This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. stonesoup.jtree.Main $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/database/postgres/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" stonesoup.jtree.Main env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=yes -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddir.dist=$SS_TC_ROOT/$SS_TC_INSTALL build cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL Environment variable defining test value. NONE $SS_TC_ROOT/testData/sobriety_signalman.bin shipper1 /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_vqhzdbrlrijolwrq.sql northwindlower_vqhzdbrlrijolwrq $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01 DROP DATABASE IF EXISTS $SS_DBPGDATABASE; STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/testData/sobriety_signalman.bin NewShipper /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_iqsgclolqnftnrrj.sql northwindlower_iqsgclolqnftnrrj $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 1 input/good-02/ DROP DATABASE IF EXISTS $SS_DBPGDATABASE; STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/testData/sobriety_signalman.bin ShippingCompany /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_setqhmmpbhsrsxgu.sql northwindlower_setqhmmpbhsrsxgu $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-03/jtree-good-03.tar.gz DROP DATABASE IF EXISTS $SS_DBPGDATABASE; STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/testData/sobriety_signalman.bin shipper1 /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_nbtofumhsvexedkq.sql northwindlower_nbtofumhsvexedkq $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBPGDATABASE; STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/testData/sobriety_signalman.bin NewShipper /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_ddeiccazgysvlrem.sql northwindlower_ddeiccazgysvlrem $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01/ input/good-02/ input/good-03/jtree-good-03.tar.gz input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBPGDATABASE; STDOUT-05-01 AND STDOUT-05-02 AND STDOUT-05-03 AND STDOUT-05-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output1.txt good-05/output2.txt good-05/output3.txt good-05/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. EXECUTE_UNAUTHORIZED_CODE $SS_TC_ROOT/testData/sobriety_signalman.bin BadShipper'), ('80', 'BadShipper2 /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_iapxkaswijpqfpsw.sql northwindlower_iapxkaswijpqfpsw $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-03/jtree-good-03.tar.gz DROP DATABASE IF EXISTS $SS_DBPGDATABASE; weakness_started_V7VB4fUpOl3oj0hFKcJp AND ((NOT PERFORMER AND (db_sql_output_4JOo0izlND OR db_sql_output_k0Zd0F3Dl7 OR database_insert_check_FOZhaS4KeK) AND NOT timeout_bL4hNwqVoS) or (PERFORMER AND NOT ((db_sql_output_4JOo0izlND OR db_sql_output_k0Zd0F3Dl7 OR database_insert_check_FOZhaS4KeK) OR timeout_bL4hNwqVoS))) (NOT PERFORMER AND (db_sql_output_4JOo0izlND OR db_sql_output_k0Zd0F3Dl7 OR database_insert_check_FOZhaS4KeK) AND NOT timeout_bL4hNwqVoS) or (PERFORMER AND NOT ((db_sql_output_4JOo0izlND OR db_sql_output_k0Zd0F3Dl7 OR database_insert_check_FOZhaS4KeK) OR timeout_bL4hNwqVoS)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt Number of Rows Affected: 2 logfile.txt Number of Rows Affected: 4 export PGPASSWORD=$DBPGPASSWORD; if `psql -U $DBPGUSER -h $DBPGHOST -d $SS_DBPGDATABASE -c "select * from shippers;" | grep -q "BadShipper2\|ShipAttack"`; then true; else false; fi; None stonesoup_trace:weakness_start Environment variable defining test value. EXECUTE_UNAUTHORIZED_CODE $SS_TC_ROOT/testData/sobriety_signalman.bin ShippersRUs'), ('55', 'BadShips'), ('65', 'ShipAttack'), ('45', 'MultiShip /opt/stonesoup/workspace/scripts/northwind_create_northwindlower_ehptswnmswxrbsdb.sql northwindlower_ehptswnmswxrbsdb $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBPGDATABASE; weakness_started_BpUTrfCqou90QteqQ8AP AND ((NOT PERFORMER AND (db_sql_output_bVnqOLSB4k OR db_sql_output_BZsS0DMjg0 OR database_insert_check_zy9VKoLKAc) AND NOT timeout_SVIqsqcgc9) or (PERFORMER AND NOT ((db_sql_output_bVnqOLSB4k OR db_sql_output_BZsS0DMjg0 OR database_insert_check_zy9VKoLKAc) OR timeout_SVIqsqcgc9))) (NOT PERFORMER AND (db_sql_output_bVnqOLSB4k OR db_sql_output_BZsS0DMjg0 OR database_insert_check_zy9VKoLKAc) AND NOT timeout_SVIqsqcgc9) or (PERFORMER AND NOT ((db_sql_output_bVnqOLSB4k OR db_sql_output_BZsS0DMjg0 OR database_insert_check_zy9VKoLKAc) OR timeout_SVIqsqcgc9)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt Number of Rows Affected: 2 logfile.txt Number of Rows Affected: 4 export PGPASSWORD=$DBPGPASSWORD; if `psql -U $DBPGUSER -h $DBPGHOST -d $SS_DBPGDATABASE -c "select * from shippers;" | grep -q "BadShipper2\|ShipAttack"`; then true; else false; fi; None stonesoup_trace:weakness_start