chuckaude-org · chuckaude · Dec 8, 2025 · github-actions · Dec 8, 2025
diff --git a/src/main/java/CommandInjection.java b/src/main/java/CommandInjection.java
@@ -0,0 +1,13 @@
+// https://documentation.blackduck.com/bundle/coverity-docs/page/checker-ref/checkers/NO/os_cmd_injection.html
+
+import java.io.*;
+import javax.servlet.http.HttpServletRequest;
+
+public class CommandInjection {
+    public static Process runCmd(HttpServletRequest request) throws IOException {
+        String filename = request.getParameter("filename");
+        ProcessBuilder builder = new ProcessBuilder("cat", filename);
+        Process process = builder.start();
+        return(process);
+    }
+}