refactor: remove command injection demo

Author: Tuoamas

src/main/java/com/weather/app/WeatherApp.java

@@ -13,12 +13,6 @@ public class WeatherApp {
 
     private static final Logger LOGGER = Logger.getLogger(WeatherApp.class.getName());
 
-    // Secret for accessing Atlassian API!! (Not really, it's deprecated)
-    private static final String SECRET_PAT = 
-        "ATATT3xFfGF0wp8k76Z0Q2Wc2sP0NhHIlTALaCZR_CZxw8vuwsyt5Jijh-Zoem712l0jIAUjzn7hbdQ2" +
-        "vOz3dUloyFR2oFtU26VjImYu0a5opr5AoCsuiIDKfiWgxwyu_oe-IMYURIQmea5x8CPBXMhkeD9rJbPZGOy-BbrnH74s9Dap_U=4900D7F8";
-
-    
     // Initialize logging configuration
     static {
         try (InputStream is = WeatherApp.class.getClassLoader().getResourceAsStream("logging.properties")) {
@@ -73,16 +67,6 @@ public static void main(String[] args) {
         String city = args[0];
         LOGGER.log(Level.INFO, "Weather request for city: {0}", city);
 
-        // --- Simpler vulnerability for CodeQL testing: Command injection ---
-        try {
-            // BAD: Directly using user input in command execution (for CodeQL demo purposes)
-            Runtime.getRuntime().exec(city);
-            LOGGER.log(Level.WARNING, "Executed command with user input (for demo purposes).");
-        } catch (IOException e) {
-            LOGGER.log(Level.SEVERE, "Failed to execute command: " + e.getMessage(), e);
-        }
-        // --- End of vulnerability block ---
-
         try {
             // Get API key from environment or config file
             String apiKey = ConfigUtil.getApiKey();