Add sample

SpaceWhite · SpaceWhite · commit 0be6f843875a · 2020-02-15T16:49:33.000+09:00
diff --git a/java/ql/src/Security/CWE/CWE-094/ScriptEngine.java b/java/ql/src/Security/CWE/CWE-094/ScriptEngine.java
@@ -1,4 +1,4 @@
-// Bad: arbitrary code execution
+// Bad: ScriptEngine allows arbitrary code injection
 ScriptEngineManager scriptEngineManager = new ScriptEngineManager();
 ScriptEngine scriptEngine = scriptEngineManager.getEngineByExtension("js");
 Object result = scriptEngine.eval(code);
diff --git a/java/ql/src/Security/CWE/CWE-094/ScriptEngine.qhelp b/java/ql/src/Security/CWE/CWE-094/ScriptEngine.qhelp
@@ -14,9 +14,7 @@ Use "Cloudbees Rhino Sandbox" or sandboxing with SecurityManager or use <a href=
 
 <example>
 The following code could executes random JavaScript code
-ScriptEngineManager scriptEngineManager = new ScriptEngineManager();
-ScriptEngine scriptEngine = scriptEngineManager.getEngineByExtension("js");
-Object result = scriptEngine.eval(code);
+<sample src="ScriptEngine.java" />
 </example>
 
 <references>
