added new vuln code with shared sink

nahsra · nahsra · commit 24d7f04a2c98 · 2024-06-30T11:22:09.000-04:00
diff --git a/src/main/java/com/acme/jndi/FindResource.java b/src/main/java/com/acme/jndi/FindResource.java
@@ -0,0 +1,20 @@
+package com.acme.jndi;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+/** JNDI resource finder. */
+public final class FindResource {
+
+    private FindResource() { }
+
+    public static String findResource(final String resource) throws NamingException {
+        return lookupResource(resource);
+    }
+
+    private static String lookupResource(final String resource) throws NamingException {
+        Context ctx = new InitialContext();
+        return String.valueOf(ctx.lookup(resource));
+    }
+}
diff --git a/src/main/java/com/acme/jndi/JNDIVuln.java b/src/main/java/com/acme/jndi/JNDIVuln.java
@@ -1,8 +1,6 @@
 package com.acme.jndi;
 
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.*;
 
 import javax.naming.Context;
 import javax.naming.InitialContext;
@@ -17,4 +15,14 @@ public String lookupResource(@QueryParam("resource") final String resource) thro
         Object obj = ctx.lookup(resource);
         return String.valueOf(obj);
     }
+
+    @POST
+    public String lookupAnotherResource(@QueryParam("resource") final String resource) throws NamingException {
+        return FindResource.findResource(resource);
+    }
+
+    @PUT
+    public String lookupYetAnotherResource(@QueryParam("resource") final String resource) throws NamingException {
+        return FindResource.findResource(resource);
+    }
 }
