A to-do application written in the C# programming language. It was built for software security teaching purposes, therefore it is deliberately vulnerable to:
- Sql-injection
- Cross-site scripting
The vulnerabilities fixing was implemented on the following branches:
- fix/sql-injection
- fix/xss
C:\> git clone git@github.com:gomesluiz/ToDotNet.git
C:\> cd ToDotNet
C:\ToDotNet> dotnet tool install --global dotnet-ef
C:\ToDotNet> dotnet ef migrations add InitialMigration
C:\ToDotNet>dotnet add package HtmlSanitizer --version 8.0.645
C:\ToDotNet> dotnet ef database update
C:\ToDotNet> dotnet run
To access the application, click on http://localhost:5096.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.