The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided filename isn't checked to ensure it doesn't contain an absolute path, it allows reading of any file on the system.
FALSE
org.apache.jmeter.NewDriver
$SS_TC_ROOT/$SS_TC_INSTALL/classes/core:$SS_TC_ROOT/$SS_TC_INSTALL/classes/components:$SS_TC_ROOT/$SS_TC_INSTALL/classes/functions:$SS_TC_ROOT/$SS_TC_INSTALL/classes/jorphan:$SS_TC_ROOT/$SS_TC_INSTALL/classes/junit:$SS_TC_ROOT/$SS_TC_INSTALL/classes/monitor:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/ftp:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/http:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/java:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/jdbc:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/jms:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/ldap:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/mail:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/native:$SS_TC_ROOT/$SS_TC_INSTALL/classes/protocol/tcp:$SS_TC_ROOT/$SS_TC_INSTALL/classes/reports:$SS_TC_ROOT/$SS_TC_INSTALL/classes/res:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp $SS_JAVA_CLASSPATH -Djmeter.home="$SS_TC_ROOT/$SS_TC_INSTALL" org.apache.jmeter.NewDriver
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" compile prepare-resources prepare-nonjar-dist -Dbuild.dir=$SS_TC_ROOT/$SS_TC_INSTALL/classes
cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL
cp -r bin $SS_TC_ROOT/$SS_TC_INSTALL
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-01/CSVSample.jmx
STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/CSVSample.jtl
s="true" lb="Login as u1" rc="200" rm="OK" tn="Thread Group 1-1" dt="text" by="15"
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-02/http-test.jmx
STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/http-test.jtl
good-02/http-test.jtl
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-03/http-test.jmx
STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/http-test.jtl
good-03/http-test.jtl
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-04/http-test.jmx
STATUS-CHECK-01 AND STATUS-CHECK-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
bash -c "if [[ $(grep -E '<httpSample s=\"true\" lb=\"Homepage\" rc=\"200\" rm=\"OK\" tn=\"Thread Group 1-[1-5]\" dt=\"text\"/>' ../testData/good-04/http-test.jtl | wc -l) -eq 50 ]]; then true; else false; fi"
bash -c "if [[ $(grep -E '<httpSample s=\"true\" lb=\"PageOne\" rc=\"200\" rm=\"OK\" tn=\"Thread Group 1-[1-5]\" dt=\"text\"/>' ../testData/good-04/http-test.jtl | wc -l) -eq 50 ]]; then true; else false; fi"
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
NONE
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-05/http-test.jmx
STDOUT-05 AND GOOD-05-HOSTNAME AND GOOD-05-LS AND GOOD-05-NETSTAT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/http-test.jtl
good-05/http-test.jtl
if [[ -a good-05/hostname.out ]]; then exit 0; else exit 1; fi;
if [[ -a good-05/ls.out ]]; then exit 0; else exit 1; fi;
if [[ -a good-05/netstat.out ]]; then exit 0; else exit 1; fi;
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-02/http-test.jmx
weakness_started_Ty3B15VJfuVQFhrs8bKS AND ((NOT PERFORMER AND (etc_passwd_line_pattern_89A9CfiqVW OR etc_passwd_root_user_FXPluO815F OR etc_group_line_pattern_2QjdGIqNBm) AND NOT timeout_jEJQuDTTer) or (PERFORMER AND NOT ((etc_passwd_line_pattern_89A9CfiqVW OR etc_passwd_root_user_FXPluO815F OR etc_group_line_pattern_2QjdGIqNBm) OR timeout_jEJQuDTTer OR controlled_exit_YEB3rWjYGl)))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/$SS_TC_INSTALL
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-n -t good-05/http-test.jmx
weakness_started_iKE1y7RUYvYBSYhtMh9C AND ((NOT PERFORMER AND (etc_passwd_line_pattern_EX4Z22hPBO OR etc_passwd_root_user_0KmRFqNN0X OR etc_group_line_pattern_NpmITKviKy) AND NOT timeout_LZ5BDFyMxR) or (PERFORMER AND NOT ((etc_passwd_line_pattern_EX4Z22hPBO OR etc_passwd_root_user_0KmRFqNN0X OR etc_group_line_pattern_NpmITKviKy) OR timeout_LZ5BDFyMxR OR controlled_exit_NOF8ojAzTs)))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start