• Stars
    star
    233
  • Rank 172,230 (Top 4 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created almost 8 years ago
  • Updated 12 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Too buggy web application

Build Status License GitHub release

EasyBuggy 🚼

EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, deadlock, JVM crash, SQL injection and so on.

logo

🕓 Quick Start

$ mvn clean install

( or java -jar easybuggy.jar or deploy ROOT.war on your servlet container with the JVM options. )

Access to

http://localhost:8080

🕓 Quick Start(Docker)

$ docker build . -t easybuggy:local # Build container image
$ docker run -p 8080:8080 easybuggy:local # Start easybuggy

Access to

http://localhost:8080

To stop:

Use CTRL+C ( or access to: http://localhost:8080/exit )

🕓 For more detail

See the wiki page.

🕓 Demo

This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down)

demo

🕓 EasyBuggy can reproduce:

  • Troubles

    • Memory Leak (Java heap space)
    • Memory Leak (PermGen space)
    • Memory Leak (C heap space)
    • Deadlock (Java)
    • Deadlock (SQL)
    • Endless Waiting Process
    • Infinite Loop
    • Redirect Loop
    • Forward Loop
    • JVM Crash
    • Network Socket Leak
    • Database Connection Leak
    • File Descriptor Leak
    • Thread Leak
    • Mojibake
    • Integer Overflow
    • Round Off Error
    • Truncation Error
    • Loss of Trailing Digits
  • Vulnerabilities

    • XSS (Cross-Site Scripting)
    • SQL Injection
    • LDAP Injection
    • Code Injection
    • OS Command Injection (OGNL Expression Injection)
    • Mail Header Injection
    • Null Byte Injection
    • Extension Unrestricted File Upload
    • Size Unrestricted File Upload
    • Open Redirect
    • Brute-force Attack
    • Session Fixation Attacks
    • Verbose Login Error Messages
    • Dangerous File Inclusion
    • Directory Traversal
    • Unintended File Disclosure
    • CSRF (Cross-Site Request Forgery)
    • XEE (XML Entity Expansion)
    • XXE (XML eXternal Entity)
    • Clickjacking
  • Performance Degradation

    • Slow Regular Expression Parsing
    • Delay of creating string due to +(plus) operator
    • Delay due to unnecessary object creation
  • Errors

    • AssertionError
    • ExceptionInInitializerError
    • FactoryConfigurationError
    • GenericSignatureFormatError
    • NoClassDefFoundError
    • OutOfMemoryError (Java heap space)
    • OutOfMemoryError (Requested array size exceeds VM limit)
    • OutOfMemoryError (unable to create new native thread)
    • OutOfMemoryError (GC overhead limit exceeded)
    • OutOfMemoryError (PermGen space)
    • OutOfMemoryError (Direct buffer memory)
    • StackOverflowError
    • TransformerFactoryConfigurationError
    • UnsatisfiedLinkError

🕓 EasyBuggy clones: