The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will accept input of a file to read, but prohibits access to file in the /etc directory. The input generates an equivalent name /////etc/////passwd which bypasses the filter. org.apache.poi.hwpf.converter.WordToHtmlConverter:org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor:org.apache.poi.hpbf.extractor.PublisherTextExtractor:org.apache.poi.hwpf.extractor.WordExtractor:org.apache.poi.hssf.converter.ExcelToHtmlConverter:org.apache.poi.hpsf.examples.ReadTitle:org.apache.poi.hssf.extractor.ExcelExtractorPassworded:org.apache.poi.hdgf.extractor.VisioTextExtractor:org.apache.poi.hssf.extractor.ExcelExtractor:org.apache.poi.ss.examples.ToCSV $SS_TC_DEPS/java/poi/*:$SS_TC_ROOT/$SS_TC_INSTALL:$SS_TC_DEPS/java/stonesoup/socket/*:$SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar UNSPECIFIED UNSPECIFIED java $SS_JAVA_OPTS -Djava.library.path=$SS_TC_DEPS/lib64/ -cp "$SS_JAVA_CLASSPATH" env ANT_HOME=$SS_TC_DEPS/ant ant $SS_ANT_OPTS -Dstonesoup.database.postgres.required=no -Dstonesoup.hibernate.postgres.required=no -Dstonesoup.hibernate.mysql.required=no -Dstonesoup.database.mysql.required=no -Dstonesoup.socket.required=yes -lib $SS_TC_DEPS/java/stonesoup/lttng/lttng-stonesoup-0.1.jar -Dmaven.repo.local="$SS_TC_DEPS/java/poi" -Dstonesoup.socket.lib.dir="$SS_TC_DEPS/java/stonesoup/socket" -Dstonesoup.hibernate.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/mysql" -Dstonesoup.hibernate.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/hibernate/postgres" -Dstonesoup.database.mysql.lib.dir="$SS_TC_DEPS/java/stonesoup/database/mysql" -Dstonesoup.database.postgres.lib.dir="$SS_TC_DEPS/java/stonesoup/database/postgres" -Dmain.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dscratchpad.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dooxml.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Dexcelant.output.dir=$SS_TC_ROOT/$SS_TC_INSTALL -Ddisconnected=true -Dmain.lib="$SS_TC_DEPS/java/poi/" -Dooxml.lib="$SS_TC_DEPS/java/poi" -DDSTAMP=CURRENT -Dstonesoup.lttng.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng" -Dstonesoup.lttng.dummy.lib.dir="$SS_TC_DEPS/java/stonesoup/lttng-dummy" jar cp -r $SS_TC_ROOT/src/build/examples-classes/org/apache/poi/* $SS_TC_ROOT/$SS_TC_INSTALL/org/apache/poi convert a .doc to HTML Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hwpf.converter.WordToHtmlConverter $SS_TC_ROOT/testData/good-01/ss-word.doc $SS_TC_ROOT/testData/good-01/ss-word.html GOOD-01-FILE good-01/ss-word.html good-01/ss-word.html extract a PPT file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hslf.extractor.QuickButCruddyTextExtractor $SS_TC_ROOT/testData/good-02/examplePPT.ppt GOOD-02-STDOUT good-02/output.txt extract a .pub (Publisher) file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hpbf.extractor.PublisherTextExtractor $SS_TC_ROOT/testData/good-03/ss-pub.pub GOOD-03-STDOUT good-03/output.txt extract a .doc file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hwpf.extractor.WordExtractor $SS_TC_ROOT/testData/good-04/ss-word.doc GOOD-04-STDOUT good-04/output.txt convert .xls file to html Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html GOOD-05-STDOUT AND GOOD-05-FILE good-05/output.txt good-05/ss-excel.html good-05/ss-excel.html read title metadata from .xls file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hpsf.examples.ReadTitle good-06/ss-excel.xls GOOD-06-STDOUT good-06/output.txt extract a password-protected .xls file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hssf.extractor.ExcelExtractorPassworded -i good-07/ss-excel-passworded.xls GOOD-07-STDOUT good-07/output.txt extract text from a .vsd file (Visio) Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hdgf.extractor.VisioTextExtractor good-08/BlkDia.vsd GOOD-08-STDOUT good-08/output.txt extract a xls file Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hssf.extractor.ExcelExtractor -i good-09/ss-excel.xls GOOD-09-STDOUT good-09/output.txt extract a .xls file to csv Environment variable defining test value. NONE $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.ss.examples.ToCSV good-10/ss-excel.xls good-10/ GOOD-10-FILE good-10/ss-excel.csv good-10/ss-excel.csv Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hpsf.examples.ReadTitle good-06/ss-excel.xls weakness_started_hcw8Rzksuh08gknKEuQU AND ((NOT PERFORMER AND (etc_passwd_line_pattern_wj5tMwlBeR OR etc_passwd_root_user_JAxZDbB1iH OR etc_group_line_pattern_1gsShPbhQj) AND NOT timeout_eY2bZwGPX1) or (PERFORMER AND NOT ((etc_passwd_line_pattern_wj5tMwlBeR OR etc_passwd_root_user_JAxZDbB1iH OR etc_group_line_pattern_1gsShPbhQj) OR timeout_eY2bZwGPX1 OR controlled_exit_PpMZtMjytJ))) (NOT PERFORMER AND (etc_passwd_line_pattern_wj5tMwlBeR OR etc_passwd_root_user_JAxZDbB1iH OR etc_group_line_pattern_1gsShPbhQj) AND NOT timeout_eY2bZwGPX1) or (PERFORMER AND NOT ((etc_passwd_line_pattern_wj5tMwlBeR OR etc_passwd_root_user_JAxZDbB1iH OR etc_group_line_pattern_1gsShPbhQj) OR timeout_eY2bZwGPX1 OR controlled_exit_PpMZtMjytJ)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start Environment variable defining test value. READ_APPLICATION_DATA $SS_TC_ROOT/logs/execute/lttng $SS_TC_DEPS/lib64/liblttng-stonesoup-java.so:$SS_TC_DEPS/lib64/liblttng-ust-fork.so org.apache.poi.hssf.converter.ExcelToHtmlConverter $SS_TC_ROOT/testData/good-05/ss-excel.xls $SS_TC_ROOT/testData/good-05/ss-excel.html weakness_started_p1rZ8yOca3rZsCVRumFm AND ((NOT PERFORMER AND (etc_passwd_line_pattern_VYEHmz0cEx OR etc_passwd_root_user_nB4OlxNpiI OR etc_group_line_pattern_GbV3fuHlcO) AND NOT timeout_j10fs3OVpr) or (PERFORMER AND NOT ((etc_passwd_line_pattern_VYEHmz0cEx OR etc_passwd_root_user_nB4OlxNpiI OR etc_group_line_pattern_GbV3fuHlcO) OR timeout_j10fs3OVpr OR controlled_exit_ABy215lClP))) (NOT PERFORMER AND (etc_passwd_line_pattern_VYEHmz0cEx OR etc_passwd_root_user_nB4OlxNpiI OR etc_group_line_pattern_GbV3fuHlcO) AND NOT timeout_j10fs3OVpr) or (PERFORMER AND NOT ((etc_passwd_line_pattern_VYEHmz0cEx OR etc_passwd_root_user_nB4OlxNpiI OR etc_group_line_pattern_GbV3fuHlcO) OR timeout_j10fs3OVpr OR controlled_exit_ABy215lClP)) DOES_NOT_RETURN CONTROLLED_EXIT CONTINUED_EXECUTION logfile.txt .+:.+:[0-9]+:[0-9]+:.+:.+:.* logfile.txt ^root:.* logfile.txt .+:x:[0-9]+: None stonesoup_trace:weakness_start