Description
This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability allows an attacker to replace the file with a symbolic link to a file outside of the current directory during the time between checking the file's validity and opening it.
Metadata
- Base program: Apache POI
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: SIMPLE
- Data Flow: INDEX_ALIAS_1
- Control Flow: SEQUENCE
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.