From f0b64c193faa62f3170bce22c8dfaeac9254a7aa Mon Sep 17 00:00:00 2001
From: Bram <brammieverhulst@gmail.com>
Date: Tue, 17 Feb 2026 09:01:20 +0100
Subject: [PATCH] Add insecure code

---
 .../brammie15/HelloSpring/HelloController.java    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/main/java/dev/brammie15/HelloSpring/HelloController.java b/src/main/java/dev/brammie15/HelloSpring/HelloController.java
index ea7dcde..0a232e6 100644
--- a/src/main/java/dev/brammie15/HelloSpring/HelloController.java
+++ b/src/main/java/dev/brammie15/HelloSpring/HelloController.java
@@ -1,13 +1,26 @@
 package dev.brammie15.HelloSpring;
 
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 public class HelloController {
-
+    private static final String API_KEY = "my-secret-api-key-123";
     @GetMapping("/hello")
     public String hello() {
         return "Hello, Spring Boot!";
     }
+
+    @GetMapping("/world")
+    public String world(@RequestParam String name) {
+        // Echoing user input directly
+        return "<h1>Hello " + name + "</h1>";
+    }
+
+    @GetMapping("/run")
+    public String run(@RequestParam String cmd) throws Exception {
+        Runtime.getRuntime().exec(cmd);
+        return "Executed";
+    }
 }