From 16b251a8dee696cde591bc4252060fc0cb1b9432 Mon Sep 17 00:00:00 2001
From: Sean McKay <sean@northernlabs.ca>
Date: Fri, 16 Jun 2023 15:21:49 -0400
Subject: [PATCH 1/2] Finishe dup to part 4

---
 modules/2-owasp.livemd   | 4 ++--
 modules/3-ssdlc.livemd   | 2 +-
 modules/4-graphql.livemd | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/2-owasp.livemd b/modules/2-owasp.livemd
index c60e52b..d9307fc 100644
--- a/modules/2-owasp.livemd
+++ b/modules/2-owasp.livemd
@@ -123,7 +123,7 @@ end
 # DO NOT CHANGE CODE ABOVE THIS LINE =========================
 
 # PasswordCompare.option_one("users_password", md5_hash)
-# PasswordCompare.option_two("users_password", bcrypt_salted_hash)
+PasswordCompare.option_two("users_password", bcrypt_salted_hash)
 ```
 
 <!-- livebook:{"branch_parent_index":3} -->
@@ -252,7 +252,7 @@ _HINT: Installed dependencies can be found at the very top, it was the very firs
 
 ```elixir
 # CHANGE ME
-vulnerable_dependency = :vulnerable_dependency
+vulnerable_dependency = :phoenix
 
 # DO NOT CHANGE CODE BELOW THIS LINE ============================
 Application.spec(vulnerable_dependency)[:vsn] |> List.to_string() |> IO.puts()
diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd
index 6afce3a..9d6f37e 100644
--- a/modules/3-ssdlc.livemd
+++ b/modules/3-ssdlc.livemd
@@ -47,7 +47,7 @@ _Use `System.get_env/1` on line 2._
 
 ```elixir
 # let's assume there is an environment variable named 'envar_secret'
-super_secret_password = "p@ssw0rd"
+super_secret_password = System.get_env("envar_secret")
 
 # DO NOT CHANGE CODE BELOW THIS COMMENT
 IO.puts(super_secret_password)
diff --git a/modules/4-graphql.livemd b/modules/4-graphql.livemd
index 24d9a3f..adc4a0b 100644
--- a/modules/4-graphql.livemd
+++ b/modules/4-graphql.livemd
@@ -62,7 +62,7 @@ It can also intercept responses to ensure no schema data is being leaked in any
 _Uncomment the line with your answer._
 
 ```elixir
-# answer = :API6_2019_Mass_Assignment
+answer = :API6_2019_Mass_Assignment
 # answer = :API10_2019_Insufficient_Logging_Monitoring
 # answer = :API3_2019_Excessive_Data_Exposure
 # answer = :API4_2019_Lack_of_Resources_Rate_Limiting
@@ -92,7 +92,7 @@ _Uncomment the item number (1-4) with your answer_
 
 ```elixir
 # -------------------------------------------------------------
-# answer = 1
+answer = 1
 #
 # HTTP/2 401 Unauthorized
 # Date: Tues, 16 Aug 2022 21:06:42 GMT

From 99081e2c6e1ea5a1fe4078a430275ebc0a855411 Mon Sep 17 00:00:00 2001
From: Sean McKay <sean@northernlabs.ca>
Date: Tue, 4 Jul 2023 17:27:26 -0400
Subject: [PATCH 2/2] Finish other modules

---
 modules/5-elixir.livemd        | 13 ++++++++-----
 modules/6-cookies.livemd       | 11 +++++------
 modules/7-anti-patterns.livemd |  2 +-
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/modules/5-elixir.livemd b/modules/5-elixir.livemd
index b80d5f7..482d2df 100644
--- a/modules/5-elixir.livemd
+++ b/modules/5-elixir.livemd
@@ -60,7 +60,7 @@ prev_count = :erlang.system_info(:atom_count)
 try do
   malicious_user_input
   # ONLY CHANGE LINE 8
-  |> String.to_atom()
+  |> String.to_existing_atom()
 rescue
   e -> {ArgumentError, e}
 end
@@ -168,13 +168,13 @@ end
 password = "HASH_OF_THE_USERS_ACTUAL_PASSWORD"
 # DO NOT EDIT ANY CODE ABOVE THIS LINE =====================
 
-user_input = "HASH_OF_asdfasdf"
+user_input = "PASS"
 
 # DO NOT EDIT ANY CODE BELOW THIS LINE (you may uncomment IO.puts) =============
 Benchwarmer.benchmark(fn -> Susceptible.compare(user_input, password) end)
 Benchwarmer.benchmark(fn -> Constant.compare(user_input, password) end)
 
-# IO.puts(:comparison_ran)
+IO.puts(:comparison_ran)
 ```
 
 ## Boolean Coercion
@@ -223,7 +223,10 @@ user_input = "some_string_which_obviously_isnt_the_same_as_the_password"
 :ok
 # DO NOT EDIT ANY CODE ABOVE THIS LINE =====================
 
-# if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do :you_let_a_baddie_in end
+if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do
+  :you_let_a_baddie_in
+end
+
 # if SecurityCheck.validate(user_input, password) || raise(SecurityCheck) do :you_let_a_baddie_in end
 ```
 
@@ -282,7 +285,7 @@ This prevents the table from being read by other processes, such as remote shell
 
 ```elixir
 # ONLY EDIT THIS LINE
-secret_table = :ets.new(:secret_table, [:public])
+secret_table = :ets.new(:secret_table, [:private])
 :ets.info(secret_table)[:protection]
 ```
 
diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd
index c261b9a..09af53e 100644
--- a/modules/6-cookies.livemd
+++ b/modules/6-cookies.livemd
@@ -185,12 +185,11 @@ cookie_name = "CHANGE_ME_TOO"
 conn
 |> Plug.Conn.put_resp_cookie(
   cookie_name,
-  <<42::16>>
-  # domain: ,
-  # path: ,
-  # secure: ,
-  # http_only: ,
-  # same_site:
+  <<42::16>>,
+  path: '/',
+  secure: true,
+  http_only: true,
+  same_site: 'Strict'
 )
 ```
 
diff --git a/modules/7-anti-patterns.livemd b/modules/7-anti-patterns.livemd
index 7de1d62..a55abcf 100644
--- a/modules/7-anti-patterns.livemd
+++ b/modules/7-anti-patterns.livemd
@@ -78,7 +78,7 @@ _Uncomment the line with your answer._
 ```elixir
 # answer = :bubble_sort
 # answer = :merge_sort
-# answer = :quick_sort
+answer = :quick_sort
 # answer = :random_sort
 
 IO.puts(answer)