Creating test case using base program. Added an environment variable read to the function definition. Completed injection. UNSPECIFIED UNSPECIFIED $SS_TC_ROOT/$SS_TC_INSTALL/bin/grep ./configure --prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --exec-prefix="$SS_TC_ROOT/$SS_TC_INSTALL" --with-included-regex make V=1 CC="$SS_CC" CCLD="$SS_LNK" make V=1 install CC="$SS_CC" CCLD="$SS_LNK" all words beginning with e or x, case sensitive Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE this is a string to be printed $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 ^[ex] input/dict.txt STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT find BIRMINGHAM, ignore case, recursive Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE c29tZSBiZW5pZ24gZm9ybWF0dGluZyBmb3IgY2hhciBzdHJpbmcgCg== $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -r -i BIRMINGHAM input/zip/ STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT read extented regular expressions from file Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE Cg== $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -f input/grep-good-03-expr.txt input/mktsymbols.txt STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT search for entire words matching a specific pattern Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE this is a string to be printed $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -w -f input/grep-good-04-expr.txt input/mktsymbols.txt STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT use mmap(), find NASDAQ in file Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE c29tZSBiZW5pZ24gZm9ybWF0dGluZyBmb3IgY2hhciBzdHJpbmcgCg== $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --mmap NASDAQ input/mktsymbols.txt STDOUT-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT match lines not containing NASDAQ, ignore case, count Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE Cg== $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v -i -c NASDAQ input/mktsymbols.txt STDOUT-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT grep stdin (a device), match words beginning w/ D, P, or Z, redirect file into stdin Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE this is a string to be printed $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -D read -e ^[DPZ] /dev/stdin < input/mktsymbols.txt STDOUT-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT extended grep, print number of lines of context Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE c29tZSBiZW5pZ24gZm9ybWF0dGluZyBmb3IgY2hhciBzdHJpbmcgCg== $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -E -C 15 ^[BRT] input/mktsymbols.txt STDOUT-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT lines not beginning w/ B, R or T Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE Cg== $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -v ^[BRT] input/mktsymbols.txt STDOUT-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT count lines not beginning w/ B, R or T Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data NONE this is a string to be printed $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -c -v ^[BRT] input/mktsymbols.txt STDOUT-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/std-out.txt DOES_NOT_RETURN CONTROLLED_EXIT Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT %0500d $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 --mmap NASDAQ input/mktsymbols.txt weakness_started_5FHZZI8DiZsGR4d8zesa AND ((NOT PERFORMER AND (segfault_code_w7e6UQDtwR OR segfault_code_de1Q9ymtAZ OR segfault_code_FiAxw2js6Y OR segfault_code_QgHZ1ALOiQ OR segfault_code_R674GN4uQW OR segfault_msg_Y9Zch1AVHy OR illegal_inst_msg_mjdlX2uczY OR stack_overread_uMRF6E7jMb) AND NOT timeout_dAf6XMLybn) or (PERFORMER AND NOT ((segfault_code_w7e6UQDtwR OR segfault_code_de1Q9ymtAZ OR segfault_code_FiAxw2js6Y OR segfault_code_QgHZ1ALOiQ OR segfault_code_R674GN4uQW OR segfault_msg_Y9Zch1AVHy OR illegal_inst_msg_mjdlX2uczY OR stack_overread_uMRF6E7jMb) OR timeout_dAf6XMLybn))) (NOT PERFORMER AND (segfault_code_w7e6UQDtwR OR segfault_code_de1Q9ymtAZ OR segfault_code_FiAxw2js6Y OR segfault_code_QgHZ1ALOiQ OR segfault_code_R674GN4uQW OR segfault_msg_Y9Zch1AVHy OR illegal_inst_msg_mjdlX2uczY OR stack_overread_uMRF6E7jMb) AND NOT timeout_dAf6XMLybn) or (PERFORMER AND NOT ((segfault_code_w7e6UQDtwR OR segfault_code_de1Q9ymtAZ OR segfault_code_FiAxw2js6Y OR segfault_code_QgHZ1ALOiQ OR segfault_code_R674GN4uQW OR segfault_msg_Y9Zch1AVHy OR illegal_inst_msg_mjdlX2uczY OR stack_overread_uMRF6E7jMb) OR timeout_dAf6XMLybn)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction logfile.txt ([0-9a-fA-F]{2}){60,} None stonesoup_trace:weakness_start Good inputs:1) environment variable is a string value with no formatting2) environement variable is a format string that doesn't expose application dataBad inputs:1) environment variable is a format string that exposes application data READ_APPLICATION_DATA DOS_UNCONTROLLED_EXIT %.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x%.08x $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-c.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so 0 -w -f input/grep-good-04-expr.txt input/mktsymbols.txt weakness_started_IomlxoM5i9RZrpnLq723 AND ((NOT PERFORMER AND (segfault_code_URn14x9Vsr OR segfault_code_nnB3qFyNvn OR segfault_code_vpZDX7ZeV3 OR segfault_code_ywR23CROzK OR segfault_code_OHZUjV1W71 OR segfault_msg_2vaeV0S6rf OR illegal_inst_msg_TVS3OT3LjU OR stack_overread_dDYCoKHbhr) AND NOT timeout_Qs09wbtdhK) or (PERFORMER AND NOT ((segfault_code_URn14x9Vsr OR segfault_code_nnB3qFyNvn OR segfault_code_vpZDX7ZeV3 OR segfault_code_ywR23CROzK OR segfault_code_OHZUjV1W71 OR segfault_msg_2vaeV0S6rf OR illegal_inst_msg_TVS3OT3LjU OR stack_overread_dDYCoKHbhr) OR timeout_Qs09wbtdhK))) (NOT PERFORMER AND (segfault_code_URn14x9Vsr OR segfault_code_nnB3qFyNvn OR segfault_code_vpZDX7ZeV3 OR segfault_code_ywR23CROzK OR segfault_code_OHZUjV1W71 OR segfault_msg_2vaeV0S6rf OR illegal_inst_msg_TVS3OT3LjU OR stack_overread_dDYCoKHbhr) AND NOT timeout_Qs09wbtdhK) or (PERFORMER AND NOT ((segfault_code_URn14x9Vsr OR segfault_code_nnB3qFyNvn OR segfault_code_vpZDX7ZeV3 OR segfault_code_ywR23CROzK OR segfault_code_OHZUjV1W71 OR segfault_msg_2vaeV0S6rf OR illegal_inst_msg_TVS3OT3LjU OR stack_overread_dDYCoKHbhr) OR timeout_Qs09wbtdhK)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION None 132 None 134 None 135 None 136 None 139 None Segmentation fault None Illegal instruction logfile.txt ([0-9a-fA-F]{2}){60,} None stonesoup_trace:weakness_start