Our group project is to make an online IDE for Java, our group has already worked out a way to get the code from the user although we have an issue regarding malicious code such as .exec("killall java") we are also planning on having a questions part for the website, and would like for command line input to be done on server side, one way I can think of doing this is by changing the users default scanner(system.in) to scanner(varname); with a variable to store all input however this will require me to parse the users code and modify it.
I guess my question is how do online IDE's for java filter code to remove malicious code and also change the code so that input is simulated to go through the command prompt.
More info on the system, were planning to have a filesystem of users, who have a number of folders to store questions in, every time a user uploads a solution to the question the code is compiled, then if any errors occur it sends it back to the web server, the user then presses a button to have his code checked on runtime, and the server tells the user if the answer is correct.