nyx/tests/dynamic_fixtures/message_handler/sqs_java/Vuln.java

// Phase 20 (Track M.2) — SQS Java vuln fixture.

import io.awspring.cloud.sqs.annotation.SqsListener;

public class Vuln {
    public Vuln() {}

    @SqsListener("jobs")
    public void handleMessage(java.util.Map<String, String> env) throws Exception {
        String body = env != null ? env.getOrDefault("Body", "") : "";
        // SINK: tainted Body concatenated into shell command
        new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();
    }
}
[pitboss] phase 20: Track M.2 — `MessageHandler` end-to-end (Kafka / SQS / Pub-Sub / NATS / RabbitMQ) 2026-05-20 16:03:40 -05:00			`// Phase 20 (Track M.2) — SQS Java vuln fixture.`
refactor(dynamic): add multi-method support to RouteShape, update framework bindings, and improve test coverage 2026-05-23 10:08:41 -05:00
			`import io.awspring.cloud.sqs.annotation.SqsListener;`
[pitboss] phase 20: Track M.2 — `MessageHandler` end-to-end (Kafka / SQS / Pub-Sub / NATS / RabbitMQ) 2026-05-20 16:03:40 -05:00
			`public class Vuln {`
			`public Vuln() {}`

refactor(dynamic): add multi-method support to RouteShape, update framework bindings, and improve test coverage 2026-05-23 10:08:41 -05:00			`@SqsListener("jobs")`
[pitboss] phase 20: Track M.2 — `MessageHandler` end-to-end (Kafka / SQS / Pub-Sub / NATS / RabbitMQ) 2026-05-20 16:03:40 -05:00			`public void handleMessage(java.util.Map<String, String> env) throws Exception {`
			`String body = env != null ? env.getOrDefault("Body", "") : "";`
			`// SINK: tainted Body concatenated into shell command`
			`new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();`
			`}`
			`}`