The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will accept input of a file to read, but prohibits access to file in the /etc directory. The input generates an equivalent name /////etc/////passwd which bypasses the filter. jena.rdfcompare:arq.sparql:jena.rdfparse:jena.rdfcat:arq.wwwenc:jena.rdfcopy:arq.wwwdec:jena.schemagen:jena.turtle $SS_TC_ROOT/$SS_TC_INSTALL/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -Xmx1024M -Dlog4j.configuration=file:$SS_TC_ROOT/$SS_TC_INSTALL/jena-log4j.properties -cp "$SS_JAVA_CLASSPATH" env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dbin.lib.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Ddependencies.dir="$SS_TC_DEPS/java/jena" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcompare $SS_TC_ROOT/testData/good-01/example.xml $SS_TC_ROOT/testData/good-01/example2.xml RDF/XML RDF/XML GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-01/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-02/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-02/q1.rq GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-02/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-03/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-03/q-bp1.rq GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-03/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfparse $SS_TC_ROOT/testData/good-04/example.xml GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-04/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcat -x $SS_TC_ROOT/testData/good-05/example.xml $SS_TC_ROOT/testData/good-05/example2.xml GOOD-01 AND GOOD-02 AND GOOD-03 AND GOOD-04 AND GOOD-05 GOOD-06 AND GOOD-07 AND GOOD-08 AND GOOD-09 AND GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT <rdf:Description rdf:about="http://somewhere/RebeccaSmith/"> <vcard:N rdf:parseType="Resource"> <vcard:Family>Smith</vcard:Family> <vcard:Given>Rebecca</vcard:Given> </vcard:N> <vcard:FN>Becky Smith</vcard:FN> <vcard:N rdf:parseType="Resource"> <vcard:Family>Smith</vcard:Family> <vcard:Given>Rebecca</vcard:Given> </rdf:Description> DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.turtle --check --strict good-06/example1.ttl GOOD-06-01 AND GOOD-06-02 AND GOOD-06-03 AND GOOD-06-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-06/output1.txt good-06/output2.txt good-06/output3.txt good-06/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.schemagen --includeSource --noheader -i good-07/example1.ttl GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-07/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.rset --in XML --results text --file $SS_TC_ROOT/testData/good-08/results.xml GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-08/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.rdfcopy good-09/example1.ttl TURTLE RDF/XML GOOD-09-01 AND GOOD-09-02 AND GOOD-09-03 AND GOOD-09-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-09/output1.txt good-09/output2.txt good-09/output3.txt good-09/output4.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.qexpr '5 != 20' GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so arq.sparql --data=$SS_TC_ROOT/testData/good-03/vc-db-1.rdf --query=$SS_TC_ROOT/testData/good-03/q-bp1.rq weakness_started_u180OOxy16jNpfmmyaoI AND ((NOT PERFORMER AND (etc_passwd_line_pattern_oF2FjMtHQg OR etc_passwd_root_user_IQNNHZgirT OR etc_group_line_pattern_b20RwvNOvW) AND NOT timeout_PHNMfk7PRV) or (PERFORMER AND NOT ((etc_passwd_line_pattern_oF2FjMtHQg OR etc_passwd_root_user_IQNNHZgirT OR etc_group_line_pattern_b20RwvNOvW) OR timeout_PHNMfk7PRV OR controlled_exit_tMqIgxpV8Y))) (NOT PERFORMER AND (etc_passwd_line_pattern_oF2FjMtHQg OR etc_passwd_root_user_IQNNHZgirT OR etc_group_line_pattern_b20RwvNOvW) AND NOT timeout_PHNMfk7PRV) or (PERFORMER AND NOT ((etc_passwd_line_pattern_oF2FjMtHQg OR etc_passwd_root_user_IQNNHZgirT OR etc_group_line_pattern_b20RwvNOvW) OR timeout_PHNMfk7PRV OR controlled_exit_tMqIgxpV8Y)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so jena.schemagen --includeSource --noheader -i good-07/example1.ttl weakness_started_UFlfRC5kLzBaF8tI1Zlc AND ((NOT PERFORMER AND (etc_passwd_line_pattern_s8J8rzZXVr OR etc_passwd_root_user_GQq6ebNc4K OR etc_group_line_pattern_oGuKFZ68Jl) AND NOT timeout_pIeP0M2j4Z) or (PERFORMER AND NOT ((etc_passwd_line_pattern_s8J8rzZXVr OR etc_passwd_root_user_GQq6ebNc4K OR etc_group_line_pattern_oGuKFZ68Jl) OR timeout_pIeP0M2j4Z OR controlled_exit_zxESYdo3Ad))) (NOT PERFORMER AND (etc_passwd_line_pattern_s8J8rzZXVr OR etc_passwd_root_user_GQq6ebNc4K OR etc_group_line_pattern_oGuKFZ68Jl) AND NOT timeout_pIeP0M2j4Z) or (PERFORMER AND NOT ((etc_passwd_line_pattern_s8J8rzZXVr OR etc_passwd_root_user_GQq6ebNc4K OR etc_group_line_pattern_oGuKFZ68Jl) OR timeout_pIeP0M2j4Z OR controlled_exit_zxESYdo3Ad)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start