From b94ac2da2b0f202bc5c84595a86f4dd9cbd3b2f1 Mon Sep 17 00:00:00 2001 From: Chuck Aude <21095583+chuckaude@users.noreply.github.com> Date: Wed, 8 Apr 2026 10:24:11 -0700 Subject: [PATCH 1/3] add CommandInjection.java --- src/main/java/CommandInjection.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 src/main/java/CommandInjection.java diff --git a/src/main/java/CommandInjection.java b/src/main/java/CommandInjection.java new file mode 100644 index 00000000..71cec828 --- /dev/null +++ b/src/main/java/CommandInjection.java @@ -0,0 +1,13 @@ +// https://documentation.blackduck.com/bundle/coverity-docs/page/checker-ref/checkers/NO/os_cmd_injection.html + +import java.io.*; +import javax.servlet.http.HttpServletRequest; + +public class CommandInjection { + public static Process runCmd(HttpServletRequest request) throws IOException { + String command = request.getParameter("command"); + ProcessBuilder builder = new ProcessBuilder("sh", command); + Process process = builder.start(); + return(process); + } +} From 73178c90b2f89fc23ed7085a42930e95462027dc Mon Sep 17 00:00:00 2001 From: Chuck Aude <21095583+chuckaude@users.noreply.github.com> Date: Wed, 8 Apr 2026 10:33:02 -0700 Subject: [PATCH 2/3] Update coverity-ss-action.yml --- .github/workflows/coverity-ss-action.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/coverity-ss-action.yml b/.github/workflows/coverity-ss-action.yml index bc3a7814..2286b690 100644 --- a/.github/workflows/coverity-ss-action.yml +++ b/.github/workflows/coverity-ss-action.yml @@ -29,10 +29,12 @@ jobs: coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} coverity_policy_view: ${{ github.event_name != 'pull_request' && 'Outstanding Issues' || '' }} coverity_prComment_enabled: true - coverity_build_command: mvn -B -DskipTests package - coverity_clean_command: mvn -B clean + #coverity_build_command: mvn -B -DskipTests package + #coverity_clean_command: mvn -B clean + coverity_build_command: cd subdir && mvn -B -DskipTests package + coverity_clean_command: cd subdir && mvn -B clean coverity_args: -o analyze.checkers.checker-config.OVERRUN.options.report_unprotected_indexing=true # coverity_local: true github_token: ${{ secrets.GITHUB_TOKEN }} include_diagnostics: true - project_directory: subdir + #project_directory: subdir From f18012810ee722a7ad96fbff916edc907c26668b Mon Sep 17 00:00:00 2001 From: Chuck Aude <21095583+chuckaude@users.noreply.github.com> Date: Wed, 8 Apr 2026 10:49:21 -0700 Subject: [PATCH 3/3] Update coverity-ss-action.yml --- .github/workflows/coverity-ss-action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coverity-ss-action.yml b/.github/workflows/coverity-ss-action.yml index 2286b690..cec8f30b 100644 --- a/.github/workflows/coverity-ss-action.yml +++ b/.github/workflows/coverity-ss-action.yml @@ -31,8 +31,8 @@ jobs: coverity_prComment_enabled: true #coverity_build_command: mvn -B -DskipTests package #coverity_clean_command: mvn -B clean - coverity_build_command: cd subdir && mvn -B -DskipTests package - coverity_clean_command: cd subdir && mvn -B clean + coverity_build_command: sh -c "cd subdir && mvn -B -DskipTests package" + coverity_clean_command: sh -c "cd subdir && mvn -B clean" coverity_args: -o analyze.checkers.checker-config.OVERRUN.options.report_unprotected_indexing=true # coverity_local: true github_token: ${{ secrets.GITHUB_TOKEN }}