feat: Updated src/main/java/org/owasp/webgoat/less

qdw1987 · Jan 9, 2024 · 3aa6c65 · 3aa6c65
1 parent 8dc8989
commit 3aa6c65
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java b/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java
@@ -36,11 +36,13 @@
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
+import org.slf4j.Logger; import org.slf4j.LoggerFactory;
 
 @RestController
 @AssignmentHints(value = {"SqlStringInjectionHint.10.1", "SqlStringInjectionHint.10.2", "SqlStringInjectionHint.10.3", "SqlStringInjectionHint.10.4", "SqlStringInjectionHint.10.5", "SqlStringInjectionHint.10.6"})
 public class SqlInjectionLesson10 extends AssignmentEndpoint {
 
+    private static final Logger logger = LoggerFactory.getLogger(SqlInjectionLesson10.class);
     private final LessonDataSource dataSource;
 
     public SqlInjectionLesson10(LessonDataSource dataSource) {
@@ -64,6 +66,7 @@ protected AttackResult injectableQueryAvailability(String action) {
 
                 if (results.getStatement() != null) {
                     results.first();
+                    logger.info("SQL injection vulnerability in injectableQueryAvailability method of SqlInjectionLesson10 class");
                     output.append(SqlInjectionLesson8.generateTable(results));
                     return failed(this).feedback("sql-injection.10.entries").output(output.toString()).build();
                 } else {