From 219568c36923dbdae2776b804509ac56fd04f575 Mon Sep 17 00:00:00 2001
From: "mend-for-github.amrom.workers.dev[bot]"
 <50673670+mend-for-github.amrom.workers.dev[bot]@users.noreply.github.com>
Date: Wed, 11 Jun 2025 13:14:56 +0000
Subject: [PATCH] Remediated vulnerable source file:
 src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

---
 .../sqlinjection/introduction/SqlInjectionLesson2.java     | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
index 5540f31a4..6a40c9e6c 100644
--- a/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java
@@ -22,6 +22,7 @@
 
 package org.owasp.webgoat.lessons.sqlinjection.introduction;
 
+import java.sql.PreparedStatement;
 import static java.sql.ResultSet.CONCUR_READ_ONLY;
 import static java.sql.ResultSet.TYPE_SCROLL_INSENSITIVE;
 
@@ -61,8 +62,10 @@ public AttackResult completed(@RequestParam String query) {
 
   protected AttackResult injectableQuery(String query) {
     try (var connection = dataSource.getConnection()) {
-      Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
-      ResultSet results = statement.executeQuery(query);
+      String sql = "SELECT * FROM user_data WHERE userid = ?";
+      PreparedStatement statement = connection.prepareStatement(sql, TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
+      statement.setString(1, query);
+      ResultSet results = statement.executeQuery();
       StringBuilder output = new StringBuilder();
 
       results.first();