The SAMATE Project

Department of Homeland Security

Back to the previous page

Test Case ID	154492
Bad / Good / Mixed	Bad
Author	IARPA STONESOUP Test and Evaluation team
Associations	Test suite: 102 Application: 11
Added by	Charles Oliveira
Language	Java
Type of test case	Source Code
Input string
Expected Output
Instructions	See src/build.xml and src/maven-build.xml.
Submission date	2015-10-06
Description	This test takes an integer and filename as input (int filename), and checks that the file exists, and is in the current directory. However there is a time of check,time of use vulnerability after the file is checked but before it is opened allowing the file to be deleted before opening causing a null pointer dereference. Metadata - Base program: Apache Jena - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Data Flow: BASIC - Control Flow: INFINITE_LOOP
File(s)	IRIImpl.java (9.33 kB) runFifos.py (2.67 kB) service_mon.sh (100 B) preprocess_daemon_script_01.sh (425 B) J-C367A-JENA-06-ST01-DT03-DF11-CF03-01.yaml (7.28 kB) J-C367A-JENA-06-ST01-DT03-DF11-CF03-01.xml (68.85 kB)
Flaw	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition • 10

There are no comments

Have any comments on this test case? Please, .

IRIImpl.java
runFifos.py
service_mon.sh
preprocess_daemon_script_01.sh
J-C367A-JENA-06-ST01-DT03-DF11-CF03-01.yaml
J-C367A-JENA-06-ST01-DT03-DF11-CF03-01.xml

File Contains:
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition on line(s): 206, 207, 208, 209, 210, 211, 212, 213, 214, 215

Contact: :: Created: Jan. 2006 :: Updated: Nov. 2017 :: Version: 4.9