The system or application is vulnerable to file system contents
disclosure through path equivalence. Path equivalence involves the
use of special characters in file and directory names. The associated
manipulations are intended to generate multiple names for the same
object. This test will accept input of a file to read, but prohibits access
to file in the /etc directory. The input generates an equivalent name
/////etc/////passwd which bypasses the filter.
FALSE
org.apache.jmeter.NewDriver
$SS_TC_ROOT/$SS_TC_INSTALL/classes/core:$SS_TC_ROOT/$SS_TC_INSTALL/classes/components:$SS_TC_ROOT/$SS_TC_INSTALL/classes/functions:$SS_TC_ROOT/$SS_TC_INSTALL/classes/jorphan:$SS_TC_ROOT/$SS_TC_INSTALL/classes/junit:$SS_TC_ROOT/$SS_TC_INSTALL/classes/monitor:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/ftp:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/http:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/java:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/jdbc:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/jms:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/ldap:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/mail:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/native:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/tcp:$SS_TC_ROOT/$SS_TC_INSTALL/classes/reports:$SS_TC_ROOT/$SS_TC_INSTALL/classes/res:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp $SS_JAVA_CLASSPATH -Djmeter.home="$SS_TC_ROOT/$SS_TC_INSTALL" org.apache.jmeter.NewDriver
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" compile prepare-resources prepare-nonjar-dist -Dbuild.dir=$SS_TC_ROOT/$SS_TC_INSTALL/classes
cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL
cp -r bin $SS_TC_ROOT/$SS_TC_INSTALL
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-01/CSVSample.jmx
STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/CSVSample.jtl
s="true" lb="Login as u1" rc="200" rm="OK" tn="Thread Group 1-1" dt="text" by="15"
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-02/http-test.jmx
STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/http-test.jtl
good-02/http-test.jtl
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-03/http-test.jmx
STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/http-test.jtl
good-03/http-test.jtl
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-04/http-test.jmx
STATUS-CHECK-01 AND STATUS-CHECK-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
bash -c "if [[ $(grep -E '<httpSample s=\"true\" lb=\"Homepage\" rc=\"200\" rm=\"OK\" tn=\"Thread Group 1-[1-5]\" dt=\"text\"/>' ../testData/good-04/http-test.jtl | wc -l) -eq 50 ]]; then true; else false; fi"
bash -c "if [[ $(grep -E '<httpSample s=\"true\" lb=\"PageOne\" rc=\"200\" rm=\"OK\" tn=\"Thread Group 1-[1-5]\" dt=\"text\"/>' ../testData/good-04/http-test.jtl | wc -l) -eq 50 ]]; then true; else false; fi"
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-05/http-test.jmx
STDOUT-05 AND GOOD-05-HOSTNAME AND GOOD-05-LS AND GOOD-05-NETSTAT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/http-test.jtl
good-05/http-test.jtl
if [[ -a good-05/hostname.out ]]; then exit 0; else exit 1; fi;
if [[ -a good-05/ls.out ]]; then exit 0; else exit 1; fi;
if [[ -a good-05/netstat.out ]]; then exit 0; else exit 1; fi;
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-05/http-test.jmx
weakness_started_omE1HrWz7PYDTkBfz9Vp AND ((NOT PERFORMER AND (etc_passwd_line_pattern_GXjn8vsrzI OR etc_passwd_root_user_Bg7JbGd9Sg OR etc_group_line_pattern_3PrUEBK3NV) AND NOT timeout_bd0KVsWRN5) or (PERFORMER AND NOT ((etc_passwd_line_pattern_GXjn8vsrzI OR etc_passwd_root_user_Bg7JbGd9Sg OR etc_group_line_pattern_3PrUEBK3NV) OR timeout_bd0KVsWRN5 OR controlled_exit_lulSnT9ynu)))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-05/http-test.jmx
weakness_started_QDCS95txDvLqA4KJ1KV9 AND ((NOT PERFORMER AND (etc_passwd_line_pattern_oCwz1E34ms OR etc_passwd_root_user_bAMNwGp3z7 OR etc_group_line_pattern_yxN2R6jDIH) AND NOT timeout_nVKEoaIDiD) or (PERFORMER AND NOT ((etc_passwd_line_pattern_oCwz1E34ms OR etc_passwd_root_user_bAMNwGp3z7 OR etc_group_line_pattern_yxN2R6jDIH) OR timeout_nVKEoaIDiD OR controlled_exit_eRmR5x4GqF)))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start