package bench.reachability.micronaut;

import java.util.Map;
import java.util.Base64;
import java.io.*;

public class Controller {
    // Unsafe deserialization sink (reachable)
    public static Response handleUpload(Map<String, String> body) {
        String payload = body.get("payload");
        if (payload == null) {
            return new Response(400, "bad request");
        }
        try (ObjectInputStream ois = new ObjectInputStream(
                new ByteArrayInputStream(Base64.getDecoder().decode(payload)))) {
            Object obj = ois.readObject();
            return new Response(200, obj.toString());
        } catch (Exception ex) {
            return new Response(500, ex.getClass().getSimpleName());
        }
    }

    public record Response(int status, String body) {}
}