Shriya

modules/2-owasp.livemd

@@ -123,7 +123,7 @@ end
 # DO NOT CHANGE CODE ABOVE THIS LINE =========================
 
 # PasswordCompare.option_one("users_password", md5_hash)
-# PasswordCompare.option_two("users_password", bcrypt_salted_hash)
+ PasswordCompare.option_two("users_password", bcrypt_salted_hash)
 ```
 
 <!-- livebook:{"branch_parent_index":3} -->
@@ -252,7 +252,7 @@ _HINT: Installed dependencies can be found at the very top, it was the very firs
 
 ```elixir
 # CHANGE ME
-vulnerable_dependency = :vulnerable_dependency
+vulnerable_dependency = :plu
 
 # DO NOT CHANGE CODE BELOW THIS LINE ============================
 Application.spec(vulnerable_dependency)[:vsn] |> List.to_string() |> IO.puts()

modules/3-ssdlc.livemd

@@ -46,8 +46,8 @@ A very easy way to prevent secrets being added to go though is to access them vi
 _Use `System.get_env/1` on line 2._
 
 ```elixir
-# let's assume there is an environment variable named 'envar_secret'
-super_secret_password = "p@ssw0rd"
+# Let's assume there is an environment variable named 'envar_secret'
+super_secret_password = System.get_env("envar_secret")
 
 # DO NOT CHANGE CODE BELOW THIS COMMENT
 IO.puts(super_secret_password)

modules/4-graphql.livemd

@@ -64,7 +64,7 @@ _Uncomment the line with your answer._
 ```elixir
 # answer = :API6_2019_Mass_Assignment
 # answer = :API10_2019_Insufficient_Logging_Monitoring
-# answer = :API3_2019_Excessive_Data_Exposure
+answer = :API3_2019_Excessive_Data_Exposure
 # answer = :API4_2019_Lack_of_Resources_Rate_Limiting
 
 IO.puts(answer)
@@ -92,7 +92,7 @@ _Uncomment the item number (1-4) with your answer_
 
 ```elixir
 # -------------------------------------------------------------
-# answer = 1
+answer = 1
 #
 # HTTP/2 401 Unauthorized
 # Date: Tues, 16 Aug 2022 21:06:42 GMT

modules/5-elixir.livemd

@@ -5,7 +5,7 @@
 ```elixir
 Mix.install([
   {:grading_client, path: "#{__DIR__}/grading_client"},
-  :benchwarmer,
+  :benchee,
   :kino,
   :plug
 ])
@@ -60,7 +60,7 @@ prev_count = :erlang.system_info(:atom_count)
 try do
   malicious_user_input
   # ONLY CHANGE LINE 8
-  |> String.to_atom()
+  |> String.to_existing_atom()
 rescue
   e -> {ArgumentError, e}
 end
@@ -171,10 +171,12 @@ password = "HASH_OF_THE_USERS_ACTUAL_PASSWORD"
 user_input = "HASH_OF_asdfasdf"
 
 # DO NOT EDIT ANY CODE BELOW THIS LINE (you may uncomment IO.puts) =============
-Benchwarmer.benchmark(fn -> Susceptible.compare(user_input, password) end)
-Benchwarmer.benchmark(fn -> Constant.compare(user_input, password) end)
+Benchee.run(%{
+  "Susceptible" => fn -> Susceptible.compare(user_input, password) end,
+  "Constant" => fn -> Constant.compare(user_input, password) end
+}, time: 3, warmup: 2)
 
-# IO.puts(:comparison_ran)
+IO.puts(:comparison_ran)
 ```
 
 ## Boolean Coercion
@@ -223,7 +225,7 @@ user_input = "some_string_which_obviously_isnt_the_same_as_the_password"
 :ok
 # DO NOT EDIT ANY CODE ABOVE THIS LINE =====================
 
-# if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do :you_let_a_baddie_in end
+if SecurityCheck.validate(user_input, password) or raise(SecurityCheck) do :you_let_a_baddie_in end
 # if SecurityCheck.validate(user_input, password) || raise(SecurityCheck) do :you_let_a_baddie_in end
 ```
 
@@ -282,7 +284,7 @@ This prevents the table from being read by other processes, such as remote shell
 
 ```elixir
 # ONLY EDIT THIS LINE
-secret_table = :ets.new(:secret_table, [:public])
+secret_table = :ets.new(:secret_table, [])
 :ets.info(secret_table)[:protection]
 ```
 

modules/6-cookies.livemd

@@ -185,7 +185,7 @@ cookie_name = "CHANGE_ME_TOO"
 conn
 |> Plug.Conn.put_resp_cookie(
   cookie_name,
-  <<42::16>>
+  "PerfectCookieValue"
   # domain: ,
   # path: ,
   # secure: ,

modules/7-anti-patterns.livemd

@@ -78,7 +78,7 @@ _Uncomment the line with your answer._
 ```elixir
 # answer = :bubble_sort
 # answer = :merge_sort
-# answer = :quick_sort
+ answer = :quick_sort
 # answer = :random_sort
 
 IO.puts(answer)