From 4ab820e1d1267883d672e1f2ffb7e3d21bd623ca Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Thu, 21 Mar 2024 20:50:37 +0100
Subject: [PATCH] feat: move CSRF to A3 (#1776)

CSRF is part of security misconfiguration in the OWASP Top 10.
---
 .github/workflows/semgrep.yml                 |  0
 .../webgoat/container/lessons/Category.java   | 30 +++++++++----------
 .../org/owasp/webgoat/lessons/csrf/CSRF.java  |  2 +-
 3 files changed, 15 insertions(+), 17 deletions(-)
 create mode 100644 .github/workflows/semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/main/java/org/owasp/webgoat/container/lessons/Category.java b/src/main/java/org/owasp/webgoat/container/lessons/Category.java
index 9fd8317da..eca864d71 100644
--- a/src/main/java/org/owasp/webgoat/container/lessons/Category.java
+++ b/src/main/java/org/owasp/webgoat/container/lessons/Category.java
@@ -34,30 +34,28 @@ import lombok.Getter;
  * @since October 28, 2003
  */
 public enum Category {
-  INTRODUCTION("Introduction", 5),
-  GENERAL("General", 100),
+  INTRODUCTION("Introduction"),
+  GENERAL("General"),
 
-  A1("(A1) Broken Access Control", 301),
-  A2("(A2) Cryptographic Failures", 302),
-  A3("(A3) Injection", 303),
+  A1("(A1) Broken Access Control"),
+  A2("(A2) Cryptographic Failures"),
+  A3("(A3) Injection"),
 
-  A5("(A5) Security Misconfiguration", 305),
-  A6("(A6) Vuln & Outdated Components", 306),
-  A7("(A7) Identity & Auth Failure", 307),
-  A8("(A8) Software & Data Integrity", 308),
-  A9("(A9) Security Logging Failures", 309),
-  A10("(A10) Server-side Request Forgery", 310),
+  A5("(A5) Security Misconfiguration"),
+  A6("(A6) Vuln & Outdated Components"),
+  A7("(A7) Identity & Auth Failure"),
+  A8("(A8) Software & Data Integrity"),
+  A9("(A9) Security Logging Failures"),
+  A10("(A10) Server-side Request Forgery"),
 
-  CLIENT_SIDE("Client side", 1700),
+  CLIENT_SIDE("Client side"),
 
-  CHALLENGE("Challenges", 3000);
+  CHALLENGE("Challenges");
 
   @Getter private String name;
-  @Getter private Integer ranking;
 
-  Category(String name, Integer ranking) {
+  Category(String name) {
     this.name = name;
-    this.ranking = ranking;
   }
 
   @Override
diff --git a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java
index 73fa55bda..ca36da3e5 100644
--- a/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java
+++ b/src/main/java/org/owasp/webgoat/lessons/csrf/CSRF.java
@@ -31,7 +31,7 @@ import org.springframework.stereotype.Component;
 public class CSRF extends Lesson {
   @Override
   public Category getDefaultCategory() {
-    return Category.A10;
+    return Category.A5;
   }
 
   @Override