The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will accept input of a file to read, but prohibits access to file in the /etc directory. The input generates an equivalent name /////etc/////passwd which bypasses the filter. stonesoup.jtree.Main $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_ROOT/$SS_TC_INSTALL/lib/opt/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" stonesoup.jtree.Main env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddir.dist=$SS_TC_ROOT/$SS_TC_INSTALL build cp -r lib $SS_TC_ROOT/$SS_TC_INSTALL Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01 STDOUT-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 1 input/good-02/ STDOUT-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-03/jtree-good-03.tar.gz STDOUT-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 2 input/good-04/jtree-good-04.tar.gz STDOUT-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so input/good-01/ input/good-02/ input/good-03/jtree-good-03.tar.gz input/good-04/jtree-good-04.tar.gz STDOUT-05-01 AND STDOUT-05-02 AND STDOUT-05-03 AND STDOUT-05-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-05/output1.txt good-05/output2.txt good-05/output3.txt good-05/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 1 input/good-02/ weakness_started_ff616gyHvcg1ewB7Cng8 AND ((NOT PERFORMER AND (etc_passwd_line_pattern_fpIA8yIRIz OR etc_passwd_root_user_lxPjxkQhQZ OR etc_group_line_pattern_8GLJHTFFGL) AND NOT timeout_tAK8GmIV30) or (PERFORMER AND NOT ((etc_passwd_line_pattern_fpIA8yIRIz OR etc_passwd_root_user_lxPjxkQhQZ OR etc_group_line_pattern_8GLJHTFFGL) OR timeout_tAK8GmIV30 OR controlled_exit_bSc4VPJnvk))) (NOT PERFORMER AND (etc_passwd_line_pattern_fpIA8yIRIz OR etc_passwd_root_user_lxPjxkQhQZ OR etc_group_line_pattern_8GLJHTFFGL) AND NOT timeout_tAK8GmIV30) or (PERFORMER AND NOT ((etc_passwd_line_pattern_fpIA8yIRIz OR etc_passwd_root_user_lxPjxkQhQZ OR etc_group_line_pattern_8GLJHTFFGL) OR timeout_tAK8GmIV30 OR controlled_exit_bSc4VPJnvk)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so -l 1 input/good-02/ weakness_started_ckcNZQX85apoSfuvfh0s AND ((NOT PERFORMER AND (etc_passwd_line_pattern_EhqoP2fDTe OR etc_passwd_root_user_YW5z4peCk7 OR etc_group_line_pattern_6tZLjho7QW) AND NOT timeout_OeqWtM8WKf) or (PERFORMER AND NOT ((etc_passwd_line_pattern_EhqoP2fDTe OR etc_passwd_root_user_YW5z4peCk7 OR etc_group_line_pattern_6tZLjho7QW) OR timeout_OeqWtM8WKf OR controlled_exit_KHuuLsfcqL))) (NOT PERFORMER AND (etc_passwd_line_pattern_EhqoP2fDTe OR etc_passwd_root_user_YW5z4peCk7 OR etc_group_line_pattern_6tZLjho7QW) AND NOT timeout_OeqWtM8WKf) or (PERFORMER AND NOT ((etc_passwd_line_pattern_EhqoP2fDTe OR etc_passwd_root_user_YW5z4peCk7 OR etc_group_line_pattern_6tZLjho7QW) OR timeout_OeqWtM8WKf OR controlled_exit_KHuuLsfcqL)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start