Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. stonesoup.jtree.Main $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/hibernate/mysql/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" stonesoup.jtree.Main env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=yes -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddir.dist=$SS_TC_ROOT/$SS_TC_INSTALL build cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL Environment variable defining test value. NONE /opt/stonesoup/workspace/scripts/northwind_create_northwind_coirfgdygzazahtg.sql northwind_coirfgdygzazahtg $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01 DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE /opt/stonesoup/workspace/scripts/northwind_create_northwind_kwmkplkrszhzslya.sql northwind_kwmkplkrszhzslya $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 1 input/good-02/ DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE /opt/stonesoup/workspace/scripts/northwind_create_northwind_ogyesuajohoxwssg.sql northwind_ogyesuajohoxwssg $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-03/jtree-good-03.tar.gz DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE /opt/stonesoup/workspace/scripts/northwind_create_northwind_nnowktellixlniih.sql northwind_nnowktellixlniih $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE /opt/stonesoup/workspace/scripts/northwind_create_northwind_juhggjyyykmtpydo.sql northwind_juhggjyyykmtpydo $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01/ input/good-02/ input/good-03/jtree-good-03.tar.gz input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; STDOUT-05-01 AND STDOUT-05-02 AND STDOUT-05-03 AND STDOUT-05-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output1.txt good-05/output2.txt good-05/output3.txt good-05/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. EXECUTE_UNAUTHORIZED_CODE /opt/stonesoup/workspace/scripts/northwind_create_northwind_azebqioupldmjpmi.sql northwind_azebqioupldmjpmi $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; weakness_started_ouY9o5Ko7L3A5PKr4U83 AND ((NOT PERFORMER AND (hibernate_sql_output_LKGyatYgKq OR hibernate_sql_output_tWMst3aDay) AND NOT timeout_lVG2kxCG2b) or (PERFORMER AND NOT ((hibernate_sql_output_LKGyatYgKq OR hibernate_sql_output_tWMst3aDay) OR timeout_lVG2kxCG2b OR controlled_exit_1ZwdvuxUgt))) (NOT PERFORMER AND (hibernate_sql_output_LKGyatYgKq OR hibernate_sql_output_tWMst3aDay) AND NOT timeout_lVG2kxCG2b) or (PERFORMER AND NOT ((hibernate_sql_output_LKGyatYgKq OR hibernate_sql_output_tWMst3aDay) OR timeout_lVG2kxCG2b OR controlled_exit_1ZwdvuxUgt)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt Zbyszek Piestrzeniewicz logfile.txt South House 300 Queensbridge None stonesoup_trace:weakness_start Environment variable defining test value. EXECUTE_UNAUTHORIZED_CODE /opt/stonesoup/workspace/scripts/northwind_create_northwind_mxaitbljhtixzkvf.sql northwind_mxaitbljhtixzkvf $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz DROP DATABASE IF EXISTS $SS_DBMYSQLDATABASE; weakness_started_IGPMhIvuzoRufBYs7skB AND ((NOT PERFORMER AND (hibernate_sql_output_IYDvvAYXs6 OR hibernate_sql_output_u2I2Jrm5yM) AND NOT timeout_mVy6L28nT2) or (PERFORMER AND NOT ((hibernate_sql_output_IYDvvAYXs6 OR hibernate_sql_output_u2I2Jrm5yM) OR timeout_mVy6L28nT2 OR controlled_exit_a2H6YNpYPt))) (NOT PERFORMER AND (hibernate_sql_output_IYDvvAYXs6 OR hibernate_sql_output_u2I2Jrm5yM) AND NOT timeout_mVy6L28nT2) or (PERFORMER AND NOT ((hibernate_sql_output_IYDvvAYXs6 OR hibernate_sql_output_u2I2Jrm5yM) OR timeout_mVy6L28nT2 OR controlled_exit_a2H6YNpYPt)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt Zbyszek Piestrzeniewicz logfile.txt South House 300 Queensbridge None stonesoup_trace:weakness_start