brammie15/Hello-Spring
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add insecure code

Browse Source
This commit is contained in:
Bram
2026-02-17 09:01:20 +01:00
parent 2477e25af0
commit f0b64c193f
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/dev/brammie15/HelloSpring/HelloController.java
View File

@@ -1,13 +1,26 @@
package dev.brammie15.HelloSpring; package dev.brammie15.HelloSpring;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
@RestController @RestController
public class HelloController { public class HelloController {
private static final String API_KEY = "my-secret-api-key-123";
@GetMapping("/hello") @GetMapping("/hello")
public String hello() { public String hello() {
return "Hello, Spring Boot!"; return "Hello, Spring Boot!";
} }
@GetMapping("/world")
public String world(@RequestParam String name) {
// Echoing user input directly
return "<h1>Hello " + name + "</h1>";
}
@GetMapping("/run")
public String run(@RequestParam String cmd) throws Exception {
Runtime.getRuntime().exec(cmd);
return "Executed";
}
} }