nyx/tests/dynamic_fixtures/message_handler/sqs_java/Vuln.java

// Phase 20 (Track M.2) — SQS Java vuln fixture.
// `io.awspring.cloud.sqs` consumer entry point — annotation elided so
// javac compiles without the Spring Cloud AWS jar.

public class Vuln {
    public Vuln() {}

    public void handleMessage(java.util.Map<String, String> env) throws Exception {
        String body = env != null ? env.getOrDefault("Body", "") : "";
        // SINK: tainted Body concatenated into shell command
        new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();
    }
}
[pitboss] phase 20: Track M.2 — `MessageHandler` end-to-end (Kafka / SQS / Pub-Sub / NATS / RabbitMQ) 2026-05-20 16:03:40 -05:00			`// Phase 20 (Track M.2) — SQS Java vuln fixture.`
			// `io.awspring.cloud.sqs` consumer entry point — annotation elided so
			`// javac compiles without the Spring Cloud AWS jar.`

			`public class Vuln {`
			`public Vuln() {}`

			`public void handleMessage(java.util.Map<String, String> env) throws Exception {`
			`String body = env != null ? env.getOrDefault("Body", "") : "";`
			`// SINK: tainted Body concatenated into shell command`
			`new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();`
			`}`
			`}`