Improve overall.

k-tamura · Dec 25, 2016 · 7413d05 · 7413d05
1 parent 2fc7e70
commit 7413d05
Show file tree

Hide file tree

Showing 10 changed files with 29 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 EasyBuggy
 =
 
-EasyBuggy is a too buggy web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, dead lock, JVM crash, SQL injection and so on.
+EasyBuggy is a broken web application in order to understand behavior of bugs and vulnerabilities, for example, memory leak, dead lock, JVM crash, SQL injection and so on.
 
 Quick Start
 -
@@ -10,4 +10,9 @@ Quick Start
 
 Access to:
 
-    http://localhost:8989/main
+    http://localhost:8989/main
+
+To develop:
+-
+
+See [the wiki page](https://github.com/k-tamura/easybuggy/wiki).
diff --git a/src/main/java/org/t246osslab/easybuggy/others/RoundOffErrorServlet.java b/src/main/java/org/t246osslab/easybuggy/others/RoundOffErrorServlet.java
@@ -20,7 +20,7 @@ public class RoundOffErrorServlet extends HttpServlet {
 
     protected void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
         PrintWriter writer = null;
-        double number = -1;
+        int number = -1;
         String errorMessage = "";
         try {
             Locale locale = req.getLocale();

diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet.java
@@ -71,7 +71,7 @@ private void lock21() {
 
     private void sleep() {
         try {
-            Thread.sleep(10000);
+            Thread.sleep(5000);
         } catch (InterruptedException e) {
             Logger.error(e);
         }

diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java b/src/main/java/org/t246osslab/easybuggy/troubles/DeadlockServlet2.java
@@ -46,7 +46,7 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write(MessageUtils.getMsg("msg.note.sql.deadlock", locale));
             writer.write("<br><br>");
             writer.write(MessageUtils.getMsg("label.order", locale) + ": ");
-            writer.write("<input type=\"radio\" name=\"order\" value=\"asc\">");
+            writer.write("<input type=\"radio\" name=\"order\" value=\"asc\" checked>");
             writer.write(MessageUtils.getMsg("label.asc", locale));
             writer.write("<input type=\"radio\" name=\"order\" value=\"desc\">");
             writer.write(MessageUtils.getMsg("label.desc", locale));
@@ -55,14 +55,14 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
             writer.write("<br><br>");
 
             EmbeddedJavaDb2 app = new EmbeddedJavaDb2();
-            if (order.equals("asc")) {
+            if ("asc".equals(order)) {
                 String message = app.update(new String[] { "Mark", "James" }, locale);
                 writer.write(message);
-            } else if (order.equals("desc")) {
+            } else if ("desc".equals(order)) {
                 String message = app.update(new String[] { "James", "Mark" }, locale);
                 writer.write(message);
             } else {
-                writer.write(MessageUtils.getMsg("msg.warn.enter.name.and.passwd", locale));
+                writer.write(MessageUtils.getMsg("msg.warn.enter.asc.or.desc", locale));
             }
             writer.write("</form>");
             writer.write("</BODY>");

diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/JVMCrashByEAVServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/JVMCrashByEAVServlet.java
@@ -30,11 +30,8 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
             Class<?> cl2 = Class.forName("sun.dc.path.PathConsumer");
             Constructor<?> cunstructor = cl.getConstructor(new Class[] { cl2 });
             cunstructor.newInstance(new Object[] { null });
-        } catch (ClassNotFoundException e) {
-            message = MessageUtils.getMsg("msg.info.jvm.not.crash", req.getLocale());
         } catch (Exception e) {
-            message = MessageUtils.getMsg("msg.unknown.exception.occur", req.getLocale());
-            Logger.error(e);
+            message = MessageUtils.getMsg("msg.info.jvm.not.crash", req.getLocale());
         } finally {
             res.setCharacterEncoding("UTF-8");
             res.setContentType("text/plain");

diff --git a/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java b/src/main/java/org/t246osslab/easybuggy/troubles/NetworkSocketLeakServlet.java
@@ -16,6 +16,7 @@
 import org.pmw.tinylog.Logger;
 import org.t246osslab.easybuggy.utils.ApplicationUtils;
 import org.t246osslab.easybuggy.utils.Closer;
+import org.t246osslab.easybuggy.utils.MessageUtils;
 
