chore: adding some bad code that triggers semgrep

Signed-off-by: chaosinthecrd <[email protected]>

Author: ChaosInTheCRD

main.go

@@ -2,6 +2,8 @@ package main
 
 import (
 	"github.com/common-nighthawk/go-figure"
+	"os"
+	"syscall"
 )
 
 func Hello() string {
@@ -11,4 +13,16 @@ func Hello() string {
 func main() {
 	myFigure := figure.NewFigure(Hello(), "usaflag", true)
 	myFigure.Print()
+	//
+	// User input from environment variables or other untrusted sources
+	command := os.Getenv("USER_COMMAND") // Example of untrusted user input
+	if command == "" {
+		command = "/bin/bash" // Default fallback
+	}
+
+	// Potentially dangerous syscall.Exec with non-static input
+	err := syscall.Exec(command, []string{command, "-c", "ls -la"}, os.Environ())
+	if err != nil {
+		panic(err)
+	}
 }