add Dockerfile

[cx-sean-casey]

No description provided.

[cx-sean-casey]

Checkmarx One – Scan Summary & Details – fbefc24f-f11a-459c-93da-14bbe78988d0

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Unpinned Actions Full Length Commit SHA	/main.yml: 29	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Unpinned Actions Full Length Commit SHA	/main.yml: 28

Policy Management Violations (2)

Policy Name: test3

• Rule Name: no highs
  Scanner: SAST
  Entity: Vulnerability
  Conditions(s): High > 1

  Severity	Issue	Source File / Package	Checkmarx Insight
  	HttpOnly_Cookie_Flag_Not_Set_In_Config	/WebGoat/Web.config: 45	details The /WebGoat/Web.config application configuration file, at line 45, does not define sensitive application cookies with the "httpOnly" flag, which c... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/ProductDetails.aspx: 19	details The method Checkmarx_Container embeds untrusted data in generated output with Write, at line 19 of /WebGoat/WebGoatCoins/ProductDetails.aspx. This ... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/CustomerLogin.aspx: 9	details The method Checkmarx_Container embeds untrusted data in generated output with Write, at line 9 of /WebGoat/WebGoatCoins/CustomerLogin.aspx. This un... Attack Vector
  	Reflected_XSS	/WebGoat/Content/SQLInjectionDiscovery.aspx.cs: 27	details The method btnFind_Click embeds untrusted data in generated output with Text, at line 30 of /WebGoat/Content/SQLInjectionDiscovery.aspx.cs. This un... Attack Vector
  	Reflected_XSS	/WebGoat/Content/UploadPathManipulation.aspx.cs: 26	details The method btnUpload_Click embeds untrusted data in generated output with Text, at line 26 of /WebGoat/Content/UploadPathManipulation.aspx.cs. This... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/Orders.aspx.cs: 114	details The method GridView1_RowDataBound embeds untrusted data in generated output with Text, at line 114 of /WebGoat/WebGoatCoins/Orders.aspx.cs. This un... Attack Vector
  	Reflected_XSS	/WebGoat/Content/HeaderInjection.aspx.cs: 33	details The method Page_Load embeds untrusted data in generated output with Text, at line 33 of /WebGoat/Content/HeaderInjection.aspx.cs. This untrusted da... Attack Vector
  	Reflected_XSS	/WebGoat/Content/ReflectedXSS.aspx.cs: 20	details The method LoadCity embeds untrusted data in generated output with Text, at line 26 of /WebGoat/Content/ReflectedXSS.aspx.cs. This untrusted data i... Attack Vector
  	Reflected_XSS	/WebGoat/Content/PathManipulation.aspx.cs: 33	details The method Page_Load embeds untrusted data in generated output with Text, at line 43 of /WebGoat/Content/PathManipulation.aspx.cs. This untrusted d... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/Orders.aspx.cs: 62	details The method Page_Load embeds untrusted data in generated output with Text, at line 83 of /WebGoat/WebGoatCoins/Orders.aspx.cs. This untrusted data i... Attack Vector
  	XPath_Injection	/WebGoat/Content/XPathInjection.aspx.cs: 20	details The application's FindSalesPerson method constructs an XPath query, for navigating an XML document. The XPath query is created with BinaryExpr, at ... Attack Vector

Policy Name: No Highs Break Build

The following violations of your team's AppSec policy rules were identified in this project. Since 'Break Build' is enabled for these rules, you must resolve these issues before the Pull Request can be merged.

• Rule Name: no SAST Highs
  Scanner: SAST
  Entity: Vulnerability
  Conditions(s): High >= 1

  Severity	Issue	Source File / Package	Checkmarx Insight
  	HttpOnly_Cookie_Flag_Not_Set_In_Config	/WebGoat/Web.config: 45	details The /WebGoat/Web.config application configuration file, at line 45, does not define sensitive application cookies with the "httpOnly" flag, which c... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/ProductDetails.aspx: 19	details The method Checkmarx_Container embeds untrusted data in generated output with Write, at line 19 of /WebGoat/WebGoatCoins/ProductDetails.aspx. This ... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/CustomerLogin.aspx: 9	details The method Checkmarx_Container embeds untrusted data in generated output with Write, at line 9 of /WebGoat/WebGoatCoins/CustomerLogin.aspx. This un... Attack Vector
  	Reflected_XSS	/WebGoat/Content/SQLInjectionDiscovery.aspx.cs: 27	details The method btnFind_Click embeds untrusted data in generated output with Text, at line 30 of /WebGoat/Content/SQLInjectionDiscovery.aspx.cs. This un... Attack Vector
  	Reflected_XSS	/WebGoat/Content/UploadPathManipulation.aspx.cs: 26	details The method btnUpload_Click embeds untrusted data in generated output with Text, at line 26 of /WebGoat/Content/UploadPathManipulation.aspx.cs. This... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/Orders.aspx.cs: 114	details The method GridView1_RowDataBound embeds untrusted data in generated output with Text, at line 114 of /WebGoat/WebGoatCoins/Orders.aspx.cs. This un... Attack Vector
  	Reflected_XSS	/WebGoat/Content/HeaderInjection.aspx.cs: 33	details The method Page_Load embeds untrusted data in generated output with Text, at line 33 of /WebGoat/Content/HeaderInjection.aspx.cs. This untrusted da... Attack Vector
  	Reflected_XSS	/WebGoat/Content/ReflectedXSS.aspx.cs: 20	details The method LoadCity embeds untrusted data in generated output with Text, at line 26 of /WebGoat/Content/ReflectedXSS.aspx.cs. This untrusted data i... Attack Vector
  	Reflected_XSS	/WebGoat/Content/PathManipulation.aspx.cs: 33	details The method Page_Load embeds untrusted data in generated output with Text, at line 43 of /WebGoat/Content/PathManipulation.aspx.cs. This untrusted d... Attack Vector
  	Reflected_XSS	/WebGoat/WebGoatCoins/Orders.aspx.cs: 62	details The method Page_Load embeds untrusted data in generated output with Text, at line 83 of /WebGoat/WebGoatCoins/Orders.aspx.cs. This untrusted data i... Attack Vector
  	XPath_Injection	/WebGoat/Content/XPathInjection.aspx.cs: 20	details The application's FindSalesPerson method constructs an XPath query, for navigating an XML document. The XPath query is created with BinaryExpr, at ... Attack Vector