From 5e507b4e3b63b4e7cc7b446a75d2ff739949825e Mon Sep 17 00:00:00 2001
From: Chuck Aude <21095583+chuckaude@users.noreply.github.com>
Date: Tue, 30 Sep 2025 06:23:35 -0700
Subject: [PATCH] add CommandInjection.java

---
 src/main/java/CommandInjection.java | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 src/main/java/CommandInjection.java

diff --git a/src/main/java/CommandInjection.java b/src/main/java/CommandInjection.java
new file mode 100644
index 00000000..26162af8
--- /dev/null
+++ b/src/main/java/CommandInjection.java
@@ -0,0 +1,13 @@
+// https://documentation.blackduck.com/bundle/coverity-docs/page/checker-ref/checkers/NO/os_cmd_injection.html
+
+import java.io.*;
+import javax.servlet.http.HttpServletRequest;
+
+public class CommandInjection {
+    public static Process runCmd(HttpServletRequest request) throws IOException {
+        String filename = request.getParameter("filename");
+        ProcessBuilder builder = new ProcessBuilder("cat", filename);
+        Process process = builder.start();
+        return(process);
+    }
+}