From 42249efddad6b58e6fc777ce4401d640949b5cfb Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Tue, 21 May 2024 13:21:23 +0000
Subject: [PATCH 1/2] mobb fix commit: bf9b6ca8-b444-419b-98a4-6d114f5dc77c

---
 .../org/dummy/insecure/framework/VulnerableTaskHolder.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
index 98c37a64e2..a4f29ec97b 100644
--- a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
+++ b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
@@ -7,6 +7,7 @@
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.util.HtmlUtils;
 
 @Slf4j
 // TODO move back to lesson
@@ -60,7 +61,7 @@ private void readObject(ObjectInputStream stream) throws Exception {
     // condition is here to prevent you from destroying the goat altogether
     if ((taskAction.startsWith("sleep") || taskAction.startsWith("ping"))
         && taskAction.length() < 22) {
-      log.info("about to execute: {}", taskAction);
+      log.info("about to execute: {}", HtmlUtils.htmlEscape(String.valueOf(taskAction).replace("\n", "").replace("\r", "")));
       try {
         Process p = Runtime.getRuntime().exec(taskAction);
         BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));

From 202db21ce7f98c65951ea58ab407c7812afcf884 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Tue, 21 May 2024 13:21:23 +0000
Subject: [PATCH 2/2] mobb fix commit: 608ac35b-c885-478a-b92c-ab27c4ec3606

---
 .../java/org/dummy/insecure/framework/VulnerableTaskHolder.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
index a4f29ec97b..9c65e413c5 100644
--- a/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
+++ b/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java
@@ -48,7 +48,7 @@ private void readObject(ObjectInputStream stream) throws Exception {
 
     // do something with the data
     log.info("restoring task: {}", taskName);
-    log.info("restoring time: {}", requestedExecutionTime);
+    log.info("restoring time: {}", HtmlUtils.htmlEscape(String.valueOf(requestedExecutionTime).replace("\n", "").replace("\r", "")));
 
     if (requestedExecutionTime != null
         && (requestedExecutionTime.isBefore(LocalDateTime.now().minusMinutes(10))