CommandInjectionSuspicious.java

package testcode.command;


import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

public class CommandInjectionSuspicious {

    public void insecureConstructorArray(String input) {
        new ProcessBuilder("ls",input);
        String[] cmd = new String[] {"ls",input};
        new ProcessBuilder(cmd);

    }

    public void insecureConstructorList(String input) {
        List<String> cmd1 = new ArrayList<String>();
        cmd1.add(input);
        new ProcessBuilder(cmd1);

        List<String> cmd2 = Arrays.asList("ls", input);
        new ProcessBuilder(cmd2);
    }

    public void insecureCommandMethodArray(String input) {
        new ProcessBuilder().command("ls", input);
        String[] cmd = new String[] {"ls",input};
        new ProcessBuilder().command(cmd);
    }

    public void insecureCommandMethodList(String input) {
        List<String> cmd1 = new ArrayList<String>();
        cmd1.add(input);
        new ProcessBuilder().command(cmd1);

        List<String> cmd2 = Arrays.asList("ls",input);
        new ProcessBuilder().command(cmd2);
    }
}