EasyBuggy :baby_symbol:

EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, deadlock, JVM crash, SQL injection and so on.

:clock4: Quick Start

$ mvn clean install

( or java -jar easybuggy.jar or deploy ROOT.war on your servlet container with the JVM options. )

Access to

http://localhost:8080

:clock4: Quick Start(Docker)

$ docker build . -t easybuggy:local # Build container image
$ docker run -p 8080:8080 easybuggy:local # Start easybuggy

Access to

http://localhost:8080

To stop:

Use CTRL+C ( or access to: http://localhost:8080/exit )

:clock4: For more detail

See the wiki page.

:clock4: Demo

This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down)

:clock4: EasyBuggy can reproduce:

• Troubles

  • Memory Leak (Java heap space)
  • Memory Leak (PermGen space)
  • Memory Leak (C heap space)
  • Deadlock (Java)
  • Deadlock (SQL)
  • Endless Waiting Process
  • Infinite Loop
  • Redirect Loop
  • Forward Loop
  • JVM Crash
  • Network Socket Leak
  • Database Connection Leak
  • File Descriptor Leak
  • Thread Leak
  • Mojibake
  • Integer Overflow
  • Round Off Error
  • Truncation Error
  • Loss of Trailing Digits

• Vulnerabilities

  • XSS (Cross-Site Scripting)
  • SQL Injection
  • LDAP Injection
  • Code Injection
  • OS Command Injection (OGNL Expression Injection)
  • Mail Header Injection
  • Null Byte Injection
  • Extension Unrestricted File Upload
  • Size Unrestricted File Upload
  • Open Redirect
  • Brute-force Attack
  • Session Fixation Attacks
  • Verbose Login Error Messages
  • Dangerous File Inclusion
  • Directory Traversal
  • Unintended File Disclosure
  • CSRF (Cross-Site Request Forgery)
  • XEE (XML Entity Expansion)
  • XXE (XML eXternal Entity)
  • Clickjacking

• Performance Degradation

  • Slow Regular Expression Parsing
  • Delay of creating string due to +(plus) operator
  • Delay due to unnecessary object creation

• Errors

  • AssertionError
  • ExceptionInInitializerError
  • FactoryConfigurationError
  • GenericSignatureFormatError
  • NoClassDefFoundError
  • OutOfMemoryError (Java heap space)
  • OutOfMemoryError (Requested array size exceeds VM limit)
  • OutOfMemoryError (unable to create new native thread)
  • OutOfMemoryError (GC overhead limit exceeded)
  • OutOfMemoryError (PermGen space)
  • OutOfMemoryError (Direct buffer memory)
  • StackOverflowError
  • TransformerFactoryConfigurationError
  • UnsatisfiedLinkError

:clock4: EasyBuggy clones:

• EasyBuggy Boot

  EasyBuggy clone build on Spring Boot

  

• EasyBuggy Bootlin

  EasyBuggy clone build on Spring Boot and written in Kotlin

  

• EasyBuggy Django

  EasyBuggy clone build on Django 2 and written in Python