Too buggy web application
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src/main Improve translations Nov 13, 2018
.gitignore Add idea files to .gitignore Oct 25, 2017
.travis.yml Fix an issue by travis-ci issue #7884 Sep 6, 2017
LICENSE First commit. Dec 24, 2016
README.jp.md Update README.jp.md Jun 2, 2018
README.md Update README.md Jun 3, 2018
catalina.policy Add a security policy file Jun 8, 2017
pom.xml Code refactoring Oct 27, 2017

README.md

Build Status License GitHub release

EasyBuggy 🚼

EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, deadlock, JVM crash, SQL injection and so on.

logo

🕓 Quick Start

$ mvn clean install

( or java -jar easybuggy.jar or deploy ROOT.war on your servlet container with the JVM options. )

Access to

http://localhost:8080

To stop:

Use CTRL+C ( or access to: http://localhost:8080/exit )

🕓 For more detail

See the wiki page.

🕓 Demo

This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down)

demo

🕓 EasyBuggy can reproduce:

  • Troubles

    • Memory Leak (Java heap space)
    • Memory Leak (PermGen space)
    • Memory Leak (C heap space)
    • Deadlock (Java)
    • Deadlock (SQL)
    • Endless Waiting Process
    • Infinite Loop
    • Redirect Loop
    • Forward Loop
    • JVM Crash
    • Network Socket Leak
    • Database Connection Leak
    • File Descriptor Leak
    • Thread Leak
    • Mojibake
    • Integer Overflow
    • Round Off Error
    • Truncation Error
    • Loss of Trailing Digits
  • Vulnerabilities

    • XSS (Cross-Site Scripting)
    • SQL Injection
    • LDAP Injection
    • Code Injection
    • OS Command Injection (OGNL Expression Injection)
    • Mail Header Injection
    • Null Byte Injection
    • Extension Unrestricted File Upload
    • Size Unrestricted File Upload
    • Open Redirect
    • Brute-force Attack
    • Session Fixation Attacks
    • Verbose Login Error Messages
    • Dangerous File Inclusion
    • Directory Traversal
    • Unintended File Disclosure
    • CSRF (Cross-Site Request Forgery)
    • XEE (XML Entity Expansion)
    • XXE (XML eXternal Entity)
    • Clickjacking
  • Performance Degradation

    • Slow Regular Expression Parsing
    • Delay of creating string due to +(plus) operator
    • Delay due to unnecessary object creation
  • Errors

    • AssertionError
    • ExceptionInInitializerError
    • FactoryConfigurationError
    • GenericSignatureFormatError
    • NoClassDefFoundError
    • OutOfMemoryError (Java heap space)
    • OutOfMemoryError (Requested array size exceeds VM limit)
    • OutOfMemoryError (unable to create new native thread)
    • OutOfMemoryError (GC overhead limit exceeded)
    • OutOfMemoryError (PermGen space)
    • OutOfMemoryError (Direct buffer memory)
    • StackOverflowError
    • TransformerFactoryConfigurationError
    • UnsatisfiedLinkError

🕓 EasyBuggy clones: