The system or application is vulnerable to file system contents
disclosure through path equivalence. Path equivalence involves the
use of special characters in file and directory names. The associated
manipulations are intended to generate multiple names for the same
object. This test will accept input of a file to read, but prohibits access
to file in the /etc directory. The input generates an equivalent name
/////etc/////passwd which bypasses the filter.
org.apache.poi.hwpf.converter.WordToHtmlConverter:org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor:org.apache.poi.hpbf.extractor.PublisherTextExtractor:org.apache.poi.hwpf.extractor.WordExtractor:org.apache.poi.hssf.converter.ExcelToHtmlConverter:org.apache.poi.hpsf.examples.ReadTitle:org.apache.poi.hssf.extractor.ExcelExtractorPassworded:org.apache.poi.hdgf.extractor.VisioTextExtractor:org.apache.poi.hssf.extractor.ExcelExtractor:org.apache.poi.ss.examples.ToCSV
$SS_TC_DEPS/java/poi/*:$SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH"
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dmaven.repo.local="$SS_TC_DEPS/java/poi" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dmain.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dscratchpad.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dooxml.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dexcelant.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Ddisconnected=true -Dmain.lib="$SS_TC_DEPS/java/poi/" -Dooxml.lib="$SS_TC_DEPS/java/poi" -DDSTAMP=CURRENT -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar
cp -r $SS_TC_ROOT/src/build/examples-classes/org/apache/poi/* $SS_TC_ROOT/$SS_TC_INSTALL/org/apache/poi
convert a .doc to HTML
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html
GOOD-01-FILE
good-01/ss-word.html
good-01/ss-word.html
extract a PPT file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor $SS_TC_ROOT/testData/good-02/examplePPT.ppt
GOOD-02-STDOUT
good-02/output.txt
extract a .pub (Publisher) file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hpbf.extractor.PublisherTextExtractor $SS_TC_ROOT/testData/good-03/ss-pub.pub
GOOD-03-STDOUT
good-03/output.txt
extract a .doc file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.extractor.WordExtractor $SS_TC_ROOT/testData/good-04/ss-word.doc
GOOD-04-STDOUT
good-04/output.txt
convert .xls file to html
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html
GOOD-05-STDOUT AND GOOD-05-FILE
good-05/output.txt
good-05/ss-excel.html
good-05/ss-excel.html
read title metadata from .xls file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hpsf.examples.ReadTitle good-06/ss-excel.xls
GOOD-06-STDOUT
good-06/output.txt
extract a password-protected .xls file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractorPassworded -i good-07/ss-excel-passworded.xls
GOOD-07-STDOUT
good-07/output.txt
extract text from a .vsd file (Visio)
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hdgf.extractor.VisioTextExtractor good-08/BlkDia.vsd
GOOD-08-STDOUT
good-08/output.txt
extract a xls file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractor -i good-09/ss-excel.xls
GOOD-09-STDOUT
good-09/output.txt
extract a .xls file to csv
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.ss.examples.ToCSV good-10/ss-excel.xls good-10/
GOOD-10-FILE
good-10/ss-excel.csv
good-10/ss-excel.csv
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html
weakness_started_68YcgUBIFLwgLwsjub5P AND ((NOT PERFORMER AND (etc_passwd_line_pattern_ydbsw6C7ST OR etc_passwd_root_user_17tGdZ6QKr OR etc_group_line_pattern_r1MgHxTdNP) AND NOT timeout_ADPU7pxNwF) or (PERFORMER AND NOT ((etc_passwd_line_pattern_ydbsw6C7ST OR etc_passwd_root_user_17tGdZ6QKr OR etc_group_line_pattern_r1MgHxTdNP) OR timeout_ADPU7pxNwF OR controlled_exit_pqm9RfyObe)))
(NOT PERFORMER AND (etc_passwd_line_pattern_ydbsw6C7ST OR etc_passwd_root_user_17tGdZ6QKr OR etc_group_line_pattern_r1MgHxTdNP) AND NOT timeout_ADPU7pxNwF) or (PERFORMER AND NOT ((etc_passwd_line_pattern_ydbsw6C7ST OR etc_passwd_root_user_17tGdZ6QKr OR etc_group_line_pattern_r1MgHxTdNP) OR timeout_ADPU7pxNwF OR controlled_exit_pqm9RfyObe))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html
weakness_started_K4kvKjvTibOagXIawjEG AND ((NOT PERFORMER AND (etc_passwd_line_pattern_J09DuejhAO OR etc_passwd_root_user_ANaaWnu5rE OR etc_group_line_pattern_iUUmzByi1M) AND NOT timeout_p6PLVzxiEY) or (PERFORMER AND NOT ((etc_passwd_line_pattern_J09DuejhAO OR etc_passwd_root_user_ANaaWnu5rE OR etc_group_line_pattern_iUUmzByi1M) OR timeout_p6PLVzxiEY OR controlled_exit_ANX9gEvjbI)))
(NOT PERFORMER AND (etc_passwd_line_pattern_J09DuejhAO OR etc_passwd_root_user_ANaaWnu5rE OR etc_group_line_pattern_iUUmzByi1M) AND NOT timeout_p6PLVzxiEY) or (PERFORMER AND NOT ((etc_passwd_line_pattern_J09DuejhAO OR etc_passwd_root_user_ANaaWnu5rE OR etc_group_line_pattern_iUUmzByi1M) OR timeout_p6PLVzxiEY OR controlled_exit_ANX9gEvjbI))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start