National Institute of Standards and Technology
Package illustrating a test case

Test case 154365

Description

This test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability allows an attacker to replace the file with a symbolic link to a file outside of the current directory during the time between checking the file's validity and opening it.
Metadata
- Base program: Apache POI
- Source Taint: FILE_CONTENTS
- Data Type: ARRAY
- Data Flow: VAR_ARG_LIST
- Control Flow: INTERRUPT

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.