SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #154880

Back to the previous page... Back to the previous page

Test Case IDCandidate154880
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Test suite: 102  
Application: 16  
Added byCharles Oliveira
Type of test caseSource Code
Input string
Expected Output
See src/build.xml.
Submission date2015-10-06
DescriptionThis test takes an integer followed by a filename as input (int filename), and checks that the file exists, is in the current directory, and is not a symbolic link. However the weakness takes some time before opening the file allowing a time of check, time of use vulnerability. This vulnerability allows an attacker to replace the file with a symbolic link to a file outside of the current directory during the time between checking the file's validity and opening it.

- Base program: JTree
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-363: Race Condition Enabling Link Following on line(s): 135, 136, 137, 138, 139, 140, 141, 142, 143, 144