This test reads data from a sensitive file without checking the return value, and then repeats the operation on a non-sensitive file, then printing the second file. Technical Impact is information leakage. jena.rdfcompare:arq.sparql:jena.rdfparse:jena.rdfcat:arq.wwwenc:jena.rdfcopy:arq.wwwdec:jena.schemagen:jena.turtle $SS_TC_ROOT/$SS_TC_INSTALL/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -Xmx1024M -Dlog4j.configuration=file:$SS_TC_ROOT/$SS_TC_INSTALL/jena-log4j.properties -cp "$SS_JAVA_CLASSPATH" env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dbin.lib.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Ddependencies.dir="$SS_TC_DEPS/java/jena" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0:0:root:/root:/bin/bash other.txt The quick brown fox jumps over the lazy dog. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcompare $SS_TC_ROOT/testData/good-01/example.xml $SS_TC_ROOT/testData/good-01/example2.xml RDF/XML RDF/XML GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin other.txt Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64) Welcome to Linux Mint * Documentation: http://www.linuxmint.com $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-02/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-02/q1.rq GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0:0:root:/root:/bin/bash other.txt The quick brown fox jumps over the lazy dog. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-03/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-03/q-bp1.rq GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin other.txt Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64) Welcome to Linux Mint * Documentation: http://www.linuxmint.com $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfparse $SS_TC_ROOT/testData/good-04/example.xml GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0:0:root:/root:/bin/bash other.txt The quick brown fox jumps over the lazy dog. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcat -x $SS_TC_ROOT/testData/good-05/example.xml $SS_TC_ROOT/testData/good-05/example2.xml GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND GOOD-05 GOOD-06 AND GOOD-07 AND GOOD-08 AND GOOD-09 AND GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT <rdf:Description rdf:about="http://somewhere/RebeccaSmith/"> <vcard:N rdf:parseType="Resource"> <vcard:Family>Smith</vcard:Family> <vcard:Given>Rebecca</vcard:Given> </vcard:N> <vcard:FN>Becky Smith</vcard:FN> <vcard:N rdf:parseType="Resource"> <vcard:Family>Smith</vcard:Family> <vcard:Given>Rebecca</vcard:Given> </rdf:Description> DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin other.txt Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64) Welcome to Linux Mint * Documentation: http://www.linuxmint.com $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.turtle --check --strict good-06/example1.ttl GOOD-06-01 AND GOOD-06-02 AND GOOD-06-03 AND GOOD-06-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output1.txt good-06/output2.txt good-06/output3.txt good-06/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0:0:root:/root:/bin/bash other.txt The quick brown fox jumps over the lazy dog. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.schemagen --includeSource --noheader -i good-07/example1.ttl GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin other.txt Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64) Welcome to Linux Mint * Documentation: http://www.linuxmint.com $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.rset --in XML --results text --file $SS_TC_ROOT/testData/good-08/results.xml GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0:0:root:/root:/bin/bash other.txt The quick brown fox jumps over the lazy dog. $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcopy good-09/example1.ttl TURTLE RDF/XML GOOD-09-01 AND GOOD-09-02 AND GOOD-09-03 AND GOOD-09-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output1.txt good-09/output2.txt good-09/output3.txt