Fix a bunch of the Command Injection test cases to work properly on Unix.

davewichers · davewichers · commit 38e6722f5da4 · 2016-04-23T14:27:33.000-04:00
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00171.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00171.java
@@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00303.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00303.java
@@ -69,7 +69,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+        	args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00304.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00304.java
@@ -75,7 +75,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00305.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00305.java
@@ -79,7 +79,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00406.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00406.java
@@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00407.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00407.java
@@ -72,7 +72,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00408.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00408.java
@@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00409.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00409.java
@@ -81,7 +81,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00494.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00494.java
@@ -77,7 +77,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00568.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00568.java
@@ -77,7 +77,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00569.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00569.java
@@ -90,7 +90,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00738.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00738.java
@@ -71,7 +71,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00739.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00739.java
@@ -71,7 +71,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00824.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00824.java
@@ -81,7 +81,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00905.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00905.java
@@ -62,7 +62,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00906.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00906.java
@@ -66,7 +66,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00907.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00907.java
@@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
@@ -69,7 +69,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
@@ -69,7 +69,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
@@ -69,7 +69,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01065.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01065.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01189.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01189.java
@@ -63,7 +63,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01193.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01193.java
@@ -63,7 +63,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01286.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01286.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01362.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01362.java
@@ -65,7 +65,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01441.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01441.java
@@ -74,7 +74,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01529.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01529.java
@@ -61,7 +61,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01530.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01530.java
@@ -61,7 +61,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01607.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01607.java
@@ -63,7 +63,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01792.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01792.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01794.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01794.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01938.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01938.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02067.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02067.java
@@ -63,7 +63,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02148.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02148.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02149.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02149.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02150.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02150.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02151.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02151.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02152.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02152.java
@@ -60,7 +60,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02251.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02251.java
@@ -65,7 +65,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02252.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02252.java
@@ -65,7 +65,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02253.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02253.java
@@ -65,7 +65,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02340.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02340.java
@@ -74,7 +74,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02429.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02429.java
@@ -61,7 +61,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
 		
 		Runtime r = Runtime.getRuntime();
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02430.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02430.java
@@ -61,7 +61,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
         	a1 = "sh";
         	a2 = "-c";
         	cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");
-        	args = new String[]{a1, a2,cmd + bar};
+                args = new String[]{a1, a2, cmd, bar};
         }
         
         String[] argsEnv = { "foo=bar" };
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02432.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02432.java
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02433.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02433.java
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02610.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02610.java
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02611.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02611.java

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`68`	`68`	`a1 = "sh";`
`69`	`69`	`a2 = "-c";`
`70`	`70`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");`
`71`		`- args = new String[]{a1, a2,cmd + bar};`
	`71`	`+ args = new String[]{a1, a2, cmd, bar};`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`String[] argsEnv = { "foo=bar" };`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`69`	`69`	`a1 = "sh";`
`70`	`70`	`a2 = "-c";`
`71`	`71`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");`
`72`		`- args = new String[]{a1, a2,cmd + bar};`
	`72`	`+ args = new String[]{a1, a2, cmd, bar};`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`Runtime r = Runtime.getRuntime();`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`75`	`75`	`a1 = "sh";`
`76`	`76`	`a2 = "-c";`
`77`	`77`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");`
`78`		`- args = new String[]{a1, a2,cmd + bar};`
	`78`	`+ args = new String[]{a1, a2, cmd, bar};`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`String[] argsEnv = { "foo=bar" };`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`79`	`79`	`a1 = "sh";`
`80`	`80`	`a2 = "-c";`
`81`	`81`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");`
`82`		`- args = new String[]{a1, a2,cmd + bar};`
	`82`	`+ args = new String[]{a1, a2, cmd, bar};`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`String[] argsEnv = { "foo=bar" };`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`72`	`72`	`a1 = "sh";`
`73`	`73`	`a2 = "-c";`
`74`	`74`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");`
`75`		`- args = new String[]{a1, a2,cmd + bar};`
	`75`	`+ args = new String[]{a1, a2, cmd, bar};`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`String[] argsEnv = { "foo=bar" };`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`81`	`81`	`a1 = "sh";`
`82`	`82`	`a2 = "-c";`
`83`	`83`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ls");`
`84`		`- args = new String[]{a1, a2,cmd + bar};`
	`84`	`+ args = new String[]{a1, a2, cmd, bar};`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`String[] argsEnv = { "foo=bar" };`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr`
`77`	`77`	`a1 = "sh";`
`78`	`78`	`a2 = "-c";`
`79`	`79`	`cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("ping -c1");`
`80`		`- args = new String[]{a1, a2,cmd + bar};`
	`80`	`+ args = new String[]{a1, a2, cmd, bar};`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`Runtime r = Runtime.getRuntime();`