EasyBuggy 🚼

EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, deadlock, JVM crash, SQL injection and so on.

⚠️ Currently, development of EasyBuggy has been temporarily suspended in order to focus on the development of EasyBuggy Boot. EasyBuggy Boot has more vulnerabilities built in than EasyBuggy, so we recommend using EasyBuggy Boot.

🕓 Quick Start

$ mvn clean install

( or java -jar easybuggy.jar or deploy ROOT.war on your servlet container with the JVM options. )

Access to

http://localhost:8080

🕓 Quick Start(Docker)

$ docker build . -t easybuggy:local # Build container image
$ docker run -p 8080:8080 easybuggy:local # Start easybuggy

Access to

http://localhost:8080

To stop:

Use CTRL+C ( or access to: http://localhost:8080/exit )

🕓 For more detail

See the wiki page.

🕓 Demo

This demo shows: Start up -> Infinite Loop -> LDAP Injection -> UnsatisfiedLinkError -> BufferOverflowException -> Deadlock -> Memory Leak -> JVM Crash (Shut down)

🕓 EasyBuggy can reproduce:

• Troubles

  • Memory Leak (Java heap space)
  • Memory Leak (PermGen space)
  • Memory Leak (C heap space)
  • Deadlock (Java)
  • Deadlock (SQL)
  • Endless Waiting Process
  • Infinite Loop
  • Redirect Loop
  • Forward Loop
  • JVM Crash
  • Network Socket Leak
  • Database Connection Leak
  • File Descriptor Leak
  • Thread Leak
  • Mojibake
  • Integer Overflow
  • Round Off Error
  • Truncation Error
  • Loss of Trailing Digits

• Vulnerabilities

  • XSS (Cross-Site Scripting)
  • SQL Injection
  • LDAP Injection
  • Code Injection
  • OS Command Injection (OGNL Expression Injection)
  • Mail Header Injection
  • Null Byte Injection
  • Extension Unrestricted File Upload
  • Size Unrestricted File Upload
  • Open Redirect
  • Brute-force Attack
  • Session Fixation Attacks
  • Verbose Login Error Messages
  • Dangerous File Inclusion
  • Directory Traversal
  • Unintended File Disclosure
  • CSRF (Cross-Site Request Forgery)
  • XEE (XML Entity Expansion)
  • XXE (XML eXternal Entity)
  • Clickjacking

• Performance Degradation

  • Slow Regular Expression Parsing
  • Delay of creating string due to +(plus) operator
  • Delay due to unnecessary object creation

• Errors

  • AssertionError
  • ExceptionInInitializerError
  • FactoryConfigurationError
  • GenericSignatureFormatError
  • NoClassDefFoundError
  • OutOfMemoryError (Java heap space)
  • OutOfMemoryError (Requested array size exceeds VM limit)
  • OutOfMemoryError (unable to create new native thread)
  • OutOfMemoryError (GC overhead limit exceeded)
  • OutOfMemoryError (PermGen space)
  • OutOfMemoryError (Direct buffer memory)
  • StackOverflowError
  • TransformerFactoryConfigurationError
  • UnsatisfiedLinkError

🕓 EasyBuggy clones:

• EasyBuggy Boot

  EasyBuggy clone build on Spring Boot

  

• EasyBuggy Bootlin

  EasyBuggy clone build on Spring Boot and written in Kotlin

  

• EasyBuggy Django

  EasyBuggy clone build on Django 2 and written in Python