good-09/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names NONE $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin other.txt Welcome to Linux Mint 14 Nadia (GNU/Linux 3.5.0-28-generic x86_64) Welcome to Linux Mint * Documentation: http://www.linuxmint.com $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.qexpr '5 != 20' GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variables defining data file names READ_APPLICATION_DATA $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false avahi-autoipd:x:103:106:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false usbmux:x:104:46:usbmux daemon,,,:/home/usbmux:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false hplip:x:112:7:HPLIP system user,,,:/var/run/hplip:/bin/false pulse:x:113:121:PulseAudio daemon,,,:/var/run/pulse:/bin/false saned:x:114:123::/home/saned:/bin/false mdm:x:110:118:MDM Display Manager:/var/lib/mdm:/bin/false sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin statd:x:115:65534::/var/lib/nfs:/bin/false ntp:x:116:128::/home/ntp:/bin/false rabbitmq:x:117:129:RabbitMQ messaging server,,,:/var/lib/rabbitmq:/bin/false celery:x:999:999::/var/lib/celery:/bin/false boinc:x:118:130:BOINC core client,,,:/var/lib/boinc-client:/bin/false other.txt foo $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.rset --in XML --results text --file $SS_TC_ROOT/testData/good-08/results.xml weakness_started_9svOMAVGOTi1keTuhafG AND ((NOT PERFORMER AND (etc_passwd_line_pattern_Xa2EcjDIB6 OR etc_passwd_root_user_RjJJcw6Mrp OR etc_group_line_pattern_iUumQWk79A) AND NOT timeout_MsgZmwI6TM) or (PERFORMER AND NOT ((etc_passwd_line_pattern_Xa2EcjDIB6 OR etc_passwd_root_user_RjJJcw6Mrp OR etc_group_line_pattern_iUumQWk79A) OR timeout_MsgZmwI6TM))) (NOT PERFORMER AND (etc_passwd_line_pattern_Xa2EcjDIB6 OR etc_passwd_root_user_RjJJcw6Mrp OR etc_group_line_pattern_iUumQWk79A) AND NOT timeout_MsgZmwI6TM) or (PERFORMER AND NOT ((etc_passwd_line_pattern_Xa2EcjDIB6 OR etc_passwd_root_user_RjJJcw6Mrp OR etc_group_line_pattern_iUumQWk79A) OR timeout_MsgZmwI6TM)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variables defining data file names READ_APPLICATION_DATA $SS_TC_ROOT/testData/menthenone_chivalrous.bin sensitive.txt root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:someguy tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21:someguy voice:x:22: cdrom:x:24:someguy floppy:x:25: tape:x:26: sudo:x:27:someguy audio:x:29:pulse,someguy dip:x:30:someguy www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44:someguy,boinc sasl:x:45: plugdev:x:46:someguy staff:x:50: games:x:60: users:x:100: nogroup:x:65534: libuuid:x:101: crontab:x:102: syslog:x:103: fuse:x:104:someguy messagebus:x:105: avahi-autoipd:x:106: lpadmin:x:107:someguy ssl-cert:x:108: netdev:x:109:someguy mlocate:x:111: ssh:x:112: utempter:x:113: rtkit:x:114: bluetooth:x:115: scanner:x:116:someguy colord:x:117: nopasswdlogin:x:119: avahi:x:120: pulse:x:121: pulse-access:x:122: saned:x:123: vboxsf:x:124: sambashare:x:125:someguy mdm:x:118: someguy:x:1000: winbindd_priv:x:110: _cvsadmin:x:126: ntp:x:128: rabbitmq:x:129: celery:x:999: boinc:x:130: science:x:131: other.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.rset --in XML --results text --file $SS_TC_ROOT/testData/good-08/results.xml weakness_started_imVadSwYzD2mCEOir2Td AND ((NOT PERFORMER AND (etc_passwd_line_pattern_OV27ZzyBxO OR etc_passwd_root_user_ZvLk3v4PPS OR etc_group_line_pattern_BYMT7qJXBi) AND NOT timeout_doD5mkypVm) or (PERFORMER AND NOT ((etc_passwd_line_pattern_OV27ZzyBxO OR etc_passwd_root_user_ZvLk3v4PPS OR etc_group_line_pattern_BYMT7qJXBi) OR timeout_doD5mkypVm))) (NOT PERFORMER AND (etc_passwd_line_pattern_OV27ZzyBxO OR etc_passwd_root_user_ZvLk3v4PPS OR etc_group_line_pattern_BYMT7qJXBi) AND NOT timeout_doD5mkypVm) or (PERFORMER AND NOT ((etc_passwd_line_pattern_OV27ZzyBxO OR etc_passwd_root_user_ZvLk3v4PPS OR etc_group_line_pattern_BYMT7qJXBi) OR timeout_doD5mkypVm)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start