77import org .springframework .web .bind .annotation .GetMapping ;
88import org .springframework .web .bind .annotation .RestController ;
99
10+ import java .io .BufferedReader ;
1011import java .io .File ;
12+ import java .io .FileReader ;
1113import java .io .IOException ;
1214import java .nio .charset .StandardCharsets ;
1315import java .nio .file .Files ;
@@ -23,7 +25,7 @@ public class PathTraversal {
2325 */
2426 @ GetMapping ("/path_traversal/vul" )
2527 public String getImage (String filepath ) throws IOException {
26- return getImgBase64 (filepath );
28+ return newFile (filepath );
2729 }
2830
2931 @ GetMapping ("/path_traversal/sec" )
@@ -34,7 +36,14 @@ public String getImageSec(String filepath) throws IOException {
3436 }
3537 return getImgBase64 (filepath );
3638 }
37-
39+ public static String newFile (String text ) {
40+ try {
41+ File f = new File (text );
42+ return readFile (f );
43+ } catch (Exception e ) {
44+ return e .getMessage ();
45+ }
46+ }
3847 private String getImgBase64 (String imgFile ) throws IOException {
3948
4049 logger .info ("Working directory: " + System .getProperty ("user.dir" ));
@@ -53,4 +62,20 @@ public static void main(String[] argv) throws IOException {
5362 String aa = new String (Files .readAllBytes (Paths .get ("pom.xml" )), StandardCharsets .UTF_8 );
5463 System .out .println (aa );
5564 }
65+ private static String readFile (File file ) {
66+ try {
67+ FileReader fileStream = new FileReader (file );
68+ BufferedReader bufferedReader = new BufferedReader (fileStream );
69+
70+ String line = null ;
71+ StringBuilder sb = new StringBuilder ();
72+
73+ while ((line = bufferedReader .readLine ()) != null ) {
74+ sb .append (line ).append ("\n " );
75+ }
76+ return sb .toString ();
77+ } catch (IOException e ) {
78+ return "file read failed: " + e ;
79+ }
80+ }
5681}
0 commit comments