The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided filename isn't checked to ensure it doesn't contain an absolute path, it allows reading of any file on the system.
org.apache.poi.hwpf.converter.WordToHtmlConverter:org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor:org.apache.poi.hpbf.extractor.PublisherTextExtractor:org.apache.poi.hwpf.extractor.WordExtractor:org.apache.poi.hssf.converter.ExcelToHtmlConverter:org.apache.poi.hpsf.examples.ReadTitle:org.apache.poi.hssf.extractor.ExcelExtractorPassworded:org.apache.poi.hdgf.extractor.VisioTextExtractor:org.apache.poi.hssf.extractor.ExcelExtractor:org.apache.poi.ss.examples.ToCSV
$SS_TC_DEPS/java/poi/*:$SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar
UNSPECIFIED
UNSPECIFIED
java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH"
env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dmaven.repo.local="$SS_TC_DEPS/java/poi" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dmain.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dscratchpad.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dooxml.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dexcelant.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Ddisconnected=true -Dmain.lib="$SS_TC_DEPS/java/poi/" -Dooxml.lib="$SS_TC_DEPS/java/poi" -DDSTAMP=CURRENT -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar
cp -r $SS_TC_ROOT/src/build/examples-classes/org/apache/poi/* $SS_TC_ROOT/$SS_TC_INSTALL/org/apache/poi
convert a .doc to HTML
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html
GOOD-01-FILE
good-01/ss-word.html
good-01/ss-word.html
extract a PPT file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor $SS_TC_ROOT/testData/good-02/examplePPT.ppt
GOOD-02-STDOUT
good-02/output.txt
extract a .pub (Publisher) file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hpbf.extractor.PublisherTextExtractor $SS_TC_ROOT/testData/good-03/ss-pub.pub
GOOD-03-STDOUT
good-03/output.txt
extract a .doc file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.extractor.WordExtractor $SS_TC_ROOT/testData/good-04/ss-word.doc
GOOD-04-STDOUT
good-04/output.txt
convert .xls file to html
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html
GOOD-05-STDOUT AND GOOD-05-FILE
good-05/output.txt
good-05/ss-excel.html
good-05/ss-excel.html
read title metadata from .xls file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hpsf.examples.ReadTitle good-06/ss-excel.xls
GOOD-06-STDOUT
good-06/output.txt
extract a password-protected .xls file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractorPassworded -i good-07/ss-excel-passworded.xls
GOOD-07-STDOUT
good-07/output.txt
extract text from a .vsd file (Visio)
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hdgf.extractor.VisioTextExtractor good-08/BlkDia.vsd
GOOD-08-STDOUT
good-08/output.txt
extract a xls file
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.extractor.ExcelExtractor -i good-09/ss-excel.xls
GOOD-09-STDOUT
good-09/output.txt
extract a .xls file to csv
Environment variable defining test value.
NONE
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.ss.examples.ToCSV good-10/ss-excel.xls good-10/
GOOD-10-FILE
good-10/ss-excel.csv
good-10/ss-excel.csv
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html
weakness_started_dn7Xwfx3bLt1NoYrA7wr AND ((NOT PERFORMER AND (etc_passwd_line_pattern_xOKdVvm4XP OR etc_passwd_root_user_Jx5F4vxE3Z OR etc_group_line_pattern_k9bxniQ1W6) AND NOT timeout_CQ0dNH4FuF) or (PERFORMER AND NOT ((etc_passwd_line_pattern_xOKdVvm4XP OR etc_passwd_root_user_Jx5F4vxE3Z OR etc_group_line_pattern_k9bxniQ1W6) OR timeout_CQ0dNH4FuF OR controlled_exit_2yP3mBQ6nC)))
(NOT PERFORMER AND (etc_passwd_line_pattern_xOKdVvm4XP OR etc_passwd_root_user_Jx5F4vxE3Z OR etc_group_line_pattern_k9bxniQ1W6) AND NOT timeout_CQ0dNH4FuF) or (PERFORMER AND NOT ((etc_passwd_line_pattern_xOKdVvm4XP OR etc_passwd_root_user_Jx5F4vxE3Z OR etc_group_line_pattern_k9bxniQ1W6) OR timeout_CQ0dNH4FuF OR controlled_exit_2yP3mBQ6nC))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start
Environment variable defining test value.
READ_APPLICATION_DATA
$SS_TC_ROOT/logs/execute/lttng
$SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so
org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html
weakness_started_OgdflIkghi2ZDtVbgXMl AND ((NOT PERFORMER AND (etc_passwd_line_pattern_dmrJAPHGps OR etc_passwd_root_user_yOgMGc7Yh4 OR etc_group_line_pattern_WvCSu3nwOO) AND NOT timeout_9QbfUv5He1) or (PERFORMER AND NOT ((etc_passwd_line_pattern_dmrJAPHGps OR etc_passwd_root_user_yOgMGc7Yh4 OR etc_group_line_pattern_WvCSu3nwOO) OR timeout_9QbfUv5He1 OR controlled_exit_gfRKz6inMr)))
(NOT PERFORMER AND (etc_passwd_line_pattern_dmrJAPHGps OR etc_passwd_root_user_yOgMGc7Yh4 OR etc_group_line_pattern_WvCSu3nwOO) AND NOT timeout_9QbfUv5He1) or (PERFORMER AND NOT ((etc_passwd_line_pattern_dmrJAPHGps OR etc_passwd_root_user_yOgMGc7Yh4 OR etc_group_line_pattern_WvCSu3nwOO) OR timeout_9QbfUv5He1 OR controlled_exit_gfRKz6inMr))
DOES_NOT_RETURN
CONTROLLED_EXIT
CONTINUED_EXECUTION
logfile.txt
.+:.+:[0-9]+:[0-9]+:.+:.+:.*
logfile.txt
^root:.*
logfile.txt
.+:x:[0-9]+:
None
stonesoup_trace:weakness_start