The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will accept input of a file to read, but prohibits access to file in the /etc directory. The input generates an equivalent name /////etc/////passwd which bypasses the filter. TRUE com.planet_ink.coffee_mud.application.MUD $SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_ROOT/$SS_TC_INSTALL/lib/*:$SS_TC_DEPS/java/coffeemud/js.jar:$SS_TC_DEPS/java/coffeemud/jzlib.jar:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java -classpath "$SS_JAVA_CLASSPATH" -Xmx170m com.planet_ink.coffee_mud.application.MUD "SS_Mud_Server" env ANT_HOME="$SS_TC_DEPS/ant" ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dlib.dir="$SS_TC_DEPS/java/coffeemud" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -Ddist.dir="$SS_TC_ROOT/$SS_TC_INSTALL" -Dbuild.dir=$SS_TC_ROOT/$SS_TC_INSTALL compile register a character, become an archon (essentially a superuser), destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-01-01 AND GOOD-01-02 AND GOOD-01-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-01/good-01-01.txt ../testData/screenlog.0 good-01/good-01-02.txt ../testData/screenlog.0 good-01/good-01-03.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, check inventory, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-02-01 AND GOOD-02-02 AND GOOD-02-03 AND GOOD-02-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-02/good-02-01.txt ../testData/screenlog.0 good-02/good-02-02.txt ../testData/screenlog.0 good-02/good-02-03.txt ../testData/screenlog.0 good-02/good-02-04.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-03-01 AND GOOD-03-02 AND GOOD-03-03 AND GOOD-03-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-03/good-03-01.txt ../testData/screenlog.0 good-03/good-03-02.txt ../testData/screenlog.0 good-03/good-03-03.txt ../testData/screenlog.0 good-03/good-03-04.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, check inventory, hold torch, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-04-01 AND GOOD-04-02 AND GOOD-04-03 AND GOOD-04-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-04/good-04-01.txt ../testData/screenlog.0 good-04/good-04-02.txt ../testData/screenlog.0 good-04/good-04-03.txt ../testData/screenlog.0 good-04/good-04-04.txt ../testData/screenlog.0 good-04/good-04-05.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, auto-generate a dungeon, search, check inventory, hold torch, move room, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-05-01 AND GOOD-05-02 AND GOOD-05-03 AND GOOD-05-04 AND GOOD-05-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-05/good-05-01.txt ../testData/screenlog.0 good-05/good-05-02.txt ../testData/screenlog.0 good-05/good-05-03.txt ../testData/screenlog.0 good-05/good-05-04.txt ../testData/screenlog.0 good-05/good-05-05.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, export world-state to file, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/worldexport.txt good-06/output.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, import area from file, list areas of world, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so (GOOD-07-01 OR GOOD-07-02) AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-07/output.txt ../testData/screenlog.0 good-07/output2.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, create a news entry, check news, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-08-HEADER AND GOOD-08-SUBJECT AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-08/header.txt ../testData/screenlog.0 good-08/subject.txt DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, create mobs, have them fight, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 is DEAD!!! DOES_NOT_RETURN CONTROLLED_EXIT register character, become archon, generate an average level 5 bard, destroy character Environment variable defining test value. NONE /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT ../testData/screenlog.0 good-10/output.txt DOES_NOT_RETURN CONTROLLED_EXIT Environment variable defining test value. READ_APPLICATION_DATA /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so weakness_started_NISGWeNtC7qi4VgmyVNX AND ((NOT PERFORMER AND (etc_passwd_line_pattern_5AK2RdWyjB OR etc_passwd_root_user_TRYn9HaHyH OR etc_group_line_pattern_H7qbNlaSfI) AND NOT timeout_KbDjqk8fm5) or (PERFORMER AND NOT ((etc_passwd_line_pattern_5AK2RdWyjB OR etc_passwd_root_user_TRYn9HaHyH OR etc_group_line_pattern_H7qbNlaSfI) OR timeout_KbDjqk8fm5 OR controlled_exit_BMqI0zA4Rz))) (NOT PERFORMER AND (etc_passwd_line_pattern_5AK2RdWyjB OR etc_passwd_root_user_TRYn9HaHyH OR etc_group_line_pattern_H7qbNlaSfI) AND NOT timeout_KbDjqk8fm5) or (PERFORMER AND NOT ((etc_passwd_line_pattern_5AK2RdWyjB OR etc_passwd_root_user_TRYn9HaHyH OR etc_group_line_pattern_H7qbNlaSfI) OR timeout_KbDjqk8fm5 OR controlled_exit_BMqI0zA4Rz)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA /tmp/screen_name.txt $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so weakness_started_QCVmQCvcpGGAHqgJ6vNo AND ((NOT PERFORMER AND (etc_passwd_line_pattern_COUPnNKR15 OR etc_passwd_root_user_Jp3NIPHjaI OR etc_group_line_pattern_3LJN1XOK9O) AND NOT timeout_pEAX18TqGp) or (PERFORMER AND NOT ((etc_passwd_line_pattern_COUPnNKR15 OR etc_passwd_root_user_Jp3NIPHjaI OR etc_group_line_pattern_3LJN1XOK9O) OR timeout_pEAX18TqGp OR controlled_exit_efOzAIHw7o))) (NOT PERFORMER AND (etc_passwd_line_pattern_COUPnNKR15 OR etc_passwd_root_user_Jp3NIPHjaI OR etc_group_line_pattern_3LJN1XOK9O) AND NOT timeout_pEAX18TqGp) or (PERFORMER AND NOT ((etc_passwd_line_pattern_COUPnNKR15 OR etc_passwd_root_user_Jp3NIPHjaI OR etc_group_line_pattern_3LJN1XOK9O) OR timeout_pEAX18TqGp OR controlled_exit_efOzAIHw7o)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start