "prop5" : "9RScMnja", "secretKey" : "9RScMnja", "skillType" : "BOT_DEPLOYMENT", "version" : "" }] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:59.158+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 13, column: 11] (through reference chain: com.fxlabs.fxt.dto.skills.Skill[\"org\"])", "path" : "/api/v1/skills" }] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDM3ZWU0ZjQtZTEzOC00OWMwLTllOWItNTRkNGI0MmE4ZDM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Time [397] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1] : Size [716] 2019-03-20 10:41:59 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDM3ZWU0ZjQtZTEzOC00OWMwLTllOWItNTRkNGI0MmE4ZDM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDM3ZWU0ZjQtZTEzOC00OWMwLTllOWItNTRkNGI0MmE4ZDM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDM3ZWU0ZjQtZTEzOC00OWMwLTllOWItNTRkNGI0MmE4ZDM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [SkillCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NDM3ZWU0ZjQtZTEzOC00OWMwLTllOWItNTRkNGI0MmE4ZDM4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Method [POST] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Request [{ "account" : "", "createdBy" : "", "createdDate" : "", "description" : "JKAu4E9T", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "JKAu4E9T", "opts" : [ { "id" : "", "label" : "JKAu4E9T", "mandatory" : false, "value" : "JKAu4E9T" } ], "org" : "", "prop1" : "JKAu4E9T", "prop2" : "JKAu4E9T", "prop3" : "JKAu4E9T", "prop4" : "JKAu4E9T", "prop5" : "JKAu4E9T", "skill" : "", "state" : "FAILED", "version" : "", "visibility" : "ORG_PUBLIC" }] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:59.563+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 2, column: 15] (through reference chain: com.fxlabs.fxt.dto.it.IssueTracker[\"account\"])", "path" : "/api/v1/issue-trackers/issue-tracker-bot" }] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzI0MzkxZTAtZjE0My00YTgxLWI4MmYtN2NkM2IzMGExNjE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:58 GMT]}] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : StatusCode [400] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Time [401] 2019-03-20 10:41:59 DEBUG [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Size [768] 2019-03-20 10:41:59 ERROR [ApiV1IssueTrackersIssueTrackerBotPostIssuetrackeruserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : URL [http://13.56.210.25/api/v1/issue-trackers/issue-tracker-bot/] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Method [DELETE] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request [null] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:59.971+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/issue-trackers/issue-tracker-bot/" }] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Response-Headers [{Allow=[POST, GET, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=M2VlZTcwYWEtMTlhMi00ODIzLThiMzctOGYyY2ZmZmE1MmFm; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:59 GMT]}] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : StatusCode [405] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Time [412] 2019-03-20 10:42:00 DEBUG [ApiV1IssueTrackersIssueTrackerBotIdDeleteIssuetrackerhijack1] : Size [187] 2019-03-20 10:42:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : URL [http://13.56.210.25/api/v1/skills/] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Method [DELETE] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request [null] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response [{ "timestamp" : "2019-03-20T10:42:00.332+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/skills/" }] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjFlNjU2MTYtNjM0Yi00NjFhLWJkNTYtNjk2ZGU1ZjY5ZmVl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:59 GMT]}] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : StatusCode [405] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Time [360] 2019-03-20 10:42:00 DEBUG [ApiV1SkillsIdDeleteSkillhijack1] : Size [161] 2019-03-20 10:42:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:42:00.854+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YmEwZmYxNTUtYjI1Yi00NmVlLThjNzEtOGI0MTc0OTdmYmRl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:42:00 GMT]}] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [516] 2019-03-20 10:42:00 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:42:00 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:42:01.269+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTk0MGYxMzgtMzliYy00NTM1LWIwNjMtMWQ2YjA3ZmNiZmJi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:42:00 GMT]}] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [414] 2019-03-20 10:42:01 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:42:01 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---