Skip to content

Commit ed70c85

Browse files
Potential fix for code scanning alert no. 4: Uncontrolled command line
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent 313d24f commit ed70c85

1 file changed

Lines changed: 6 additions & 3 deletions

File tree

src/main/java/org/owasp/benchmark/testcode/Benchmark00293.java

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,13 +63,16 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
6363

6464
String osName = System.getProperty("os.name");
6565
if (osName.indexOf("Windows") != -1) {
66+
// On Windows, use cmd.exe and pass the value as a separate argument
6667
argList.add("cmd.exe");
6768
argList.add("/c");
69+
argList.add("echo");
70+
argList.add(bar);
6871
} else {
69-
argList.add("sh");
70-
argList.add("-c");
72+
// On non-Windows, avoid invoking a shell; call echo directly
73+
argList.add("/bin/echo");
74+
argList.add(bar);
7175
}
72-
argList.add("echo " + bar);
7376

7477
ProcessBuilder pb = new ProcessBuilder();
7578

0 commit comments

Comments
 (0)