SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #154651

Back to the previous page... Back to the previous page

Test Case IDCandidate154651
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Test suite: 102  
Application: 16  
Added byCharles Oliveira
Type of test caseSource Code
Input string
Expected Output
See src/build.xml.
Submission date2015-10-06
DescriptionThis test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability allows an attacker to replace the file with a symbolic link to a file outside of the current directory during the time between checking the file's validity and opening it.

- Base program: JTree
- Source Taint: SOCKET
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-363: Race Condition Enabling Link Following on line(s): 265, 266, 267, 268, 269, 270, 271, 272, 273, 274