Introduced protections against system command injection

pom.xml

@@ -15,6 +15,7 @@
 	<description>Demo project for Spring Boot</description>
 	<properties>
 		<java.version>11</java.version>
+		<versions.java-security-toolkit>1.1.3</versions.java-security-toolkit>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -27,6 +28,10 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>io.github.pixee</groupId>
+			<artifactId>java-security-toolkit</artifactId>
+		</dependency>
 	</dependencies>
 
 	<build>
@@ -37,5 +42,13 @@
 			</plugin>
 		</plugins>
 	</build>
-
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>io.github.pixee</groupId>
+				<artifactId>java-security-toolkit</artifactId>
+				<version>${versions.java-security-toolkit}</version>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
 </project>

src/main/java/com/contrast/commandinjection/ExampleApplication.java

@@ -1,5 +1,6 @@
 package com.contrast.commandinjection;
 
+import io.github.pixee.security.SystemCommand;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -36,7 +37,7 @@ public String processBuilder(@RequestParam String command) throws IOException {
 	@GetMapping("/exec")
 	public String exec(@RequestParam String command) throws IOException {
 		try {
-			Process process = Runtime.getRuntime().exec(command);
+			Process process = SystemCommand.runCommand(Runtime.getRuntime(), command);
 			String result = new String(process.getInputStream().readAllBytes());
 			return String.format("%s", result);
 		} catch (Exception ex) {
@@ -79,4 +80,4 @@ public String exec(@RequestParam String command) throws IOException {
 	// }
 	// }
 
-}
+}