The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will accept input of a file to read, but prohibits access to file in the /etc directory. The input generates an equivalent name /////etc/////passwd which bypasses the filter. TRUE com.planet_ink.coffee_mud.application.MUD $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_DEPS/java/coffeemud/js.jar:$SS_TC_DEPS/java/coffeemud/jzlib.jar:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java -classpath "$SS_JAVA_CLASSPATH" -Xmx170m com.planet_ink.coffee_mud.application.MUD "SS_Mud_Server" env ANT_HOME="$SS_TC_DEPS/ant" ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dlib.dir="$SS_TC_DEPS/java/coffeemud" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir=$SS_TC_ROOT/$SS_TC_INSTALL compile register a character, become an archon (essentially a superuser), destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-01-01 AND GOOD-01-02 AND GOOD-01-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-01/good-01-01.txt ../testData/screenlog.0 good-01/good-01-02.txt ../testData/screenlog.0 good-01/good-01-03.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, check inventory, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-02-01 AND GOOD-02-02 AND GOOD-02-03 AND GOOD-02-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-02/good-02-01.txt ../testData/screenlog.0 good-02/good-02-02.txt ../testData/screenlog.0 good-02/good-02-03.txt ../testData/screenlog.0 good-02/good-02-04.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-03-01 AND GOOD-03-02 AND GOOD-03-03 AND GOOD-03-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-03/good-03-01.txt ../testData/screenlog.0 good-03/good-03-02.txt ../testData/screenlog.0 good-03/good-03-03.txt ../testData/screenlog.0 good-03/good-03-04.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, check inventory, hold torch, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-04-01 AND GOOD-04-02 AND GOOD-04-03 AND GOOD-04-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-04/good-04-01.txt ../testData/screenlog.0 good-04/good-04-02.txt ../testData/screenlog.0 good-04/good-04-03.txt ../testData/screenlog.0 good-04/good-04-04.txt ../testData/screenlog.0 good-04/good-04-05.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, search, check inventory, hold torch, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-05-01 AND GOOD-05-02 AND GOOD-05-03 AND GOOD-05-04 AND GOOD-05-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-05/good-05-01.txt ../testData/screenlog.0 good-05/good-05-02.txt ../testData/screenlog.0 good-05/good-05-03.txt ../testData/screenlog.0 good-05/good-05-04.txt ../testData/screenlog.0 good-05/good-05-05.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, export world-state to file, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/worldexport.txt good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, import area from file, list areas of world, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so (GOOD-07-01 OR GOOD-07-02) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-07/output.txt ../testData/screenlog.0 good-07/output2.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, create a news entry, check news, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-08-HEADER AND GOOD-08-SUBJECT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-08/header.txt ../testData/screenlog.0 good-08/subject.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, create mobs, have them fight, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 is DEAD!!! DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, generate an average level 5 bard, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. READ_APPLICATION_DATA /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so weakness_started_duZsbJvVK9S97WNWkV6G AND ((NOT PERFORMER AND (etc_passwd_line_pattern_sgGakxlNjk OR etc_passwd_root_user_3UbsjKRGwD OR etc_group_line_pattern_oYI7jpuiu8) AND NOT timeout_08FkjRJnFf) or (PERFORMER AND NOT ((etc_passwd_line_pattern_sgGakxlNjk OR etc_passwd_root_user_3UbsjKRGwD OR etc_group_line_pattern_oYI7jpuiu8) OR timeout_08FkjRJnFf OR controlled_exit_NM1WCkvUyW))) (NOT PERFORMER AND (etc_passwd_line_pattern_sgGakxlNjk OR etc_passwd_root_user_3UbsjKRGwD OR etc_group_line_pattern_oYI7jpuiu8) AND NOT timeout_08FkjRJnFf) or (PERFORMER AND NOT ((etc_passwd_line_pattern_sgGakxlNjk OR etc_passwd_root_user_3UbsjKRGwD OR etc_group_line_pattern_oYI7jpuiu8) OR timeout_08FkjRJnFf OR controlled_exit_NM1WCkvUyW)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so weakness_started_POQIedQ4p2HPJxj7xvQa AND ((NOT PERFORMER AND (etc_passwd_line_pattern_aMT2BX3iZu OR etc_passwd_root_user_EHDLm1z6Q7 OR etc_group_line_pattern_XKER4s0I0c) AND NOT timeout_PVHtz1gvoe) or (PERFORMER AND NOT ((etc_passwd_line_pattern_aMT2BX3iZu OR etc_passwd_root_user_EHDLm1z6Q7 OR etc_group_line_pattern_XKER4s0I0c) OR timeout_PVHtz1gvoe OR controlled_exit_CpgnbLFAZn))) (NOT PERFORMER AND (etc_passwd_line_pattern_aMT2BX3iZu OR etc_passwd_root_user_EHDLm1z6Q7 OR etc_group_line_pattern_XKER4s0I0c) AND NOT timeout_PVHtz1gvoe) or (PERFORMER AND NOT ((etc_passwd_line_pattern_aMT2BX3iZu OR etc_passwd_root_user_EHDLm1z6Q7 OR etc_group_line_pattern_XKER4s0I0c) OR timeout_PVHtz1gvoe OR controlled_exit_CpgnbLFAZn)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start