delete trigger scan

.github/workflows/checkmarx-one.yml

@@ -21,17 +21,15 @@ on:
     branches: [ "master" ]
   push:
     branches: [ "master" ]
-permissions:
-  contents: read
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
   build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif
+  #  permissions:
+  #    contents: write # for actions/checkout to fetch code
+  #    security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  #    actions: write # only required for a private repository by github/codeql-action/upload-sarif
 
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
@@ -49,7 +47,7 @@ jobs:
           cx_client_id: ${{ secrets.AST_CLIENT_ID }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_client_secret: ${{ secrets.AST_CLIENT_SECRET }} # This should be created within your Checkmarx One account : https://checkmarx.com/resource/documents/en/34965-118315-authentication-for-checkmarx-one-cli.html#UUID-a4e31a96-1f36-6293-e95a-97b4b9189060_UUID-4123a2ff-32d0-2287-8dd2-3c36947f675e
           cx_tenant: ${{ secrets.TENANT }} # This should be replaced by your tenant for Checkmarx One
-          additional_params:  --report-format sarif --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
+          additional_params: --scan-types sast --report-format sarif --output-path . --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v2
         with:

README.md

@@ -77,5 +77,4 @@ How to Use/Setup ?
 Get the VulnerableSpring Project from here:
 https://github.com/CSPF-Founder/VulnerableSpring
 
-trigger scan
 

src/main/webapp/vulnerability/forum.jsp

@@ -45,13 +45,13 @@
                                         {
                                            Statement stmt = con.createStatement();   
                                            //Posting Content
-                                           stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')");
-                                           //String sql = "INSERT into posts(content,title,user) values (?,?,?)"
-											//PreparedStatement prepStmt = con.preparedStatement(sql);
-											//prepStmt.setString(1,content);
-											//prepStmt.setString(2,title);
-											//prepStmt.setString(3,user);
-											//prepStmt.executeQuery();
+                                           //stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')");
+                                           String sql = "INSERT into posts(content,title,user) values (?,?,?)"
+											PreparedStatement prepStmt = con.preparedStatement(sql);
+											prepStmt.setString(1,content);
+											prepStmt.setString(2,title);
+											prepStmt.setString(3,user);
+											prepStmt.executeQuery();
                                             out.print("Successfully posted");
                                         }
                                     }