108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
25 lines
801 B
Java
25 lines
801 B
Java
package bench.reachability.micronaut;
|
|
|
|
import java.util.Map;
|
|
import java.util.Base64;
|
|
import java.io.*;
|
|
|
|
public class Controller {
|
|
// Unsafe deserialization sink (reachable)
|
|
public static Response handleUpload(Map<String, String> body) {
|
|
String payload = body.get("payload");
|
|
if (payload == null) {
|
|
return new Response(400, "bad request");
|
|
}
|
|
try (ObjectInputStream ois = new ObjectInputStream(
|
|
new ByteArrayInputStream(Base64.getDecoder().decode(payload)))) {
|
|
Object obj = ois.readObject();
|
|
return new Response(200, obj.toString());
|
|
} catch (Exception ex) {
|
|
return new Response(500, ex.getClass().getSimpleName());
|
|
}
|
|
}
|
|
|
|
public record Response(int status, String body) {}
|
|
}
|