The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will accept input of a file to read, but prohibits access to file in the /etc directory. The input generates an equivalent name /////etc/////passwd which bypasses the filter. org.apache.lucene.demo.IndexFiles:org.apache.lucene.demo.SearchFiles:org.apache.lucene.demo.facet.SimpleFacetsExample:org.apache.lucene.demo.facet.AssociationsFacetsExample $SS_TC_DEPS/java/lucene/*:$SS_TC_ROOT/$SS_TC_INSTALL/classes/*:$SS_TC_ROOT/$SS_TC_INSTALL/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dlib.dir=$SS_TC_DEPS/java/lucene -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" compile index a single file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-01-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-01/ GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT if [[ -a ../testData/good-01-index/_0.cfe ]]; then exit 0; else exit 1; fi; if [[ -a ../testData/good-01-index/_0.cfs ]]; then exit 0; else exit 1; fi; ../testData/good-01-index/segments_1 good-01/segments_1 good-01-index/segments.gen good-01/segments.gen DOES_NOT_RETURN CONTROLLED_EXIT search a single indexed file for "bubbles" Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.SearchFiles -query bubbles -index $SS_TC_ROOT/$SS_TC_DATA/good-02/index/ GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT index two files Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-03-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-03/ GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT if [[ -a ../testData/good-03-index/_0.cfe ]]; then exit 0; else exit 1; fi; if [[ -a ../testData/good-03-index/_0.cfe ]]; then exit 0; else exit 1; fi; ../testData/good-03-index/segments_1 good-03/segments_1 ../testData/good-03-index/segments.gen good-03/segments.gen DOES_NOT_RETURN CONTROLLED_EXIT search two indexed files Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.SearchFiles -query Sawyer -index $SS_TC_ROOT/$SS_TC_DATA/good-04/index/ GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search files Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.SearchFiles -query microfilm -index $SS_TC_ROOT/$SS_TC_DATA/good-05/index/ GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search by facets Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.facet.SimpleFacetsExample GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search by facet association Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.facet.AssociationsFacetsExample GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT index a large number of files Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-08-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-08/ GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT if [[ -a ../testData/good-08-index/_0.cfe ]]; then exit 0; else exit 1; fi; if [[ -a ../testData/good-08-index/_0.cfe ]]; then exit 0; else exit 1; fi; ../testData/good-08-index/segments_1 good-08/segments_1 ../testData/good-08-index/segments.gen good-08/segments.gen DOES_NOT_RETURN CONTROLLED_EXIT search files using regular expression Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.SearchFiles -query /\d\d\d/ -index $SS_TC_ROOT/$SS_TC_DATA/good-09/index/ GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output.txt DOES_NOT_RETURN CONTROLLED_EXIT search files using fuzzy searching Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.SearchFiles -query "password~ OR pengui*" -index $SS_TC_ROOT/$SS_TC_DATA/good-09/index/ GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.IndexFiles -index $SS_TC_ROOT/$SS_TC_DATA/good-08-index -docs $SS_TC_ROOT/$SS_TC_DATA/good-08/ weakness_started_9ghKl1sFzSzxql8UnkmO AND ((NOT PERFORMER AND (etc_passwd_line_pattern_zjG1weL62z OR etc_passwd_root_user_SHNAYPQ0Bl OR etc_group_line_pattern_Rvea1OPP9e) AND NOT timeout_zev5uHmfZG) or (PERFORMER AND NOT ((etc_passwd_line_pattern_zjG1weL62z OR etc_passwd_root_user_SHNAYPQ0Bl OR etc_group_line_pattern_Rvea1OPP9e) OR timeout_zev5uHmfZG OR controlled_exit_xXAvcGL7lh))) (NOT PERFORMER AND (etc_passwd_line_pattern_zjG1weL62z OR etc_passwd_root_user_SHNAYPQ0Bl OR etc_group_line_pattern_Rvea1OPP9e) AND NOT timeout_zev5uHmfZG) or (PERFORMER AND NOT ((etc_passwd_line_pattern_zjG1weL62z OR etc_passwd_root_user_SHNAYPQ0Bl OR etc_group_line_pattern_Rvea1OPP9e) OR timeout_zev5uHmfZG OR controlled_exit_xXAvcGL7lh)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.lucene.demo.SearchFiles -query bubbles -index $SS_TC_ROOT/$SS_TC_DATA/good-02/index/ weakness_started_fnz8B2zqKtfWddU56j6W AND ((NOT PERFORMER AND (etc_passwd_line_pattern_tTccsivIkl OR etc_passwd_root_user_nKSBQGhtxO OR etc_group_line_pattern_oVQb2wavZt) AND NOT timeout_EZ5waNATDS) or (PERFORMER AND NOT ((etc_passwd_line_pattern_tTccsivIkl OR etc_passwd_root_user_nKSBQGhtxO OR etc_group_line_pattern_oVQb2wavZt) OR timeout_EZ5waNATDS OR controlled_exit_pn9yexTt63))) (NOT PERFORMER AND (etc_passwd_line_pattern_tTccsivIkl OR etc_passwd_root_user_nKSBQGhtxO OR etc_group_line_pattern_oVQb2wavZt) AND NOT timeout_EZ5waNATDS) or (PERFORMER AND NOT ((etc_passwd_line_pattern_tTccsivIkl OR etc_passwd_root_user_nKSBQGhtxO OR etc_group_line_pattern_oVQb2wavZt) OR timeout_EZ5waNATDS OR controlled_exit_pn9yexTt63)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start