devopsenggineer
commented
5 years ago Project : t
Job : Default
Env : Default
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 11:25:52 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}
Endpoint : http://52.53.242.1/vault/v2/sdb/folder/?path=
Request :
Response :
{
"errors" : [ "Missing request header 'vault-token' for method parameter of type String" ]
}
Logs :
Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [400 == 401 OR 400 == 403 OR ["Missing request header 'vault-token' for method parameter of type String"] == true] result [Failed]
--- FX Bot ---
Project : t
Job : Default
Env : Default
Category : ABAC_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}
Endpoint : http://52.53.242.1/vault/v2/sdb/folder/?path=
Request :
Response :
{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }
Logs :
2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : URL [http://52.53.242.1/vault/v2/sdb/group] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Method [POST] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Request [{ "path" : "vzvFB837", "groupname" : "vzvFB837", "access" : "vzvFB837" }] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAZnhsYWJzLmlvOnVzZXJB]}] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Response [{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Response-Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : StatusCode [400] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Time [100] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac] : Size [87] 2019-02-23 05:33:02 ERROR [null] : Assertion [@StatusCode == 200 AND @Response.errors == false] resolved-to [400 == 200 AND ["Missing request header 'vault-token' for method parameter of type String"] == false] result [Failed] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac_Headers] : Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac_Headers] : Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [SafeGroupCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : URL [http://52.53.242.1/vault/v2/sdb/folder/?path=] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Method [GET] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Request [] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckNAZnhsYWJzLmlvOnVzZXJD]}] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Response [{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Response-Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : StatusCode [400] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Time [111] 2019-02-23 05:33:02 DEBUG [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Size [87] 2019-02-23 05:33:02 ERROR [V2SdbFolderPathGetSafegroupUsercDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [400 == 401 OR 400 == 403 OR ["Missing request header 'vault-token' for method parameter of type String"] == true] result [Failed] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : URL [http://52.53.242.1/vault/v2/sdb] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Method [DELETE] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Request [null] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAZnhsYWJzLmlvOnVzZXJB]}] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Response [{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Response-Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 05:33:02 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : StatusCode [400] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Time [70] 2019-02-23 05:33:02 DEBUG [ V2SdbDeleteAbstractAbac] : Size [87] 2019-02-23 05:33:02 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [400 == 200] result [Failed]
--- FX Bot ---