Dynamic (#77)

2026-06-09 19:45:13 +02:00 · 2026-06-05 10:16:30 -05:00 · 2026-06-05 10:16:30 -05:00 · 991c84a1eb
commit 991c84a1eb
parent 55247b7fcd
1464 changed files with 225448 additions and 1985 deletions
--- a/tests/dynamic_fixtures/message_handler/sqs_java/Vuln.java
+++ b/tests/dynamic_fixtures/message_handler/sqs_java/Vuln.java
@ -0,0 +1,14 @@
+// Phase 20 (Track M.2) — SQS Java vuln fixture.
+
+import io.awspring.cloud.sqs.annotation.SqsListener;
+
+public class Vuln {
+    public Vuln() {}
+
+    @SqsListener("jobs")
+    public void handleMessage(java.util.Map<String, String> env) throws Exception {
+        String body = env != null ? env.getOrDefault("Body", "") : "";
+        // SINK: tainted Body concatenated into shell command
+        new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();
+    }
+}