corrected package. added new java class

[cyates-checkmarx]

Thank you for submitting a pull request to the WebGoat!

[cyates-checkmarx]

Checkmarx One – Scan Summary & Details – eb49cda1-c68f-4190-a606-1ff2e3fc3308

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeUpdate, at line 158 of /SqlInjectionLesson12.java. The application constructs this SQL ... Attack Vector
	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeQuery, at line 78 of /SqlInjectionLesson12.java. The application constructs this SQL qu... Attack Vector
	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeUpdate, at line 158 of /SqlInjectionLesson12.java. The application constructs this SQL ... Attack Vector
	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeQuery, at line 78 of /SqlInjectionLesson12.java. The application constructs this SQL qu... Attack Vector
	Chown Flag Exists	/dockerfile: 14	details It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only e...

Fixed Issues (15)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2015-9235	Npm-jsonwebtoken-0.1.0
	CVE-2020-15084	Npm-express-jwt-0.1.3
	Cxffc79d87-98d9	Npm-jws-0.2.6
	CVE-2016-1000223	Npm-jws-0.2.6
	CVE-2017-18214	Npm-moment-2.0.0
	CVE-2022-23539	Npm-jsonwebtoken-0.1.0
	CVE-2022-23540	Npm-jsonwebtoken-0.1.0
	CVE-2022-24785	Npm-moment-2.0.0
	Cxdd801a12-8c33	Npm-jsonwebtoken-0.1.0
	CVE-2016-4055	Npm-moment-2.0.0
	CVE-2022-23541	Npm-jsonwebtoken-0.1.0
	Cx5c009a1a-2054	Npm-moment-2.0.0
	Cx7c42edbf-d5f1	Npm-base64url-0.0.6
	Use_Of_Hardcoded_Password	/LogParser.java: 13
	Use_Of_Hardcoded_Password	/LogParser.java: 13

Policy Management Violations (2)

Policy Name: Net New

The following violations of your team's AppSec policy rules were identified in this project. Since 'Break Build' is enabled for these rules, you must resolve these issues before the Pull Request can be merged.

• Rule Name: New vulnerability of Critical severity level detected
  Scanner: SAST,SCA,IaC-Security

Policy Name: Critical SAST

• Rule Name: Critical
  Scanner: SAST
  Entity: Vulnerability
  Conditions(s): Critical >= 1

  Severity	Issue	Source File / Package	Checkmarx Insight
  	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeUpdate, at line 158 of /SqlInjectionLesson12.java. The application constructs this SQL ... Attack Vector
  	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeQuery, at line 78 of /SqlInjectionLesson12.java. The application constructs this SQL qu... Attack Vector
  	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeUpdate, at line 158 of /SqlInjectionLesson12.java. The application constructs this SQL ... Attack Vector
  	SQL_Injection	/SqlInjectionLesson12.java: 59	details The application's method executes an SQL query with executeQuery, at line 78 of /SqlInjectionLesson12.java. The application constructs this SQL qu... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/RegistrationController.java: 54	details The application's method executes an SQL query with execute, at line 52 of /src/main/java/org/owasp/webgoat/container/users/UserService.java. The ... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java: 52	details The application's method executes an SQL query with executeQuery, at line 88 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/Sql... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java: 54	details The application's method executes an SQL query with executeQuery, at line 84 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java: 47	details The application's method executes an SQL query with executeQuery, at line 88 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/Sql... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java: 60	details The application's method executes an SQL query with executeQuery, at line 88 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/Sql... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60	details The application's method executes an SQL query with executeUpdate, at line 158 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introducti... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60	details The application's method executes an SQL query with execute, at line 81 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlI... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60	details The application's method executes an SQL query with executeUpdate, at line 158 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introducti... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java: 60	details The application's method executes an SQL query with execute, at line 81 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlI... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59	details The application's method executes an SQL query with executeUpdate, at line 158 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introducti... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59	details The application's method executes an SQL query with executeQuery, at line 78 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59	details The application's method executes an SQL query with executeUpdate, at line 158 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introducti... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java: 59	details The application's method executes an SQL query with executeQuery, at line 78 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java: 58	details The application's method executes an SQL query with executeQuery, at line 71 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55	details The application's method executes an SQL query with executeQuery, at line 67 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55	details The application's method executes an SQL query with executeQuery, at line 67 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java: 55	details The application's method executes an SQL query with executeQuery, at line 67 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java: 50	details The application's method executes an SQL query with executeQuery, at line 65 of /src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Ass... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java: 50	details The application's method executes an SQL query with executeQuery, at line 65 of /src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Ass... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5.java: 70	details The application's method executes an SQL query with executeQuery, at line 80 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java: 58	details The application's method executes an SQL query with executeQuery, at line 65 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java: 57	details The application's method executes an SQL query with executeQuery, at line 69 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/Sql... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java: 54	details The application's method executes an SQL query with executeUpdate, at line 62 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introductio... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java: 53	details The application's method executes an SQL query with executeUpdate, at line 63 of /src/main/java/org/owasp/webgoat/lessons/sqlinjection/introductio... Attack Vector
  	SQL_Injection	/src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeaderKIDEndpoint.java: 86	details The application's method executes an SQL query with executeQuery, at line 91 of /src/main/java/org/owasp/webgoat/lessons/jwt/claimmisuse/JWTHeader... Attack Vector
  	Second_Order_SQL_Injection	/src/main/java/org/owasp/webgoat/container/users/UserService.java: 42	details The application's method executes an SQL query with BinaryExpr, at line 52 of /src/main/java/org/owasp/webgoat/container/users/UserService.java. T... Attack Vector