From 8c6c7b0f67fff798e96711fe97f0f1d2f2d5cb39 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Wed, 3 Jul 2024 19:25:11 +0000
Subject: [PATCH 1/2] mobb fix commit: 3d6f2aff-cffa-4dfa-832c-1e28215989b3

---
 .../org/dummy/insecure/framework/VulnerableTaskHolder.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
index 98c37a64e2..011f9168f9 100644
--- a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
+++ b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
@@ -7,6 +7,7 @@
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.util.HtmlUtils;
 
 @Slf4j
 // TODO move back to lesson
@@ -47,7 +48,7 @@ private void readObject(ObjectInputStream stream) throws Exception {
 
     // do something with the data
     log.info("restoring task: {}", taskName);
-    log.info("restoring time: {}", requestedExecutionTime);
+    log.info("restoring time: {}", HtmlUtils.htmlEscape(String.valueOf(requestedExecutionTime).replace("\n", "").replace("\r", "")));
 
     if (requestedExecutionTime != null
         && (requestedExecutionTime.isBefore(LocalDateTime.now().minusMinutes(10))

From 93a444caf43f0a6c457fdc7d5e61ebc1d34748bc Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Wed, 3 Jul 2024 19:25:11 +0000
Subject: [PATCH 2/2] mobb fix commit: 7d0c8307-5b74-4d01-8361-77d1724810fc

---
 .../java/org/dummy/insecure/framework/VulnerableTaskHolder.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
index 011f9168f9..9c65e413c5 100644
--- a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
+++ b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
@@ -61,7 +61,7 @@ private void readObject(ObjectInputStream stream) throws Exception {
     // condition is here to prevent you from destroying the goat altogether
     if ((taskAction.startsWith("sleep") || taskAction.startsWith("ping"))
         && taskAction.length() < 22) {
-      log.info("about to execute: {}", taskAction);
+      log.info("about to execute: {}", HtmlUtils.htmlEscape(String.valueOf(taskAction).replace("\n", "").replace("\r", "")));
       try {
         Process p = Runtime.getRuntime().exec(taskAction);
         BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));