From 9e8fcfe3533b5c80cfa9a2db423b099a8ce2843a Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:01:27 +0100
Subject: [PATCH 1/8] Update index.html

---
 vulnerable/templates/index.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vulnerable/templates/index.html b/vulnerable/templates/index.html
index b307c6f..edfeb34 100644
--- a/vulnerable/templates/index.html
+++ b/vulnerable/templates/index.html
@@ -8,5 +8,6 @@ <h1>Vulnerable Application</h1>
     <form method="POST">
         {% csrf_token %}
         <input type="text" name="name" placeholder="Max" />
+        <input type="text" name="lastname" placeholder="Power" />
     </form>
-{% endif %}
\ No newline at end of file
+{% endif %}

From 629f2f4a037fc72f5447d95ffc52361fa842858c Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:08:56 +0100
Subject: [PATCH 2/8] Update config.yml

---
 .circleci/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 51d69ca..42d33a3 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -36,7 +36,7 @@ jobs:
       - checkout
       - heroku/install
       - heroku/deploy-via-git:
-          only-branch: master
+          only-branch: workshop
           force: true
 
 # Orchestrate or schedule a set of jobs, see https://circleci.com/docs/2.0/workflows/

From 4125e7492899f1f21a0ab7c3f7bb911497f398e2 Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:09:33 +0100
Subject: [PATCH 3/8] Update index.html

---
 vulnerable/templates/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerable/templates/index.html b/vulnerable/templates/index.html
index edfeb34..887fe4f 100644
--- a/vulnerable/templates/index.html
+++ b/vulnerable/templates/index.html
@@ -8,6 +8,6 @@ <h1>Vulnerable Application</h1>
     <form method="POST">
         {% csrf_token %}
         <input type="text" name="name" placeholder="Max" />
-        <input type="text" name="lastname" placeholder="Power" />
+        <input type="submit" />
     </form>
 {% endif %}

From d6b1eb65c3507c65389e5db23fdc363b62cde2e4 Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:29:59 +0100
Subject: [PATCH 4/8] Update requirements.txt

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 39e1640..ed05e0c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,3 @@
-django==2.1.0
+django==3.1.4
 django-heroku==0.3.1
-gunicorn==19.9.0
\ No newline at end of file
+gunicorn==19.9.0

From a18a3ed776573919bd9ba5254d01d0312abb6d5c Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:34:12 +0100
Subject: [PATCH 5/8] Update index.html

---
 vulnerable/templates/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerable/templates/index.html b/vulnerable/templates/index.html
index 887fe4f..0ff040e 100644
--- a/vulnerable/templates/index.html
+++ b/vulnerable/templates/index.html
@@ -8,6 +8,6 @@ <h1>Vulnerable Application</h1>
     <form method="POST">
         {% csrf_token %}
         <input type="text" name="name" placeholder="Max" />
-        <input type="submit" />
+        <input type="submit" value="Go for it!" />
     </form>
 {% endif %}

From 47ae88792f7f2d0b8c34e979eb0b880ebc1d83a3 Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:36:52 +0100
Subject: [PATCH 6/8] Create crashtest-9cb602e9.html

---
 crashtest-9cb602e9.html | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 crashtest-9cb602e9.html

diff --git a/crashtest-9cb602e9.html b/crashtest-9cb602e9.html
new file mode 100644
index 0000000..99c6044
--- /dev/null
+++ b/crashtest-9cb602e9.html
@@ -0,0 +1 @@
+9cb602e9-a591-4668-b245-549263a99939

From e06f0e3aa9eb58a2361d20eb70ec59cdfd7a4400 Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 15:44:25 +0100
Subject: [PATCH 7/8] Update config.yml

---
 .circleci/config.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 42d33a3..d9d97aa 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -44,3 +44,7 @@ workflows:
   workflow:
     jobs:
       - deploy
+      - sast
+      - dast:
+          requires:
+            - deploy

From c518e6b1231c66141a329475c179c45de01b5363 Mon Sep 17 00:00:00 2001
From: narayan24 <alex.wuest@webmug.de>
Date: Fri, 11 Dec 2020 16:03:07 +0100
Subject: [PATCH 8/8] Remove XSS

---
 vulnerable/templates/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerable/templates/index.html b/vulnerable/templates/index.html
index 0ff040e..4f1222f 100644
--- a/vulnerable/templates/index.html
+++ b/vulnerable/templates/index.html
@@ -1,7 +1,7 @@
 <h1>Vulnerable Application</h1>
 
 {% if name %}
-    <p>Hello {{ name | safe }}</p>
+    <p>Hello {{ name }}</p>
     <p><a href="">New Name?</a></p>
 {% else %}
     <p>What is your name?</p>