Open sohail1024 opened 5 years ago
Project : testing github bug management
Job : Default
Env : Default
Category : ABAC_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : US_WEST_2
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://18.144.38.115:8090/example/v1/hotels/
Request : { "city" : "Kelsiborough", "description" : "f7sLJ7g4", "id" : "", "name" : "f7sLJ7g4", "rating" : "434765228" }
Response : Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"
Logs : 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : URL [http://18.144.38.115:8090/example/v1/hotels] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Method [POST] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Request [{ "city" : "Lake Janet", "description" : "IVv32Y13", "id" : "", "name" : "IVv32Y13", "rating" : "478661219" }] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic dXNlckFAZnhsYWJzLmlvOnVzZXJB]}] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Response-Headers [{}] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : StatusCode [500] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Time [209] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Size [115] 2019-03-04 08:48:13 ERROR [null] : Assertion [@StatusCode == 200 AND @Response.errors == false] resolved-to [500 == 200 AND == false] result [Failed] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers] : Headers [{}] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers] : Headers [{}] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers[2]] : Headers [{}] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers[2]] : Headers [{}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : URL [http://18.144.38.115:8090/example/v1/hotels/] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Method [PUT] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Request [{ "city" : "Kelsiborough", "description" : "f7sLJ7g4", "id" : "", "name" : "f7sLJ7g4", "rating" : "434765228" }] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic dXNlckNAZnhsYWJzLmlvOnVzZXJD]}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Response-Headers [{}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : StatusCode [500] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Time [61] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Size [115] 2019-03-04 08:48:13 ERROR [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [500 == 401 OR 500 == 403 OR == true] result [Failed] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : URL [http://18.144.38.115:8090/example/v1/hotels/] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Method [DELETE] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Request [null] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic dXNlckFAZnhsYWJzLmlvOnVzZXJB]}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Response [{ "timestamp" : 1551689293737, "status" : 405, "error" : "Method Not Allowed", "exception" : "org.springframework.web.HttpRequestMethodNotSupportedException", "message" : "Request method 'DELETE' not supported", "path" : "/example/v1/hotels/" }] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Response-Headers [{X-Application-Context=[application:8090], Allow=[POST, GET], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Mar 2019 08:48:13 GMT]}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : StatusCode [405] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Time [115] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Size [225] 2019-03-04 08:48:13 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : testing github bug management
Job : Default
Env : Default
Category : ABAC_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : US_WEST_2
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://18.144.38.115:8090/example/v1/hotels/
Request :
{ "city" : "Kelsiborough", "description" : "f7sLJ7g4", "id" : "", "name" : "f7sLJ7g4", "rating" : "434765228" }
Response :
Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"
Logs :
2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : URL [http://18.144.38.115:8090/example/v1/hotels] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Method [POST] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Request [{ "city" : "Lake Janet", "description" : "IVv32Y13", "id" : "", "name" : "IVv32Y13", "rating" : "478661219" }] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic dXNlckFAZnhsYWJzLmlvOnVzZXJB]}] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Response-Headers [{}] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : StatusCode [500] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Time [209] 2019-03-04 08:48:13 DEBUG [ HotelCreateUserAInitAbac] : Size [115] 2019-03-04 08:48:13 ERROR [null] : Assertion [@StatusCode == 200 AND @Response.errors == false] resolved-to [500 == 200 AND == false] result [Failed] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers] : Headers [{}] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers] : Headers [{}] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers[2]] : Headers [{}] 2019-03-04 08:48:13 DEBUG [HotelCreateUserAInitAbac_Headers[2]] : Headers [{}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : URL [http://18.144.38.115:8090/example/v1/hotels/] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Method [PUT] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Request [{ "city" : "Kelsiborough", "description" : "f7sLJ7g4", "id" : "", "name" : "f7sLJ7g4", "rating" : "434765228" }] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic dXNlckNAZnhsYWJzLmlvOnVzZXJD]}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Response-Headers [{}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : StatusCode [500] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Time [61] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Size [115] 2019-03-04 08:48:13 ERROR [ExampleV1HotelsIdPutUseraCreateHotelUsercDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [500 == 401 OR 500 == 403 OR == true] result [Failed] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : URL [http://18.144.38.115:8090/example/v1/hotels/] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Method [DELETE] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Request [null] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic dXNlckFAZnhsYWJzLmlvOnVzZXJB]}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Response [{ "timestamp" : 1551689293737, "status" : 405, "error" : "Method Not Allowed", "exception" : "org.springframework.web.HttpRequestMethodNotSupportedException", "message" : "Request method 'DELETE' not supported", "path" : "/example/v1/hotels/" }] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Response-Headers [{X-Application-Context=[application:8090], Allow=[POST, GET], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Mar 2019 08:48:13 GMT]}] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : StatusCode [405] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Time [115] 2019-03-04 08:48:13 DEBUG [ExampleV1HotelsIdDeleteHotelAbstractAbac] : Size [225] 2019-03-04 08:48:13 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---