This test reads data from a sensitive file without checking
the return value, and then repeats the operation on a non-sensitive file,
then printing the second file. Technical Impact is information leakage.
org.mortbay.jetty.plus.Server:org.apache.lenya.util.HTML:$SS_TC_ROOT/install/build/lenya/webapp/sitemap.xmap
$SS_TC_ROOT/$SS_TC_INSTALL/tools/loader:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/resources:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed:$SS_TC_DEPS/java/lenya:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed:$SS_TC_ROOT/$SS_TC_INSTALL/tools/configure/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/lib
UNSPECIFIED
UNSPECIFIED
env LENYA_HOME="$SS_TC_ROOT/$SS_TC_INSTALL" LENYA_WEBAPP_HOME="$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp" JETTY_PORT="8888" JETTY_ADMIN_PORT="8889" java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -Xms32M -Xmx512M -Djava.awt.headless=true -cp "$SS_JAVA_CLASSPATH" -Djava.endorsed.dirs=$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed -Dorg.xml.sax.parser=org.apache.xerces.parsers.SAXParser -Djetty.port=8888 -Dloader.jar.repositories=$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/resources:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed -Dwebapp=$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp -Dhome=$SS_TC_ROOT/$SS_TC_INSTALL -Dorg.mortbay.util.URI.charset=ISO-8859-1 -Dloader.main.class=org.mortbay.jetty.plus.Server Loader $SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/conf/main.xml
env ANT_HOME=$SS_TC_DEPS/ant ant -v $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -lib "$SS_TC_DEPS/java/lenya" -Dsrc.java.version="1.5" -Dlib.dir="$SS_TC_DEPS/java/lenya" -Ddist.root="$SS_TC_ROOT/$SS_TC_INSTALL" -Djava.endorsed.dirs="$SS_TC_ROOT/src/externals/cocoon_2_1_x/lib/endorsed" -Ddist.bin.dir="$SS_TC_ROOT/$SS_TC_INSTALL" prepare-dist-bin
mkdir -p $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp
cp $SS_TC_ROOT/$SS_TC_INSTALL/lenya.war $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/
(cd $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp && jar -xf lenya.war)
mkdir -p $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/logs
rm $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/lenya.war
open firefox and browse to default page
Environment variables defining data file names
NONE
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Create a publication
Environment variables defining data file names
NONE
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Create publication and log in
Environment variables defining data file names
NONE
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
edit with KUPU editor
Environment variables defining data file names
NONE
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
edit with BXE editor
Environment variables defining data file names
NONE
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
edit using "with forms" editor
Environment variables defining data file names
NONE
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
test publishing to live site
Environment variables defining data file names
NONE
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
test private message system
Environment variables defining data file names
NONE
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-08/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
create new xhtml page
Environment variables defining data file names
NONE
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-09/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
test RSS feed generation
Environment variables defining data file names
NONE
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variables defining data file names
READ_APPLICATION_DATA
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
avahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
usbmux:x:104:46:usbmux daemon,,,:/home/usbmux:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
hplip:x:112:7:HPLIP system user,,,:/var/run/hplip:/bin/false
pulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/false
saned:x:114:123::/home/saned:/bin/false
mdm:x:110:118:MDM Display Manager:/var/lib/mdm:/bin/false
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:115:65534::/var/lib/nfs:/bin/false
ntp:x:116:128::/home/ntp:/bin/false
rabbitmq:x:117:129:RabbitMQ messaging server,,,:/var/lib/rabbitmq:/bin/false
celery:x:999:999::/var/lib/celery:/bin/false
boinc:x:118:130:BOINC core client,,,:/var/lib/boinc-client:/bin/false
other.txt
foo
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
weakness_started_nl3cv59wCYQen4mNyggl AND ((NOT PERFORMER AND (etc_passwd_line_pattern_OrA2DWYxZm OR etc_passwd_root_user_1Zi6OKorWU OR etc_group_line_pattern_TDjG9qXmav) AND NOT timeout_z23PfthMZz) or (PERFORMER AND NOT ((etc_passwd_line_pattern_OrA2DWYxZm OR etc_passwd_root_user_1Zi6OKorWU OR etc_group_line_pattern_TDjG9qXmav) OR timeout_z23PfthMZz OR controlled_exit_JetwJnY3qz)))
(NOT PERFORMER AND (etc_passwd_line_pattern_OrA2DWYxZm OR etc_passwd_root_user_1Zi6OKorWU OR etc_group_line_pattern_TDjG9qXmav) AND NOT timeout_z23PfthMZz) or (PERFORMER AND NOT ((etc_passwd_line_pattern_OrA2DWYxZm OR etc_passwd_root_user_1Zi6OKorWU OR etc_group_line_pattern_TDjG9qXmav) OR timeout_z23PfthMZz OR controlled_exit_JetwJnY3qz))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variables defining data file names
READ_APPLICATION_DATA
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:someguy
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:someguy
voice:x:22:
cdrom:x:24:someguy
floppy:x:25:
tape:x:26:
sudo:x:27:someguy
audio:x:29:pulse,someguy
dip:x:30:someguy
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:someguy,boinc
sasl:x:45:
plugdev:x:46:someguy
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
crontab:x:102:
syslog:x:103:
fuse:x:104:someguy
messagebus:x:105:
avahi-autoipd:x:106:
lpadmin:x:107:someguy
ssl-cert:x:108:
netdev:x:109:someguy
mlocate:x:111:
ssh:x:112:
utempter:x:113:
rtkit:x:114:
bluetooth:x:115:
scanner:x:116:someguy
colord:x:117:
nopasswdlogin:x:119:
avahi:x:120:
pulse:x:121:
pulse-access:x:122:
saned:x:123:
vboxsf:x:124:
sambashare:x:125:someguy
mdm:x:118:
someguy:x:1000:
winbindd_priv:x:110:
_cvsadmin:x:126:
ntp:x:128:
rabbitmq:x:129:
celery:x:999:
boinc:x:130:
science:x:131:
other.txt
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
weakness_started_CjaHrO0U9RZ747CiFkgM AND ((NOT PERFORMER AND (etc_passwd_line_pattern_jJWDZapgWJ OR etc_passwd_root_user_aZ2iP7PMbj OR etc_group_line_pattern_UOljOz1lCK) AND NOT timeout_Oyg6NEwGyG) or (PERFORMER AND NOT ((etc_passwd_line_pattern_jJWDZapgWJ OR etc_passwd_root_user_aZ2iP7PMbj OR etc_group_line_pattern_UOljOz1lCK) OR timeout_Oyg6NEwGyG OR controlled_exit_rZxaBcwC3g)))
(NOT PERFORMER AND (etc_passwd_line_pattern_jJWDZapgWJ OR etc_passwd_root_user_aZ2iP7PMbj OR etc_group_line_pattern_UOljOz1lCK) AND NOT timeout_Oyg6NEwGyG) or (PERFORMER AND NOT ((etc_passwd_line_pattern_jJWDZapgWJ OR etc_passwd_root_user_aZ2iP7PMbj OR etc_group_line_pattern_UOljOz1lCK) OR timeout_Oyg6NEwGyG OR controlled_exit_rZxaBcwC3g))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start