apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/message_handler/sqs_java/Vuln.java
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

14 lines
484 B
Java
Raw Permalink Blame History

// Phase 20 (Track M.2) — SQS Java vuln fixture.
import io.awspring.cloud.sqs.annotation.SqsListener;
public class Vuln {
public Vuln() {}
@SqsListener("jobs")
public void handleMessage(java.util.Map<String, String> env) throws Exception {
String body = env != null ? env.getOrDefault("Body", "") : "";
// SINK: tainted Body concatenated into shell command
new ProcessBuilder("sh", "-c", "echo " + body).inheritIO().start().waitFor();
}
}
Reference in a new issue View git blame Copy permalink