This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability allows an attacker to replace the file with a symbolic link to a file outside of the current directory during the time between checking the file's validity and opening it. stonesoup.jtree.Main $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" stonesoup.jtree.Main env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddir.dist=$SS_TC_ROOT/$SS_TC_INSTALL build cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL Environment variable defining string value. NONE $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/file1 good_01.txt FILE DATA GOES HERE YO None $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01 STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining string value. NONE $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/file2 good_02.txt what does this file even mean? None $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 1 input/good-02/ STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining string value. NONE $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/file3 good_03.txt Brah, ...bro, like, woah... None $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-03/jtree-good-03.tar.gz STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining string value. NONE $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/file1 good_01.txt FILE DATA GOES HERE YO None $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining string value. NONE $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/file2 good_02.txt what does this file even mean? None $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01/ input/good-02/ input/good-03/jtree-good-03.tar.gz input/good-04/jtree-good-04.tar.gz STDOUT-05-01 AND STDOUT-05-02 AND STDOUT-05-03 AND STDOUT-05-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output1.txt good-05/output2.txt good-05/output3.txt good-05/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining string value. UNEXPECTED_STATE READ_APPLICATION_DATA $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/fifo1 bad_0.txt HACK THE PLANET! HACK THE PLANET!!! $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01 weakness_started_zgFSUq52GPOqD3X5sRq4 AND ((NOT PERFORMER AND (etc_passwd_line_pattern_isha0TBrBC OR etc_passwd_root_user_fQX6ZBuhO9) AND NOT timeout_9oh99kUo0L) or (PERFORMER AND NOT ((etc_passwd_line_pattern_isha0TBrBC OR etc_passwd_root_user_fQX6ZBuhO9) OR timeout_9oh99kUo0L))) (NOT PERFORMER AND (etc_passwd_line_pattern_isha0TBrBC OR etc_passwd_root_user_fQX6ZBuhO9) AND NOT timeout_9oh99kUo0L) or (PERFORMER AND NOT ((etc_passwd_line_pattern_isha0TBrBC OR etc_passwd_root_user_fQX6ZBuhO9) OR timeout_9oh99kUo0L)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* None stonesoup_trace:weakness_start Environment variable defining string value. UNEXPECTED_STATE READ_APPLICATION_DATA $SS_TC_ROOT/testData/miriam_needling.bin /opt/stonesoup/workspace/testData/fifo1 bad_1.txt 1337 s<r1p7 15 f0r h4x0rz $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01/ input/good-02/ input/good-03/jtree-good-03.tar.gz input/good-04/jtree-good-04.tar.gz weakness_started_zKrkstXLiUN0EfFSYwb2 AND ((NOT PERFORMER AND (etc_passwd_line_pattern_QvT19zklfe OR etc_passwd_root_user_p15CtrwTPE) AND NOT timeout_jEjgCyOnFv) or (PERFORMER AND NOT ((etc_passwd_line_pattern_QvT19zklfe OR etc_passwd_root_user_p15CtrwTPE) OR timeout_jEjgCyOnFv))) (NOT PERFORMER AND (etc_passwd_line_pattern_QvT19zklfe OR etc_passwd_root_user_p15CtrwTPE) AND NOT timeout_jEjgCyOnFv) or (PERFORMER AND NOT ((etc_passwd_line_pattern_QvT19zklfe OR etc_passwd_root_user_p15CtrwTPE) OR timeout_jEjgCyOnFv)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* None stonesoup_trace:weakness_start