fixed issue with flow state-bn3

[conikeec]

No description provided.

[github-actions]

Checking analysis of application shiftleft-java-demo against 1 build rules.

Using sl version 0.9.2497 (0632665920e93cc9bd5b2aa9f1d3709e524cf697).

Checking findings on scan 78.

Results per rule:

• No critical or high SAST findings: FAIL
  (24 matched vulnerabilities; configured threshold is 0).

  First 5 findings:

  ID	CVSS	Rating	Title
  1020	9.0	critical	Remote Code Execution: Code Injection Through Attacker-controlled Data via foo in SearchController.doGetSearch
  1021	9.0	critical	Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.checkCookie
  1022	9.0	critical	Directory Traversal: Attacker-controlled Data Used in File Path via request in CustomerController.saveSettings
  804	8.0	high	Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via foo in SearchController.doGetSearch
  922	8.0	high	Cross-Site Scripting: Attacker-Controlled Data Used as HTML Content via phoneNumber in CustomerController.debug

  Severity rating	Count
  Critical	3
  High	21
  Medium	0
  Low	0

  Category	Count
  Sensitive Data Leak	12
  Cross-Site Scripting	8
  Directory Traversal	2
  Remote Code Execution	1
  Deserialization	1

  OWASP 2021 Category	Count
  A01-Broken-Access-Control	14
  A03-Injection	9
  A08-Software-And-Data-Integrity-Failures	1

1 rule failed.