National Institute of Standards and Technology
Package illustrating a test case

Test case 154483

Description

This test takes an integer and filename as input (int filename), and checks that the file exists, and is in the current directory. However there is a time of check,time of use vulnerability after the file is checked but before it is opened allowing the file to be deleted before opening causing a null pointer dereference.
Metadata
- Base program: Elastic Search
- Source Taint: FILE_CONTENTS
- Data Type: ARRAY
- Data Flow: INDEX_ALIAS_1
- Control Flow: FUNCTION_INVOCATION_OVERLOAD

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.