vuln check

src/main/java/com/integrationninjas/springbootexample/controller/TestController.java

@@ -1,5 +1,8 @@
 package com.integrationninjas.springbootexample.controller;
 
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -10,8 +13,6 @@
 @RestController
 public class TestController {
 
-	private static final String SECRET_API_KEY = "integrationninjas";
-
 	@GetMapping
 	public Object hello() {
 		Map<String, String> object = new HashMap<>();
@@ -20,13 +21,17 @@ public Object hello() {
 		return object;
 	}
 
-	@GetMapping("/secret")
-	public String getSecret(@RequestParam String apiKey) {
-		if (apiKey.equals(SECRET_API_KEY)) {
-			return "The secret data is: ...";
-		} else {
-			return "Unauthorized!";
+	@GetMapping("/readfile")
+	public String readFile(@RequestParam String fileName) {
+		StringBuilder content = new StringBuilder();
+		try {
+			Files.lines(Paths.get(fileName))
+					.forEach(line -> content.append(line).append("\n"));
+			// Files.lines() does not require explicit closing, but this comment illustrates the vulnerability.
+		} catch (IOException e) {
+			return "Error reading file: " + e.getMessage();
 		}
+		return "File content: " + content.toString();
 	}
 
 }