[pitboss] phase 21: Track M.3 — ScheduledJob + GraphQLResolver + WebSocket + Middleware + Migration

tests/dynamic_fixtures/scheduled_job/quartz/Vuln.java

@@ -0,0 +1,16 @@
+// Phase 21 (Track M.3) — Quartz scheduled-job vuln fixture.
+//
+// `Vuln` implements the Quartz `Job` interface (substring-marker only
+// — the real `org.quartz.Job` symbol is not on the JDK classpath).
+// `execute(JobExecutionContext)` splices the payload into a shell
+// command via `Runtime.exec`, the classic Quartz job cmdi shape.
+
+// org.quartz.Job marker (substring scan only — not a real import).
+// @DisallowConcurrentExecution
+
+public class Vuln {
+    public void execute(String payload) throws Exception {
+        // SINK: tainted payload concatenated into shell command.
+        Runtime.getRuntime().exec(new String[] { "/bin/sh", "-c", "echo " + payload });
+    }
+}