Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. jena.rdfcompare:arq.sparql:jena.rdfparse:jena.rdfcat:arq.wwwenc:jena.rdfcopy:arq.wwwdec:jena.schemagen:jena.turtle $SS_TC_ROOT/$SS_TC_INSTALL/*:$SS_TC_DEPS/java/stonesoup/hibernate/mysql/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -Xmx1024M -Dlog4j.configuration=file:$SS_TC_ROOT/$SS_TC_INSTALL/jena-log4j.properties -cp "$SS_JAVA_CLASSPATH" env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=yes -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dbin.lib.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Ddependencies.dir="$SS_TC_DEPS/java/jena" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar Environment variable defining test value. NONE USA /opt/stonesoup/workspace/scripts/northwind_create_northwind_yqgufzzrnfdsened.sql northwind_yqgufzzrnfdsened $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcompare $SS_TC_ROOT/testData/good-01/example.xml $SS_TC_ROOT/testData/good-01/example2.xml RDF/XML RDF/XML DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE Germany /opt/stonesoup/workspace/scripts/northwind_create_northwind_wquyvizcomgvbrpi.sql northwind_wquyvizcomgvbrpi $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-02/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-02/q1.rq DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE Finland /opt/stonesoup/workspace/scripts/northwind_create_northwind_jzragqmqeqaqskfn.sql northwind_jzragqmqeqaqskfn $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-03/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-03/q-bp1.rq DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE USA /opt/stonesoup/workspace/scripts/northwind_create_northwind_avrkyavziwetsbnl.sql northwind_avrkyavziwetsbnl $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfparse $SS_TC_ROOT/testData/good-04/example.xml DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE Germany /opt/stonesoup/workspace/scripts/northwind_create_northwind_jrrbpqxflvvwldnj.sql northwind_jrrbpqxflvvwldnj $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcat -x $SS_TC_ROOT/testData/good-05/example.xml $SS_TC_ROOT/testData/good-05/example2.xml DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND GOOD-05 GOOD-06 AND GOOD-07 AND GOOD-08 AND GOOD-09 AND GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT <rdf:Description rdf:about="http://somewhere/RebeccaSmith/"> <vcard:N rdf:parseType="Resource"> <vcard:Family>Smith</vcard:Family> <vcard:Given>Rebecca</vcard:Given> </vcard:N> <vcard:FN>Becky Smith</vcard:FN> <vcard:N rdf:parseType="Resource"> <vcard:Family>Smith</vcard:Family> <vcard:Given>Rebecca</vcard:Given> </rdf:Description> DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE Finland /opt/stonesoup/workspace/scripts/northwind_create_northwind_ltoocrobxpdsiymu.sql northwind_ltoocrobxpdsiymu $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.turtle --check --strict good-06/example1.ttl DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-06-01 AND GOOD-06-02 AND GOOD-06-03 AND GOOD-06-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output1.txt good-06/output2.txt good-06/output3.txt good-06/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE USA /opt/stonesoup/workspace/scripts/northwind_create_northwind_wqsoqnjjwqggpgko.sql northwind_wqsoqnjjwqggpgko $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.schemagen --includeSource --noheader -i good-07/example1.ttl DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE Germany /opt/stonesoup/workspace/scripts/northwind_create_northwind_pekpihwupsoopvry.sql northwind_pekpihwupsoopvry $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.rset --in XML --results text --file $SS_TC_ROOT/testData/good-08/results.xml DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE Finland /opt/stonesoup/workspace/scripts/northwind_create_northwind_wynvfdyofjgyelph.sql northwind_wynvfdyofjgyelph $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcopy good-09/example1.ttl TURTLE RDF/XML DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-09-01 AND GOOD-09-02 AND GOOD-09-03 AND GOOD-09-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output1.txt good-09/output2.txt good-09/output3.txt good-09/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE USA /opt/stonesoup/workspace/scripts/northwind_create_northwind_ilxmauujfzfqtlgl.sql northwind_ilxmauujfzfqtlgl $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.qexpr '5 != 20' DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. EXECUTE_UNAUTHORIZED_CODE x' or 'x'='x /opt/stonesoup/workspace/scripts/northwind_create_northwind_lwteuhzblkegpeyk.sql northwind_lwteuhzblkegpeyk $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcat -x $SS_TC_ROOT/testData/good-05/example.xml $SS_TC_ROOT/testData/good-05/example2.xml DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; weakness_started_NMQARq0evkClzczGFbtP AND ((NOT PERFORMER AND (hibernate_sql_output_nQwntx0B7t OR hibernate_sql_output_Y6Bh86vyeM) AND NOT timeout_4zR4zIn3zK) or (PERFORMER AND NOT ((hibernate_sql_output_nQwntx0B7t OR hibernate_sql_output_Y6Bh86vyeM) OR timeout_4zR4zIn3zK))) (NOT PERFORMER AND (hibernate_sql_output_nQwntx0B7t OR hibernate_sql_output_Y6Bh86vyeM) AND NOT timeout_4zR4zIn3zK) or (PERFORMER AND NOT ((hibernate_sql_output_nQwntx0B7t OR hibernate_sql_output_Y6Bh86vyeM) OR timeout_4zR4zIn3zK)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt Zbyszek Piestrzeniewicz logfile.txt South House 300 Queensbridge None stonesoup_trace:weakness_start Environment variable defining test value. EXECUTE_UNAUTHORIZED_CODE x' or city='London /opt/stonesoup/workspace/scripts/northwind_create_northwind_sqlforvxttuyuahm.sql northwind_sqlforvxttuyuahm $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcopy good-09/example1.ttl TURTLE RDF/XML DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; weakness_started_MAQeMOukIhbXm6rjM6Ex AND ((NOT PERFORMER AND (hibernate_sql_output_Zaq3hfy2sg OR hibernate_sql_output_apbb00Q7qZ) AND NOT timeout_dVHmXrnPmY) or (PERFORMER AND NOT ((hibernate_sql_output_Zaq3hfy2sg OR hibernate_sql_output_apbb00Q7qZ) OR timeout_dVHmXrnPmY))) (NOT PERFORMER AND (hibernate_sql_output_Zaq3hfy2sg OR hibernate_sql_output_apbb00Q7qZ) AND NOT timeout_dVHmXrnPmY) or (PERFORMER AND NOT ((hibernate_sql_output_Zaq3hfy2sg OR hibernate_sql_output_apbb00Q7qZ) OR timeout_dVHmXrnPmY)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt Zbyszek Piestrzeniewicz logfile.txt South House 300 Queensbridge None stonesoup_trace:weakness_start