From 23f82ec364383f3ec51e29f4d479a1880efb3420 Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Wed, 25 Feb 2026 17:54:43 +0000
Subject: [PATCH 1/7] Update

---
 C#/obj/Debug/net8.0/c2.AssemblyInfo.cs        |  2 +-
 .../Debug/net8.0/c2.AssemblyInfoInputs.cache  |  2 +-
 python/django.py                              | 22 +++++++++----------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/C#/obj/Debug/net8.0/c2.AssemblyInfo.cs b/C#/obj/Debug/net8.0/c2.AssemblyInfo.cs
index 7b817e5..d68b696 100644
--- a/C#/obj/Debug/net8.0/c2.AssemblyInfo.cs
+++ b/C#/obj/Debug/net8.0/c2.AssemblyInfo.cs
@@ -13,7 +13,7 @@
 [assembly: System.Reflection.AssemblyCompanyAttribute("c2")]
 [assembly: System.Reflection.AssemblyConfigurationAttribute("Debug")]
 [assembly: System.Reflection.AssemblyFileVersionAttribute("1.0.0.0")]
-[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0+0d4214d8d957a44663e1f74da0bdea0972a27726")]
+[assembly: System.Reflection.AssemblyInformationalVersionAttribute("1.0.0+25af4e3c57f5abb8d44bfbea227fbb54cf05b8ba")]
 [assembly: System.Reflection.AssemblyProductAttribute("c2")]
 [assembly: System.Reflection.AssemblyTitleAttribute("c2")]
 [assembly: System.Reflection.AssemblyVersionAttribute("1.0.0.0")]
diff --git a/C#/obj/Debug/net8.0/c2.AssemblyInfoInputs.cache b/C#/obj/Debug/net8.0/c2.AssemblyInfoInputs.cache
index 4450a45..2cdefab 100644
--- a/C#/obj/Debug/net8.0/c2.AssemblyInfoInputs.cache
+++ b/C#/obj/Debug/net8.0/c2.AssemblyInfoInputs.cache
@@ -1 +1 @@
-e42c94a693dd68ab4e838e9363900efb3eabd2d7217a54e4c2aa5e9f95858206
+36a662ff3cfb3e1f65da1c94942d2800c393361abfd38b1cb1a61b0fb99a1e08
diff --git a/python/django.py b/python/django.py
index 3beac97..73475f0 100644
--- a/python/django.py
+++ b/python/django.py
@@ -22,17 +22,17 @@ def created(self, obj):
         return obj.timestamp.strftime('%Y-%m-%d %H:%M:%S')
     created.short_description = 'Created'
 
-    def user_url(self, obj):
-        if obj.actor:
-            app_label, model = settings.AUTH_USER_MODEL.split('.')
-            viewname = 'admin:%s_%s_change' % (app_label, model.lower())
-            try:
-                link = urlresolvers.reverse(viewname, args=[obj.actor.id])
-            except NoReverseMatch:
-                return u'%s' % (obj.actor)
-            return format_html(u'<a href="{}">{}</a>', link, obj.actor)
-
-        return 'system'
+    # def user_url(self, obj):
+    #     if obj.actor:
+    #         app_label, model = settings.AUTH_USER_MODEL.split('.')
+    #         viewname = 'admin:%s_%s_change' % (app_label, model.lower())
+    #         try:
+    #             link = urlresolvers.reverse(viewname, args=[obj.actor.id])
+    #         except NoReverseMatch:
+    #             return u'%s' % (obj.actor)
+    #         return format_html(u'<a href="{}">{}</a>', link, obj.actor)
+
+        # return 'system'
     user_url.short_description = 'User'
 
     def msg_short(self, obj):

From 0957b897a17177b64f19e3b42eb304b7b505a4a2 Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Wed, 25 Feb 2026 17:58:14 +0000
Subject: [PATCH 2/7] Update p1.py

---
 python/p1.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/python/p1.py b/python/p1.py
index 1801a95..2e4afb7 100644
--- a/python/p1.py
+++ b/python/p1.py
@@ -1,11 +1,11 @@
 # Vulnerability 1: SQL Injection (CWE-89)
-def get_user(username):
-    import sqlite3
-    conn = sqlite3.connect('users.db')
-    cursor = conn.cursor()
-    query = "SELECT * FROM users WHERE username = '" + username + "'"  # SQLi
-    cursor.execute(query)
-    return cursor.fetchall()
+# def get_user(username):
+#     import sqlite3
+#     conn = sqlite3.connect('users.db')
+#     cursor = conn.cursor()
+#     query = "SELECT * FROM users WHERE username = '" + username + "'"  # SQLi
+#     cursor.execute(query)
+#     return cursor.fetchall()
 
 # Vulnerability 2: Command Injection (CWE-78)
 def ping_host(host):

From 09992ced38ed5b23ff359aa0f5d7f0e1ae181449 Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Wed, 25 Feb 2026 18:01:17 +0000
Subject: [PATCH 3/7] Update p4.py