 @SuppressWarnings("serial")
 @WebServlet(urlPatterns = { "/netsocketleak" })
@@ -40,7 +41,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse res) throws Ser
                 // while ((line = reader.readLine()) != null) {
                 // sb.append(line);
                 // }
-                sb.append("It works!");
+                sb.append(MessageUtils.getMsg("msg.socket.leak.occur", req.getLocale()));
             }
             writer = res.getWriter();
             res.setContentType("text/plain");

diff --git a/src/main/resources/indexpage_en.properties b/src/main/resources/indexpage_en.properties
@@ -14,8 +14,8 @@ function.description.dead.lock=Dead lock (Java) occurs after loading the page fe
 function.name.dead.lock2=Dead Lock (SQL)
 function.description.dead.lock2=Dead lock (SQL) occurs after loading the page few times.
 function.name.jvm.crash.eav=JVM Crash (EXCEPTION_ACCESS_VIOLATION)
-function.description.jvm.crash.eav=JVM crashes after clicking this link<br>\
-(* JVM crash only occurs if using Oracle JDK).
+function.description.jvm.crash.eav=JVM crashes after clicking this link.<br>\
+(* JVM crash only occurs if using Oracle JDK 6 or 7)
 function.name.redirect.loop=Redirect Loop
 function.description.redirect.loop=Redirect loop occurs after clicking this link.
 function.name.native.library.error=Native Library Error
@@ -35,7 +35,7 @@ description.vulnerabilities=XSS, SQL Injection, LDAP injection, and so on:
 function.name.xss=XSS
 function.description.xss=Cross site scripting occurs after entering a vulnerable string.
 function.name.sql.injection=SQL Injection
-function.description.sql.injection=SQL injection occurs when adding a vulnerable query string.
+function.description.sql.injection=SQL injection occurs when entering a vulnerable string.
 function.name.ldap.injection=LDAP Injection
 function.description.ldap.injection=LDAP injection occurs after entering a vulnerable string.
 

diff --git a/src/main/resources/indexpage_ja.properties b/src/main/resources/indexpage_ja.properties
@@ -14,8 +14,8 @@ function.description.dead.lock=\u30da\u30fc\u30b8\u3092\u6570\u56de\u30ed\u30fc\
 function.name.dead.lock2=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(SQL)
 function.description.dead.lock2=\u30da\u30fc\u30b8\u3092\u6570\u56de\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af(SQL)\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 function.name.jvm.crash.eav=JVM\u30af\u30e9\u30c3\u30b7\u30e5 (EXCEPTION_ACCESS_VIOLATION)
-function.description.jvm.crash.eav=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068JVM\u304c\u30af\u30e9\u30c3\u30b7\u30e5\u3057\u307e\u3059<br> \
-(* JVM\u306e\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059)\u3002
+function.description.jvm.crash.eav=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068JVM\u304c\u30af\u30e9\u30c3\u30b7\u30e5\u3057\u307e\u3059\u3002<br> \
+(* JVM\u306e\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059)
 function.name.redirect.loop=\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7
 function.description.redirect.loop=\u3053\u306e\u30ea\u30f3\u30af\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30d7\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 function.name.native.library.error=\u30cd\u30a4\u30c6\u30a3\u30d6\u30e9\u30a4\u30d6\u30e9\u30ea\u30a8\u30e9\u30fc
@@ -35,7 +35,7 @@ description.vulnerabilities=XSS\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30
 function.name.xss=XSS
 function.description.xss=\u8106\u5f31\u306a\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001XSS\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 function.name.sql.injection=SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3
-function.description.sql.injection=\u8106\u5f31\u306a\u30af\u30a8\u30ea\u6587\u5b57\u5217\u3092\u8ffd\u52a0\u3059\u308b\u3068\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+function.description.sql.injection=\u8106\u5f31\u306a\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 function.name.ldap.injection=LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3
 function.description.ldap.injection=\u8106\u5f31\u306a\u6587\u5b57\u5217\u3092\u5165\u529b\u3059\u308b\u3068\u3001LDAP\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 

diff --git a/src/main/resources/messages_en.properties b/src/main/resources/messages_en.properties
@@ -6,7 +6,7 @@ msg.note.positive.number=Note: Integer overflow occurs if you enter a large numb
 msg.dead.lock.occur=Dead Lock occurs after loading this page few times.
 msg.dead.lock.not.occur=Dead Lock does not occur.
 
-msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK.
+msg.info.jvm.not.crash=JVM crash only occurs if using Oracle JDK 6 or 7.
 
 msg.java.heap.space.leak.occur=Memory leak (Java heap space) occurs every time you load this page.\r\n\r\n \
 * If keeping on loading the page, OutOfMemoryError is finally thrown.
@@ -36,13 +36,14 @@ label.submit=submit
 label.reversed.name=Reversed Name
 
 msg.unknown.exception.occur=Unknown exception occurs.
-
+msg.socket.leak.occur=A network socket leaks.
 
 msg.update.records=Updated {0} records.
 title.sql.deadlock.page=Reset all users password
 msg.reset.all.users.passwd=Reset all users password to deny accesses.
 msg.note.sql.deadlock=Note: If you select "asc" and click the "update" button immediately after you select "desc" and click the "update" button, \
 then dead lock occurs in database.
+msg.warn.enter.asc.or.desc=Please select "asc" or "desc".
 label.order=Order
 label.update=Update
 label.asc=asc

diff --git a/src/main/resources/messages_ja.properties b/src/main/resources/messages_ja.properties
@@ -6,7 +6,7 @@ msg.note.positive.number=\u6ce8\u610f: {0}\u3088\u308a\u5927\u304d\u3044\u6570\u
 msg.dead.lock.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u6570\u56de\u30ed\u30fc\u30c9\u3059\u308b\u3068\u3001\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
 msg.dead.lock.not.occur=\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u306f\u767a\u751f\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002
 
-msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002
+msg.info.jvm.not.crash=JVM\u30af\u30e9\u30c3\u30b7\u30e5\u306f\u3001Oracle JDK 6\u307e\u305f\u306f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306e\u307f\u767a\u751f\u3057\u307e\u3059\u3002
 
 msg.java.heap.space.leak.occur=\u3053\u306e\u30da\u30fc\u30b8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3073\u306b\u3001\u30e1\u30e2\u30ea\u30ea\u30fc\u30af(Java heap space)\u304c\u767a\u751f\u3057\u307e\u3059\u3002\r\n\r\n \
 * \u753b\u9762\u3092\u30ed\u30fc\u30c9\u3057\u7d9a\u3051\u308b\u3068\u3001\u6700\u7d42\u7684\u306bOutOfMemoryError (Java heap space)\u304c\u30b9\u30ed\u30fc\u3055\u308c\u307e\u3059\u3002
@@ -36,13 +36,14 @@ label.submit=\u9001\u4fe1
 label.reversed.name=\u9006\u8ee2\u3057\u305f\u540d\u524d
 
 msg.unknown.exception.occur=\u4e0d\u660e\u306a\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f\u3002
-
+msg.socket.leak.occur=\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bd\u30b1\u30c3\u30c8\u304c\u30ea\u30fc\u30af\u3057\u307e\u3057\u305f\u3002
 
 msg.update.records={0}\u4ef6\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002
 title.sql.deadlock.page=\u5168\u30e6\u30fc\u30b6\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30ea\u30bb\u30c3\u30c8
 msg.reset.all.users.passwd=\u5168\u3066\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30ea\u30bb\u30c3\u30c8\u3057\u3066\u3001\u30a2\u30af\u30bb\u30b9\u3092\u62d2\u5426\u3057\u307e\u3059\u3002
-msg.note.sql.deadlock=\u6ce8\u610f\uff1a\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3001\
+msg.note.sql.deadlock=\u6ce8\u610f\uff1a\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u305f\u76f4\u5f8c\u306b\u300c\u6607\u9806\u300d\u3092\u9078\u629e\u3057\u3001\
 \u300c\u66f4\u65b0\u300d\u30dc\u30bf\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u30c7\u30c3\u30c9\u30ed\u30c3\u30af\u304c\u767a\u751f\u3057\u307e\u3059\u3002
+msg.warn.enter.asc.or.desc=\u300c\u6607\u9806\u300d\u307e\u305f\u306f\u300c\u964d\u9806\u300d\u3092\u9078\u629e\u3057\u3066\u4e0b\u3055\u3044\u3002
 label.order=\u30bd\u30fc\u30c8\u9806
 label.update=\u66f4\u65b0
 label.asc=\u6607\u9806