Testing same exploit pattern on FIXED code...

All paths: [
  '/usr/lib/postgresql/16/bin/postgres',
  '/var/tmp/x;touch /tmp/SI_RCE_PROOF;/bin/postgres'
]
Filtered (safe) paths: [ '/usr/lib/postgresql/16/bin/postgres' ]
Rejected (dangerous) paths: [ '/var/tmp/x;touch /tmp/SI_RCE_PROOF;/bin/postgres' ]

Selected safe path: /usr/lib/postgresql/16/bin/postgres
Executing via execFile (no shell interpretation)...
*** FIX WORKS: No command injection - proof file not created ***