EasyBuggy :baby_symbol:
EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, deadlock, JVM crash, SQL injection and so on.
:clock4: Quick Start
$ mvn clean install
( or java -jar easybuggy.jar
or deploy ROOT.war on your servlet container with the JVM options. )
Access to
http://localhost:8080
:clock4: Quick Start(Docker)
$ docker build . -t easybuggy:local # Build container image
$ docker run -p 8080:8080 easybuggy:local # Start easybuggy
Access to
http://localhost:8080
To stop:
Use CTRL+C ( or access to: http://localhost:8080/exit )
:clock4: For more detail
See the wiki page.
:clock4: Demo
This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down)
:clock4: EasyBuggy can reproduce:
-
Troubles
- Memory Leak (Java heap space)
- Memory Leak (PermGen space)
- Memory Leak (C heap space)
- Deadlock (Java)
- Deadlock (SQL)
- Endless Waiting Process
- Infinite Loop
- Redirect Loop
- Forward Loop
- JVM Crash
- Network Socket Leak
- Database Connection Leak
- File Descriptor Leak
- Thread Leak
- Mojibake
- Integer Overflow
- Round Off Error
- Truncation Error
- Loss of Trailing Digits
-
Vulnerabilities
- XSS (Cross-Site Scripting)
- SQL Injection
- LDAP Injection
- Code Injection
- OS Command Injection (OGNL Expression Injection)
- Mail Header Injection
- Null Byte Injection
- Extension Unrestricted File Upload
- Size Unrestricted File Upload
- Open Redirect
- Brute-force Attack
- Session Fixation Attacks
- Verbose Login Error Messages
- Dangerous File Inclusion
- Directory Traversal
- Unintended File Disclosure
- CSRF (Cross-Site Request Forgery)
- XEE (XML Entity Expansion)
- XXE (XML eXternal Entity)
- Clickjacking
-
Performance Degradation
- Slow Regular Expression Parsing
- Delay of creating string due to +(plus) operator
- Delay due to unnecessary object creation
-
Errors
- AssertionError
- ExceptionInInitializerError
- FactoryConfigurationError
- GenericSignatureFormatError
- NoClassDefFoundError
- OutOfMemoryError (Java heap space)
- OutOfMemoryError (Requested array size exceeds VM limit)
- OutOfMemoryError (unable to create new native thread)
- OutOfMemoryError (GC overhead limit exceeded)
- OutOfMemoryError (PermGen space)
- OutOfMemoryError (Direct buffer memory)
- StackOverflowError
- TransformerFactoryConfigurationError
- UnsatisfiedLinkError
:clock4: EasyBuggy clones: