The system or application is vulnerable to file system contents
disclosure through path equivalence. Path equivalence involves the
use of special characters in file and directory names. The associated
manipulations are intended to generate multiple names for the same
object. This test will accept input of a file to read, but prohibits access
to file in the /etc directory. The input generates an equivalent name
/////etc/////passwd which bypasses the filter.
org.apache.lucene.demo.IndexFiles:org.apache.lucene.demo.SearchFiles:org.apache.lucene.demo.facet.SimpleFacetsExample:org.apache.lucene.demo.facet.AssociationsFacetsExample
$SS_TC_DEPS/java/lucene/*:$SS_TC_ROOT/$SS_TC_INSTALL/classes/*:$SS_TC_ROOT/$SS_TC_INSTALL/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH"
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dlib.dir=$SS_TC_DEPS/java/lucene -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" compile
index a single file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-01-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-01/
GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
if [[ -a ../testData/good-01-index/_0.cfe ]]; then exit 0; else exit 1; fi;
if [[ -a ../testData/good-01-index/_0.cfs ]]; then exit 0; else exit 1; fi;
../testData/good-01-index/segments_1
good-01/segments_1
good-01-index/segments.gen
good-01/segments.gen
DOES_NOT_RETURN
CONTROLLED_EXIT
search a single indexed file for "bubbles"
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.SearchFiles -query bubbles -index $SS_TC_ROOT/$SS_TC_DATA/good-02/index/
GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
index two files
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-03-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-03/
GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
if [[ -a ../testData/good-03-index/_0.cfe ]]; then exit 0; else exit 1; fi;
if [[ -a ../testData/good-03-index/_0.cfe ]]; then exit 0; else exit 1; fi;
../testData/good-03-index/segments_1
good-03/segments_1
../testData/good-03-index/segments.gen
good-03/segments.gen
DOES_NOT_RETURN
CONTROLLED_EXIT
search two indexed files
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.SearchFiles -query Sawyer -index $SS_TC_ROOT/$SS_TC_DATA/good-04/index/
GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
search files
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.SearchFiles -query microfilm -index $SS_TC_ROOT/$SS_TC_DATA/good-05/index/
GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
search by facets
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.facet.SimpleFacetsExample
GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
search by facet association
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.facet.AssociationsFacetsExample
GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
index a large number of files
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-08-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-08/
GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
if [[ -a ../testData/good-08-index/_0.cfe ]]; then exit 0; else exit 1; fi;
if [[ -a ../testData/good-08-index/_0.cfe ]]; then exit 0; else exit 1; fi;
../testData/good-08-index/segments_1
good-08/segments_1
../testData/good-08-index/segments.gen
good-08/segments.gen
DOES_NOT_RETURN
CONTROLLED_EXIT
search files using regular expression
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.SearchFiles -query /\d\d\d/ -index $SS_TC_ROOT/$SS_TC_DATA/good-09/index/
GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-09/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
search files using fuzzy searching
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.SearchFiles -query "password~ OR pengui*" -index $SS_TC_ROOT/$SS_TC_DATA/good-09/index/
GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-08-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-08/
weakness_started_nFDBvkEMdBk3v9AoENoo AND ((NOT PERFORMER AND (etc_passwd_line_pattern_go62Uc4bs5 OR etc_passwd_root_user_cTZjafDoVp OR etc_group_line_pattern_ZsuWJFLAXH) AND NOT timeout_ABFcDWqd36) or (PERFORMER AND NOT ((etc_passwd_line_pattern_go62Uc4bs5 OR etc_passwd_root_user_cTZjafDoVp OR etc_group_line_pattern_ZsuWJFLAXH) OR timeout_ABFcDWqd36 OR controlled_exit_6YIkKvnDoc)))
(NOT PERFORMER AND (etc_passwd_line_pattern_go62Uc4bs5 OR etc_passwd_root_user_cTZjafDoVp OR etc_group_line_pattern_ZsuWJFLAXH) AND NOT timeout_ABFcDWqd36) or (PERFORMER AND NOT ((etc_passwd_line_pattern_go62Uc4bs5 OR etc_passwd_root_user_cTZjafDoVp OR etc_group_line_pattern_ZsuWJFLAXH) OR timeout_ABFcDWqd36 OR controlled_exit_6YIkKvnDoc))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.lucene.demo.SearchFiles -query microfilm -index $SS_TC_ROOT/$SS_TC_DATA/good-05/index/
weakness_started_QrvuBZYBtG9xH9d7eCIC AND ((NOT PERFORMER AND (etc_passwd_line_pattern_ImOR0FQ35l OR etc_passwd_root_user_GLBkmPFWh3 OR etc_group_line_pattern_uf7GQKJIRM) AND NOT timeout_Htals5xKDR) or (PERFORMER AND NOT ((etc_passwd_line_pattern_ImOR0FQ35l OR etc_passwd_root_user_GLBkmPFWh3 OR etc_group_line_pattern_uf7GQKJIRM) OR timeout_Htals5xKDR OR controlled_exit_DGSFyVScP4)))
(NOT PERFORMER AND (etc_passwd_line_pattern_ImOR0FQ35l OR etc_passwd_root_user_GLBkmPFWh3 OR etc_group_line_pattern_uf7GQKJIRM) AND NOT timeout_Htals5xKDR) or (PERFORMER AND NOT ((etc_passwd_line_pattern_ImOR0FQ35l OR etc_passwd_root_user_GLBkmPFWh3 OR etc_group_line_pattern_uf7GQKJIRM) OR timeout_Htals5xKDR OR controlled_exit_DGSFyVScP4))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start