The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided filename isn't checked to ensure it doesn't contain an absolute path, it allows reading of any file on the system. TRUE com.planet_ink.coffee_mud.application.MUD $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_DEPS/java/coffeemud/js.jar:$SS_TC_DEPS/java/coffeemud/jzlib.jar:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java -classpath "$SS_JAVA_CLASSPATH" -Xmx170m com.planet_ink.coffee_mud.application.MUD "SS_Mud_Server" env ANT_HOME="$SS_TC_DEPS/ant" ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dlib.dir="$SS_TC_DEPS/java/coffeemud" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir=$SS_TC_ROOT/$SS_TC_INSTALL compile register a character, become an archon (essentially a superuser), destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-01-01 AND GOOD-01-02 AND GOOD-01-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-01/good-01-01.txt ../testData/screenlog.0 good-01/good-01-02.txt ../testData/screenlog.0 good-01/good-01-03.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, check inventory, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-02-01 AND GOOD-02-02 AND GOOD-02-03 AND GOOD-02-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-02/good-02-01.txt ../testData/screenlog.0 good-02/good-02-02.txt ../testData/screenlog.0 good-02/good-02-03.txt ../testData/screenlog.0 good-02/good-02-04.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-03-01 AND GOOD-03-02 AND GOOD-03-03 AND GOOD-03-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-03/good-03-01.txt ../testData/screenlog.0 good-03/good-03-02.txt ../testData/screenlog.0 good-03/good-03-03.txt ../testData/screenlog.0 good-03/good-03-04.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, check inventory, hold torch, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-04-01 AND GOOD-04-02 AND GOOD-04-03 AND GOOD-04-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-04/good-04-01.txt ../testData/screenlog.0 good-04/good-04-02.txt ../testData/screenlog.0 good-04/good-04-03.txt ../testData/screenlog.0 good-04/good-04-04.txt ../testData/screenlog.0 good-04/good-04-05.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, search, check inventory, hold torch, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-05-01 AND GOOD-05-02 AND GOOD-05-03 AND GOOD-05-04 AND GOOD-05-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-05/good-05-01.txt ../testData/screenlog.0 good-05/good-05-02.txt ../testData/screenlog.0 good-05/good-05-03.txt ../testData/screenlog.0 good-05/good-05-04.txt ../testData/screenlog.0 good-05/good-05-05.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, export world-state to file, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/worldexport.txt good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, import area from file, list areas of world, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so (GOOD-07-01 OR GOOD-07-02) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-07/output.txt ../testData/screenlog.0 good-07/output2.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, create a news entry, check news, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-08-HEADER AND GOOD-08-SUBJECT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-08/header.txt ../testData/screenlog.0 good-08/subject.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, create mobs, have them fight, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 is DEAD!!! DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, generate an average level 5 bard, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. READ_APPLICATION_DATA /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so weakness_started_yGsLsGIjC2BgY1foGRs8 AND ((NOT PERFORMER AND (etc_passwd_line_pattern_MxCUoumUB0 OR etc_passwd_root_user_sTa9YMtXcF OR etc_group_line_pattern_UUJgcW3cNO) AND NOT timeout_kcVBZpk5f6) or (PERFORMER AND NOT ((etc_passwd_line_pattern_MxCUoumUB0 OR etc_passwd_root_user_sTa9YMtXcF OR etc_group_line_pattern_UUJgcW3cNO) OR timeout_kcVBZpk5f6 OR controlled_exit_tas5jyBNGF))) (NOT PERFORMER AND (etc_passwd_line_pattern_MxCUoumUB0 OR etc_passwd_root_user_sTa9YMtXcF OR etc_group_line_pattern_UUJgcW3cNO) AND NOT timeout_kcVBZpk5f6) or (PERFORMER AND NOT ((etc_passwd_line_pattern_MxCUoumUB0 OR etc_passwd_root_user_sTa9YMtXcF OR etc_group_line_pattern_UUJgcW3cNO) OR timeout_kcVBZpk5f6 OR controlled_exit_tas5jyBNGF)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so weakness_started_AqhguXR5NATmQfg4prgq AND ((NOT PERFORMER AND (etc_passwd_line_pattern_PMiMULA3pk OR etc_passwd_root_user_L55up4POYf OR etc_group_line_pattern_E0fODSJfAm) AND NOT timeout_qYUZ2m0vph) or (PERFORMER AND NOT ((etc_passwd_line_pattern_PMiMULA3pk OR etc_passwd_root_user_L55up4POYf OR etc_group_line_pattern_E0fODSJfAm) OR timeout_qYUZ2m0vph OR controlled_exit_n5x31twSzq))) (NOT PERFORMER AND (etc_passwd_line_pattern_PMiMULA3pk OR etc_passwd_root_user_L55up4POYf OR etc_group_line_pattern_E0fODSJfAm) AND NOT timeout_qYUZ2m0vph) or (PERFORMER AND NOT ((etc_passwd_line_pattern_PMiMULA3pk OR etc_passwd_root_user_L55up4POYf OR etc_group_line_pattern_E0fODSJfAm) OR timeout_qYUZ2m0vph OR controlled_exit_n5x31twSzq)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start