diff --git a/modules/2-owasp.livemd b/modules/2-owasp.livemd index c60e52b..7da686d 100644 --- a/modules/2-owasp.livemd +++ b/modules/2-owasp.livemd @@ -123,7 +123,7 @@ end # DO NOT CHANGE CODE ABOVE THIS LINE ========================= # PasswordCompare.option_one("users_password", md5_hash) -# PasswordCompare.option_two("users_password", bcrypt_salted_hash) + PasswordCompare.option_two("users_password", bcrypt_salted_hash) ``` @@ -252,7 +252,7 @@ _HINT: Installed dependencies can be found at the very top, it was the very firs ```elixir # CHANGE ME -vulnerable_dependency = :vulnerable_dependency +vulnerable_dependency = :plu # DO NOT CHANGE CODE BELOW THIS LINE ============================ Application.spec(vulnerable_dependency)[:vsn] |> List.to_string() |> IO.puts() diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index 6afce3a..08ab02d 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -46,8 +46,8 @@ A very easy way to prevent secrets being added to go though is to access them vi _Use `System.get_env/1` on line 2._ ```elixir -# let's assume there is an environment variable named 'envar_secret' -super_secret_password = "p@ssw0rd" +# Let's assume there is an environment variable named 'envar_secret' +super_secret_password = System.get_env("envar_secret") # DO NOT CHANGE CODE BELOW THIS COMMENT IO.puts(super_secret_password) diff --git a/modules/4-graphql.livemd b/modules/4-graphql.livemd index 24d9a3f..28845ce 100644 --- a/modules/4-graphql.livemd +++ b/modules/4-graphql.livemd @@ -64,7 +64,7 @@ _Uncomment the line with your answer._ ```elixir # answer = :API6_2019_Mass_Assignment # answer = :API10_2019_Insufficient_Logging_Monitoring -# answer = :API3_2019_Excessive_Data_Exposure +answer = :API3_2019_Excessive_Data_Exposure # answer = :API4_2019_Lack_of_Resources_Rate_Limiting IO.puts(answer) @@ -92,7 +92,7 @@ _Uncomment the item number (1-4) with your answer_ ```elixir # ------------------------------------------------------------- -# answer = 1 +answer = 1 # # HTTP/2 401 Unauthorized # Date: Tues, 16 Aug 2022 21:06:42 GMT diff --git a/modules/5-elixir.livemd b/modules/5-elixir.livemd index 73c1dc2..0a19b71 100644 --- a/modules/5-elixir.livemd +++ b/modules/5-elixir.livemd @@ -60,7 +60,7 @@ prev_count = :erlang.system_info(:atom_count) try do malicious_user_input # ONLY CHANGE LINE 8 - |> String.to_atom() + |> String.to_existing_atom() rescue e -> {ArgumentError, e} end @@ -176,7 +176,7 @@ Benchee.run(%{ "Constant" => fn -> Constant.compare(user_input, password) end }, time: 3, warmup: 2) -# IO.puts(:comparison_ran) +IO.puts(:comparison_ran) ``` ## Boolean Coercion @@ -225,7 +225,7 @@ user_input = "some_string_which_obviously_isnt_the_same_as_the_password" :ok # DO NOT EDIT ANY CODE ABOVE THIS LINE ===================== -# if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do :you_let_a_baddie_in end +if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do :you_let_a_baddie_in end # if SecurityCheck.validate(user_input, password) || raise(SecurityCheck) do :you_let_a_baddie_in end ``` @@ -284,7 +284,7 @@ This prevents the table from being read by other processes, such as remote shell ```elixir # ONLY EDIT THIS LINE -secret_table = :ets.new(:secret_table, [:public]) +secret_table = :ets.new(:secret_table, []) :ets.info(secret_table)[:protection] ``` diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index c261b9a..e31ba52 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -185,7 +185,7 @@ cookie_name = "CHANGE_ME_TOO" conn |> Plug.Conn.put_resp_cookie( cookie_name, - <<42::16>> + "PerfectCookieValue" # domain: , # path: , # secure: , diff --git a/modules/7-anti-patterns.livemd b/modules/7-anti-patterns.livemd index 7de1d62..4f0c10d 100644 --- a/modules/7-anti-patterns.livemd +++ b/modules/7-anti-patterns.livemd @@ -78,7 +78,7 @@ _Uncomment the line with your answer._ ```elixir # answer = :bubble_sort # answer = :merge_sort -# answer = :quick_sort + answer = :quick_sort # answer = :random_sort IO.puts(answer)