---
 python/p4.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/python/p4.py b/python/p4.py
index 80ec24c..278bd35 100644
--- a/python/p4.py
+++ b/python/p4.py
@@ -15,15 +15,15 @@ def init_db():
 @app.route("/user")
 def user():
     init_db()
-    username = request.args.get("username", "")
-    # WARNING: vulnerable to SQL injection
-    query = "SELECT id, username FROM users WHERE username = '%s'" % username
-    conn = sqlite3.connect(DB)
-    cursor = conn.cursor()
-    cursor.execute(query)
-    row = cursor.fetchone()
-    conn.close()
-    return str(row)
+    # username = request.args.get("username", "")
+    # # WARNING: vulnerable to SQL injection
+    # query = "SELECT id, username FROM users WHERE username = '%s'" % username
+    # conn = sqlite3.connect(DB)
+    # cursor = conn.cursor()
+    # cursor.execute(query)
+    # row = cursor.fetchone()
+    # conn.close()
+    # return str(row)
 # # LOW #1: TLS certificate verification disabled
 # @app.route("/proxy")
 # def proxy():

From a78b8f6ce771f2ce374c4b7d55818d5c12e9190a Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Wed, 25 Feb 2026 18:03:02 +0000
Subject: [PATCH 4/7] Update p4.py

---
 python/p4.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/python/p4.py b/python/p4.py
index 278bd35..80ec24c 100644
--- a/python/p4.py
+++ b/python/p4.py
@@ -15,15 +15,15 @@ def init_db():
 @app.route("/user")
 def user():
     init_db()
-    # username = request.args.get("username", "")
-    # # WARNING: vulnerable to SQL injection
-    # query = "SELECT id, username FROM users WHERE username = '%s'" % username
-    # conn = sqlite3.connect(DB)
-    # cursor = conn.cursor()
-    # cursor.execute(query)
-    # row = cursor.fetchone()
-    # conn.close()
-    # return str(row)
+    username = request.args.get("username", "")
+    # WARNING: vulnerable to SQL injection
+    query = "SELECT id, username FROM users WHERE username = '%s'" % username
+    conn = sqlite3.connect(DB)
+    cursor = conn.cursor()
+    cursor.execute(query)
+    row = cursor.fetchone()
+    conn.close()
+    return str(row)
 # # LOW #1: TLS certificate verification disabled
 # @app.route("/proxy")
 # def proxy():

From ea3cc9616adb423a829efd21807af35c328c5e57 Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Fri, 27 Feb 2026 17:13:00 +0000
Subject: [PATCH 5/7] Create P11.py

---
 python/P11.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 python/P11.py

diff --git a/python/P11.py b/python/P11.py
new file mode 100644
index 0000000..74ee5a4
--- /dev/null
+++ b/python/P11.py
@@ -0,0 +1,26 @@
+# sql_injection.py
+import sqlite3
+from flask import Flask, request
+
+app = Flask(__name__)
+DB = "test.db"
+
+# def init_db():
+#     conn = sqlite3.connect(DB)
+#     conn.execute("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT, password TEXT)")
+#     conn.execute("INSERT OR IGNORE INTO users (id, username, password) VALUES (1, 'alice', 'passw0rd')")
+#     conn.commit()
+#     conn.close()
+
+# @app.route("/user")
+# def user():
+#     init_db()
+#     username = request.args.get("username", "")
+#     # WARNING: vulnerable to SQL injection
+#     query = "SELECT id, username FROM users WHERE username = '%s'" % username
+#     conn = sqlite3.connect(DB)
+#     cursor = conn.cursor()
+#     cursor.execute(query)
+#     row = cursor.fetchone()
+#     conn.close()
+#     return str(row)
\ No newline at end of file

From 18a549159efd196c24fb67f76858a9fea251badd Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Fri, 27 Feb 2026 17:19:27 +0000
Subject: [PATCH 6/7] Update P11.py

---
 python/P11.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/python/P11.py b/python/P11.py
index 74ee5a4..26d34d6 100644
--- a/python/P11.py
+++ b/python/P11.py
@@ -23,4 +23,17 @@
 #     cursor.execute(query)
 #     row = cursor.fetchone()
 #     conn.close()
-#     return str(row)
\ No newline at end of file
+#     return str(row)
+
+def render_template(template_str, user_input):
+    return template_str.replace("{{user}}", user_input)
+
+def list_directory(directory):
+    return subprocess.check_output(f"ls {directory}", shell=True)
+
+def jsonp_callback(request):
+    callback = request.GET.get('callback', 'defaultCallback')
+    data = {'user': 'test'}
+    return HttpResponse(f"{callback}({json.dumps(data)})")
+
+def parse_xml(xml_data):
\ No newline at end of file

From bfa8cb907e430ef3c6f1ee2eca5fbd20ce4a3560 Mon Sep 17 00:00:00 2001
From: Roozbeh Nosrati <roozbeh.nosrati@optimizely.com>
Date: Fri, 27 Feb 2026 17:22:08 +0000
Subject: [PATCH 7/7] Create p12.py

---
 python/p12.py | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 python/p12.py

diff --git a/python/p12.py b/python/p12.py
new file mode 100644
index 0000000..e69de29