Open zahedmohammed opened 5 years ago
Project : SanityTesting_Zahed
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 12:35:04 GMT]}
Endpoint : http://54.215.136.217/api/v1/primary-transaction
Request :
Response : { "timestamp" : "2019-02-21T12:35:04.848+0000", "status" : 400, "error" : "Bad Request", "message" : "Required request body is missing: public com.fxlabs.issues.dto.base.Response com.fxlabs.issues.rest.transaction.PrimaryTransactionController.add(com.fxlabs.issues.dto.transaction.PrimaryTransaction)", "path" : "/api/v1/primary-transaction" }
Logs : 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : URL [http://54.215.136.217/api/v1/primary-transaction] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Method [POST] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Request [] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Response [{ "timestamp" : "2019-02-21T12:35:04.848+0000", "status" : 400, "error" : "Bad Request", "message" : "Required request body is missing: public com.fxlabs.issues.dto.base.Response com.fxlabs.issues.rest.transaction.PrimaryTransactionController.add(com.fxlabs.issues.dto.transaction.PrimaryTransaction)", "path" : "/api/v1/primary-transaction" }] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 12:35:04 GMT]}] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : StatusCode [400] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Time [72] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Size [381] 2019-02-21 00:35:04 ERROR [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
--- FX Bot ---
Project : SanityTesting_Zahed
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 12:35:04 GMT]}
Endpoint : http://54.215.136.217/api/v1/primary-transaction
Request :
Response : com.fxlabs.issues.rest.transaction.PrimaryTransactionController.add(com.fxlabs.issues.dto.transaction.PrimaryTransaction)",
"path" : "/api/v1/primary-transaction"
}
{ "timestamp" : "2019-02-21T12:35:04.848+0000", "status" : 400, "error" : "Bad Request", "message" : "Required request body is missing: public com.fxlabs.issues.dto.base.Response
Logs : com.fxlabs.issues.rest.transaction.PrimaryTransactionController.add(com.fxlabs.issues.dto.transaction.PrimaryTransaction)",
"path" : "/api/v1/primary-transaction"
}]
2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 12:35:04 GMT]}]
2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : StatusCode [400]
2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Time [72]
2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Size [381]
2019-02-21 00:35:04 ERROR [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : URL [http://54.215.136.217/api/v1/primary-transaction] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Method [POST] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Request [] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-21 00:35:04 DEBUG [ApiV1PrimaryTransactionPostRoleUserDisallowedRbac] : Response [{ "timestamp" : "2019-02-21T12:35:04.848+0000", "status" : 400, "error" : "Bad Request", "message" : "Required request body is missing: public com.fxlabs.issues.dto.base.Response
--- FX Bot ---