From cb594fde93eee589bdfaf4efb43316478739fe7d Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Fri, 17 May 2024 18:19:55 +0000
Subject: [PATCH 1/3] mobb fix commit: 68793482-e2a0-46ad-b85c-ce8a265288eb

---
 .../owasp/webgoat/container/AsciiDoctorTemplateResolver.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java b/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java
index a496a0acbc..f12d5bb741 100644
--- a/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java
+++ b/src/main/java/org/owasp/webgoat/container/AsciiDoctorTemplateResolver.java
@@ -55,6 +55,7 @@
 import org.thymeleaf.templateresolver.FileTemplateResolver;
 import org.thymeleaf.templateresource.ITemplateResource;
 import org.thymeleaf.templateresource.StringTemplateResource;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  * Thymeleaf resolver for AsciiDoc used in the lesson, can be used as follows inside a lesson file:
@@ -161,7 +162,7 @@ private String determineLanguage() {
     } else {
       String langHeader = request.getHeader(Headers.ACCEPT_LANGUAGE_STRING);
       if (null != langHeader) {
-        log.debug("browser locale {}", langHeader);
+        log.debug("browser locale {}", HtmlUtils.htmlEscape(String.valueOf(langHeader).replace("\n", "").replace("\r", "")));
         return langHeader.substring(0, 2);
       } else {
         log.debug("browser default english");

From 919ecb1daee38c0cc4426bdf85f989392e6b202e Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Fri, 17 May 2024 18:19:55 +0000
Subject: [PATCH 2/3] mobb fix commit: 4b1575ce-a243-4693-a332-4c1117168699

---
 .../owasp/webgoat/lessons/cryptography/SigningAssignment.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java b/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java
index ffcb739a5b..d89580eb80 100644
--- a/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java
+++ b/src/main/java/org/owasp/webgoat/lessons/cryptography/SigningAssignment.java
@@ -38,6 +38,7 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.util.HtmlUtils;
 
 @RestController
 @AssignmentHints({
@@ -78,7 +79,7 @@ public AttackResult completed(
     }
     if (!DatatypeConverter.printHexBinary(rsaPubKey.getModulus().toByteArray())
         .equals(tempModulus.toUpperCase())) {
-      log.warn("modulus {} incorrect", modulus);
+      log.warn("modulus {} incorrect", HtmlUtils.htmlEscape(String.valueOf(modulus).replace("\n", "").replace("\r", "")));
       return failed(this).feedback("crypto-signing.modulusnotok").build();
     }
     /* orginal modulus must be used otherwise the signature would be invalid */

From 4af5b090fe5d8ac3af108824369870d50e311dc4 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Fri, 17 May 2024 18:19:56 +0000
Subject: [PATCH 3/3] mobb fix commit: 63558f30-a6b0-4d86-a0e4-93e1e0526217

---
 .../java/org/owasp/webgoat/webwolf/requests/LandingPage.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java b/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java
index 7bdcc1006b..1b2aa04460 100644
--- a/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java
+++ b/src/main/java/org/owasp/webgoat/webwolf/requests/LandingPage.java
@@ -29,6 +29,7 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.util.HtmlUtils;
 
 @Controller
 @Slf4j
@@ -45,7 +46,7 @@ public class LandingPage {
       })
   public Callable<ResponseEntity<?>> ok(HttpServletRequest request) {
     return () -> {
-      log.trace("Incoming request for: {}", request.getRequestURL());
+      log.trace("Incoming request for: {}", HtmlUtils.htmlEscape(String.valueOf(request.getRequestURL()).replace("\n", "").replace("\r", "")));
       return ResponseEntity.ok().build();
     };
   }