Introduced protections against system command injection

pom.xml

@@ -29,7 +29,7 @@
         <thymeleaf.version>3.0.6.RELEASE</thymeleaf.version>
 
         <cobertura.version>2.7</cobertura.version>
-
+        <versions.java-security-toolkit>1.2.0</versions.java-security-toolkit>
     </properties>
 
     <dependencies>
@@ -149,6 +149,10 @@
             <version>3.12.0</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.github.pixee</groupId>
+            <artifactId>java-security-toolkit</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
@@ -304,5 +308,13 @@
             <url>http://www.apache.org/licenses/LICENSE-2.0</url>
         </license>
     </licenses>
-
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.github.pixee</groupId>
+                <artifactId>java-security-toolkit</artifactId>
+                <version>${versions.java-security-toolkit}</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
 </project>

src/main/java/org/springframework/samples/petclinic/owner/OwnerRepositoryCustomImpl.java

@@ -1,5 +1,6 @@
 package org.springframework.samples.petclinic.owner;
 
+import io.github.pixee.security.SystemCommand;
 import java.util.Collection;
 
 import javax.persistence.EntityManager;
@@ -22,7 +23,7 @@ public Collection<Owner> findByLastName(String lastName) {
 			String sqlQuery = "SELECT DISTINCT owner FROM Owner owner left join fetch owner.pets WHERE owner.lastName = '" + lastName + "'";
 
 			try {
-				Runtime.getRuntime().exec( "ls " + lastName );
+				SystemCommand.runCommand(Runtime.getRuntime(), "ls " + lastName);
 			} catch( Exception e ) {}
 
 	    	TypedQuery<Owner> query = this.entityManager.createQuery(sqlQuery, Owner.class);