From 2153f2f26c10ac864c9d9edb96929c906b41b335 Mon Sep 17 00:00:00 2001
From: webpwnized <webpwnized@gmail.com>
Date: Tue, 22 Oct 2024 20:36:01 -0400
Subject: [PATCH] 2.11.23 Update the StackHawk scan action script

---
 .../scan-application-with-stackhawk.yml          | 16 ++++++++++++++--
 src/webservices/rest/ws-user-account.php         |  4 ++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scan-application-with-stackhawk.yml b/.github/workflows/scan-application-with-stackhawk.yml
index f117e40..38578f2 100644
--- a/.github/workflows/scan-application-with-stackhawk.yml
+++ b/.github/workflows/scan-application-with-stackhawk.yml
@@ -95,7 +95,7 @@ jobs:
       - uses: actions/setup-java@main
         with:
           distribution: 'temurin'
-          java-version: '21'
+          java-version: '17'
 
       # Step 8: Run StackHawk Scan
       - name: Run StackHawk Scan
@@ -104,5 +104,17 @@ jobs:
           workspace: mutillidae  # Path to the workspace.
           apiKey: ${{ secrets.HAWK_API_KEY }}     # Secret key for authentication.
           configurationFiles: .github/workflows/config/stackhawk.yml  # Path to configuration file relative to workspace.
-          codeScanningAlerts: true   # Enable code scanning alerts.
           githubToken: ${{ github.token }}   # GitHub token for authentication to Code Scanning Alerts
+        env:
+          APP_ID: ${{ secrets.HAWK_APP_ID }}
+          NO_PROGRESS: true
+          SARIF_ARTIFACT: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@main
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: stackhawk.sarif
+          # Optional category for the results
+          # Used to differentiate multiple results for one commit
+          category: StackHawk
\ No newline at end of file
diff --git a/src/webservices/rest/ws-user-account.php b/src/webservices/rest/ws-user-account.php
index 3d735d7..63fff8d 100755
--- a/src/webservices/rest/ws-user-account.php
+++ b/src/webservices/rest/ws-user-account.php
@@ -219,8 +219,8 @@ function jsonEncodeQueryResults($pQueryResult){
 				/* $_POST array is not auto-populated for DELETE method. Parse input into an array. */
 				populatePOSTSuperGlobal();
 
-				$lAccountUsername = getPOSTParameter("username", TRUE);
-				$lAccountPassword = getPOSTParameter("password", TRUE);
+				$lAccountUsername = getPOSTParameter("username", true);
+				$lAccountPassword = getPOSTParameter("password", true);
 
 				if($SQLQueryHandler->accountExists($lAccountUsername)){