The system or application is vulnerable to file system contents
disclosure through path equivalence. Path equivalence involves the
use of special characters in file and directory names. The associated
manipulations are intended to generate multiple names for the same
object. This test will accept input of a file to read, but prohibits access
to file in the /etc directory. The input generates an equivalent name
/////etc/////passwd which bypasses the filter.
TRUE
org.elasticsearch.bootstrap.Elasticsearch
$SS_TC_DEPS/java/elasticsearch/*:$SS_TC_ROOT/$SS_TC_INSTALL/*:$SS_TC_ROOT/$SS_TC_INSTALL/classes/*:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH"
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dmaven.build.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dmaven.repo.local="$SS_TC_DEPS/java/elasticsearch" -Dmaven.settings.offline=true -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" package
Add data
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-01" org.elasticsearch.bootstrap.Elasticsearch
GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
simple string query
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-02" org.elasticsearch.bootstrap.Elasticsearch
GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
get all data
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-03" org.elasticsearch.bootstrap.Elasticsearch
GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
add data
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-04" org.elasticsearch.bootstrap.Elasticsearch
OUTPUT AND (STATE-EXISTS AND STATE-HAS-CONTENT) AND (GLOBAL-EXISTS AND GLOBAL-HAS-CONTENT) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/output.txt
if [[ -a good-04/elasticsearch/nodes/0/indices/user/0/_state/state-2 ]]; then exit 0; else exit 1; fi;
if [[ -a good-04/elasticsearch/nodes/0/_state/global-4 ]]; then exit 0; else exit 1; fi;
if [[ -s good-04/elasticsearch/nodes/0/indices/user/0/_state/state-2 ]]; then exit 0; else exit 1; fi;
if [[ -s good-04/elasticsearch/nodes/0/_state/global-4 ]]; then exit 0; else exit 1; fi;
DOES_NOT_RETURN
CONTROLLED_EXIT
delete data
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-05" org.elasticsearch.bootstrap.Elasticsearch
OUTPUT AND (GLOBAL-EXISTS AND GLOBAL-HAS-CONTENT) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/output.txt
if [[ -a good-05/elasticsearch/nodes/0/_state/global-5 ]]; then exit 0; else exit 1; fi;
if [[ -s good-05/elasticsearch/nodes/0/_state/global-5 ]]; then exit 0; else exit 1; fi;
DOES_NOT_RETURN
CONTROLLED_EXIT
bulk add data
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-06" org.elasticsearch.bootstrap.Elasticsearch
HEAD AND TAIL AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/head.txt
good-06/tail.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
filter without search query
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-07" org.elasticsearch.bootstrap.Elasticsearch
OUTPUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
tokenize with snowball analyzer
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-08" org.elasticsearch.bootstrap.Elasticsearch
HEAD AND TAIL AND SEARCH AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-08/head.txt
good-08/tail.txt
good-08/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
list indicies
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-09" org.elasticsearch.bootstrap.Elasticsearch
OUTPUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
movies 5 1 6 0 14.7kb 14.7kb
DOES_NOT_RETURN
CONTROLLED_EXIT
drilling down
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-10" org.elasticsearch.bootstrap.Elasticsearch
OUTPUT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-10" org.elasticsearch.bootstrap.Elasticsearch
weakness_started_XHTER7IYTfGM3X22VQkl AND ((NOT PERFORMER AND (etc_passwd_line_pattern_8hQ0xmyLRm OR etc_passwd_root_user_xxP4tFEgAR OR etc_group_line_pattern_zAW00BPElV) AND NOT timeout_8vCJOwgDZA) or (PERFORMER AND NOT ((etc_passwd_line_pattern_8hQ0xmyLRm OR etc_passwd_root_user_xxP4tFEgAR OR etc_group_line_pattern_zAW00BPElV) OR timeout_8vCJOwgDZA OR controlled_exit_zFIGnUGTfK)))
(NOT PERFORMER AND (etc_passwd_line_pattern_8hQ0xmyLRm OR etc_passwd_root_user_xxP4tFEgAR OR etc_group_line_pattern_zAW00BPElV) AND NOT timeout_8vCJOwgDZA) or (PERFORMER AND NOT ((etc_passwd_line_pattern_8hQ0xmyLRm OR etc_passwd_root_user_xxP4tFEgAR OR etc_group_line_pattern_zAW00BPElV) OR timeout_8vCJOwgDZA OR controlled_exit_zFIGnUGTfK))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
-Des.path.data="$SS_TC_ROOT/testData/good-07" org.elasticsearch.bootstrap.Elasticsearch
weakness_started_pGrhZTdkEpl7fqRO06Pi AND ((NOT PERFORMER AND (etc_passwd_line_pattern_1AHgQdSvhw OR etc_passwd_root_user_jgcXdaQILK OR etc_group_line_pattern_AUGn5W7HDR) AND NOT timeout_I8zSCDpebo) or (PERFORMER AND NOT ((etc_passwd_line_pattern_1AHgQdSvhw OR etc_passwd_root_user_jgcXdaQILK OR etc_group_line_pattern_AUGn5W7HDR) OR timeout_I8zSCDpebo OR controlled_exit_hAqOzcT5Nq)))
(NOT PERFORMER AND (etc_passwd_line_pattern_1AHgQdSvhw OR etc_passwd_root_user_jgcXdaQILK OR etc_group_line_pattern_AUGn5W7HDR) AND NOT timeout_I8zSCDpebo) or (PERFORMER AND NOT ((etc_passwd_line_pattern_1AHgQdSvhw OR etc_passwd_root_user_jgcXdaQILK OR etc_group_line_pattern_AUGn5W7HDR) OR timeout_I8zSCDpebo OR controlled_exit_hAqOzcT5Nq))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start