The product does not properly check inputs that are used for
loop conditions, potentially leading to a denial of service because of
excessive looping. This test will try to access a user-controlled file,
repeatedly trying if the access fails. The user provides an intentionally
bad path, forcing the software to wait forever.
org.mortbay.jetty.plus.Server:org.apache.lenya.util.HTML:$SS_TC_ROOT/install/build/lenya/webapp/sitemap.xmap
$SS_TC_ROOT/$SS_TC_INSTALL/tools/loader:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/resources:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed:$SS_TC_DEPS/java/lenya:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed:$SS_TC_ROOT/$SS_TC_INSTALL/tools/configure/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/lib
UNSPECIFIED
UNSPECIFIED
env LENYA_HOME="$SS_TC_ROOT/$SS_TC_INSTALL" LENYA_WEBAPP_HOME="$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp" JETTY_PORT="8888" JETTY_ADMIN_PORT="8889" java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -Xms32M -Xmx512M -Djava.awt.headless=true -cp "$SS_JAVA_CLASSPATH" -Djava.endorsed.dirs=$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed -Dorg.xml.sax.parser=org.apache.xerces.parsers.SAXParser -Djetty.port=8888 -Dloader.jar.repositories=$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/lib:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/ext:$SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/extra/resources:$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/lib/endorsed -Dwebapp=$SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp -Dhome=$SS_TC_ROOT/$SS_TC_INSTALL -Dorg.mortbay.util.URI.charset=ISO-8859-1 -Dloader.main.class=org.mortbay.jetty.plus.Server Loader $SS_TC_ROOT/$SS_TC_INSTALL/tools/jetty/conf/main.xml
env ANT_HOME=$SS_TC_DEPS/ant ant -v $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=no -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" -lib "$SS_TC_DEPS/java/lenya" -Dsrc.java.version="1.5" -Dlib.dir="$SS_TC_DEPS/java/lenya" -Ddist.root="$SS_TC_ROOT/$SS_TC_INSTALL" -Djava.endorsed.dirs="$SS_TC_ROOT/src/externals/cocoon_2_1_x/lib/endorsed" -Ddist.bin.dir="$SS_TC_ROOT/$SS_TC_INSTALL" prepare-dist-bin
mkdir -p $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp
cp $SS_TC_ROOT/$SS_TC_INSTALL/lenya.war $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/
(cd $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp && jar -xf lenya.war)
mkdir -p $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/WEB-INF/logs
rm $SS_TC_ROOT/$SS_TC_INSTALL/build/lenya/webapp/lenya.war
open firefox and browse to default page
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
/etc/passwd
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-01 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-01/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Create a publication
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
tempfile.txt
data
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-02 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-02/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Create publication and log in
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
/etc/passwd
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-03 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-03/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
edit with KUPU editor
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
tempfile.txt
data
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-04 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-04/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
edit with BXE editor
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
/etc/passwd
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-05 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-05/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
edit using "with forms" editor
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
tempfile.txt
data
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-06 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-06/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
test publishing to live site
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
/etc/passwd
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-07 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-07/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
test private message system
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
tempfile.txt
data
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-08 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-08/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
create new xhtml page
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
/etc/passwd
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-09 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-09/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
test RSS feed generation
Environment variable defining test value.
NONE
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
tempfile.txt
data
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
GOOD-10 AND NOT TIMEOUT AND NOT CONTROLLED_EXIT
good-10/output.txt
DOES_NOT_RETURN
CONTROLLED_EXIT
Environment variable defining test value.
DOS_BLOCKING
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
doesntexist.txt
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
weakness_started_Bq9Fnc89NuKvkWA95qbY AND ((NOT PERFORMER AND (timeout_qzlltH13ce OR (NOT (finished_tqZtQoMjPc AND finished_Zyfrz7rpvf) AND NOT (controlled_exit_keYIg9nL34 OR continued_execution_sfA3qbe3Bl)))) or (PERFORMER AND NOT ((timeout_qzlltH13ce OR (NOT (finished_tqZtQoMjPc AND finished_Zyfrz7rpvf) AND NOT (controlled_exit_keYIg9nL34 OR continued_execution_sfA3qbe3Bl))))))
(NOT PERFORMER AND (timeout_qzlltH13ce OR (NOT (finished_tqZtQoMjPc AND finished_Zyfrz7rpvf) AND NOT (controlled_exit_keYIg9nL34 OR continued_execution_sfA3qbe3Bl)))) or (PERFORMER AND NOT ((timeout_qzlltH13ce OR (NOT (finished_tqZtQoMjPc AND finished_Zyfrz7rpvf) AND NOT (controlled_exit_keYIg9nL34 OR continued_execution_sfA3qbe3Bl)))))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(/bin/grep "Found file." "logfile.txt" | wc -l) > 0 )); then true; else false; fi;
if (( $(/bin/grep -E 'Reading ".+"' "logfile.txt" | wc -l) > 0 )); then true; else false; fi;
None
stonesoup_trace:weakness_start
Environment variable defining test value.
DOS_BLOCKING
$SS_TC_ROOT/testData/platonization_proverbiologist.bin
alsodoesntexist.dat
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
weakness_started_WGDgi2347zbruj2Z0A2d AND ((NOT PERFORMER AND (timeout_erTreHPjxv OR (NOT (finished_vCvWKm9cAw AND finished_YhE6jASeeu) AND NOT (controlled_exit_l4VPoDTfzn OR continued_execution_NGV8RC7lRJ)))) or (PERFORMER AND NOT ((timeout_erTreHPjxv OR (NOT (finished_vCvWKm9cAw AND finished_YhE6jASeeu) AND NOT (controlled_exit_l4VPoDTfzn OR continued_execution_NGV8RC7lRJ))))))
(NOT PERFORMER AND (timeout_erTreHPjxv OR (NOT (finished_vCvWKm9cAw AND finished_YhE6jASeeu) AND NOT (controlled_exit_l4VPoDTfzn OR continued_execution_NGV8RC7lRJ)))) or (PERFORMER AND NOT ((timeout_erTreHPjxv OR (NOT (finished_vCvWKm9cAw AND finished_YhE6jASeeu) AND NOT (controlled_exit_l4VPoDTfzn OR continued_execution_NGV8RC7lRJ)))))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
if (( $(/bin/grep "Found file." "logfile.txt" | wc -l) > 0 )); then true; else false; fi;
if (( $(/bin/grep -E 'Reading ".+"' "logfile.txt" | wc -l) > 0 )); then true; else false; fi;
None
stonesoup_trace:weakness_start