From 5ccb6de41e9397bbdfd3ab89e7eda3ad3a8c1960 Mon Sep 17 00:00:00 2001 From: AppSecureAI Date: Mon, 12 Jan 2026 21:26:40 +0000 Subject: [PATCH] Fix high severity CWE-78 vulnerability --- .../owasp/benchmark/testcode/BenchmarkTest02244.java | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02244.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02244.java index 6cb12a71..ee211b5f 100644 --- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02244.java +++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02244.java @@ -51,15 +51,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) java.util.List argList = new java.util.ArrayList(); - String osName = System.getProperty("os.name"); - if (osName.indexOf("Windows") != -1) { - argList.add("cmd.exe"); - argList.add("/c"); - } else { - argList.add("sh"); - argList.add("-c"); - } - argList.add("echo " + bar); + argList.add("echo"); + argList.add(bar); ProcessBuilder pb = new ProcessBuilder(argList);