This test reads data from a sensitive file without checking
the return value, and then repeats the operation on a non-sensitive file,
then printing the second file. Technical Impact is information leakage.
org.apache.poi.hwpf.converter.WordToHtmlConverter:org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor:org.apache.poi.hpbf.extractor.PublisherTextExtractor:org.apache.poi.hwpf.extractor.WordExtractor:org.apache.poi.hssf.converter.ExcelToHtmlConverter:org.apache.poi.hpsf.examples.ReadTitle:org.apache.poi.hssf.extractor.ExcelExtractorPassworded:org.apache.poi.hdgf.extractor.VisioTextExtractor:org.apache.poi.hssf.extractor.ExcelExtractor:org.apache.poi.ss.examples.ToCSV
$SS_TC_DEPS/java/poi/*:$SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH"
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dmaven.repo.local="$SS_TC_DEPS/java/poi" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dmain.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dscratchpad.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dooxml.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dexcelant.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Ddisconnected=true -Dmain.lib="$SS_TC_DEPS/java/poi/" -Dooxml.lib="$SS_TC_DEPS/java/poi" -DDSTAMP=CURRENT -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar
cp -r $SS_TC_ROOT/src/build/examples-classes/org/apache/poi/* $SS_TC_ROOT/$SS_TC_INSTALL/org/apache/poi
convert a .doc to HTML
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html
GOOD-01-FILE
good-01/ss-word.html
good-01/ss-word.html
extract a PPT file
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor $SS_TC_ROOT/testData/good-02/examplePPT.ppt
GOOD-02-STDOUT
good-02/output.txt
extract a .pub (Publisher) file
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hpbf.extractor.PublisherTextExtractor $SS_TC_ROOT/testData/good-03/ss-pub.pub
GOOD-03-STDOUT
good-03/output.txt
extract a .doc file
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.extractor.WordExtractor $SS_TC_ROOT/testData/good-04/ss-word.doc
GOOD-04-STDOUT
good-04/output.txt
convert .xls file to html
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html
GOOD-05-STDOUT AND GOOD-05-FILE
good-05/output.txt
good-05/ss-excel.html
good-05/ss-excel.html
read title metadata from .xls file
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hpsf.examples.ReadTitle good-06/ss-excel.xls
GOOD-06-STDOUT
good-06/output.txt
extract a password-protected .xls file
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractorPassworded -i good-07/ss-excel-passworded.xls
GOOD-07-STDOUT
good-07/output.txt
extract text from a .vsd file (Visio)
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hdgf.extractor.VisioTextExtractor good-08/BlkDia.vsd
GOOD-08-STDOUT
good-08/output.txt
extract a xls file
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:0:root:/root:/bin/bash
other.txt
The quick brown fox jumps over the lazy dog.
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractor -i good-09/ss-excel.xls
GOOD-09-STDOUT
good-09/output.txt
extract a .xls file to csv
Environment variables defining data file names
NONE
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
other.txt
Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64)
Welcome to Linux Mint
* Documentation: http://www.linuxmint.com
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.ss.examples.ToCSV good-10/ss-excel.xls good-10/
GOOD-10-FILE
good-10/ss-excel.csv
good-10/ss-excel.csv
Environment variables defining data file names
READ_APPLICATION_DATA
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
avahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
usbmux:x:104:46:usbmux daemon,,,:/home/usbmux:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
hplip:x:112:7:HPLIP system user,,,:/var/run/hplip:/bin/false
pulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/false
saned:x:114:123::/home/saned:/bin/false
mdm:x:110:118:MDM Display Manager:/var/lib/mdm:/bin/false
sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:115:65534::/var/lib/nfs:/bin/false
ntp:x:116:128::/home/ntp:/bin/false
rabbitmq:x:117:129:RabbitMQ messaging server,,,:/var/lib/rabbitmq:/bin/false
celery:x:999:999::/var/lib/celery:/bin/false
boinc:x:118:130:BOINC core client,,,:/var/lib/boinc-client:/bin/false
other.txt
foo
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractor -i good-09/ss-excel.xls
weakness_started_Ooorf4e1SvD0T9ZLiuky AND ((NOT PERFORMER AND (etc_passwd_line_pattern_ZTvpbeeBTe OR etc_passwd_root_user_y6Eqj3m6fZ OR etc_group_line_pattern_HQRawGPYYn) AND NOT timeout_D1ERrKVYwA) or (PERFORMER AND NOT ((etc_passwd_line_pattern_ZTvpbeeBTe OR etc_passwd_root_user_y6Eqj3m6fZ OR etc_group_line_pattern_HQRawGPYYn) OR timeout_D1ERrKVYwA)))
(NOT PERFORMER AND (etc_passwd_line_pattern_ZTvpbeeBTe OR etc_passwd_root_user_y6Eqj3m6fZ OR etc_group_line_pattern_HQRawGPYYn) AND NOT timeout_D1ERrKVYwA) or (PERFORMER AND NOT ((etc_passwd_line_pattern_ZTvpbeeBTe OR etc_passwd_root_user_y6Eqj3m6fZ OR etc_group_line_pattern_HQRawGPYYn) OR timeout_D1ERrKVYwA))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variables defining data file names
READ_APPLICATION_DATA
$SS_TC_ROOT/testData/ladyfish_coredeemer.bin
sensitive.txt
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:someguy
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:someguy
voice:x:22:
cdrom:x:24:someguy
floppy:x:25:
tape:x:26:
sudo:x:27:someguy
audio:x:29:pulse,someguy
dip:x:30:someguy
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:someguy,boinc
sasl:x:45:
plugdev:x:46:someguy
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
crontab:x:102:
syslog:x:103:
fuse:x:104:someguy
messagebus:x:105:
avahi-autoipd:x:106:
lpadmin:x:107:someguy
ssl-cert:x:108:
netdev:x:109:someguy
mlocate:x:111:
ssh:x:112:
utempter:x:113:
rtkit:x:114:
bluetooth:x:115:
scanner:x:116:someguy
colord:x:117:
nopasswdlogin:x:119:
avahi:x:120:
pulse:x:121:
pulse-access:x:122:
saned:x:123:
vboxsf:x:124:
sambashare:x:125:someguy
mdm:x:118:
someguy:x:1000:
winbindd_priv:x:110:
_cvsadmin:x:126:
ntp:x:128:
rabbitmq:x:129:
celery:x:999:
boinc:x:130:
science:x:131:
other.txt
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html
weakness_started_J0J0kayPZKs8LC52t86t AND ((NOT PERFORMER AND (etc_passwd_line_pattern_DKhjw9RUpO OR etc_passwd_root_user_fdp7Spa3ah OR etc_group_line_pattern_JRIE017T8W) AND NOT timeout_BZo3Wki50q) or (PERFORMER AND NOT ((etc_passwd_line_pattern_DKhjw9RUpO OR etc_passwd_root_user_fdp7Spa3ah OR etc_group_line_pattern_JRIE017T8W) OR timeout_BZo3Wki50q)))
(NOT PERFORMER AND (etc_passwd_line_pattern_DKhjw9RUpO OR etc_passwd_root_user_fdp7Spa3ah OR etc_group_line_pattern_JRIE017T8W) AND NOT timeout_BZo3Wki50q) or (PERFORMER AND NOT ((etc_passwd_line_pattern_DKhjw9RUpO OR etc_passwd_root_user_fdp7Spa3ah OR etc_group_line_pattern_JRIE017T8W) OR timeout_BZo3Wki50q))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start