diff --git a/.github/workflows/essential-for-syntaxflow.yaml b/.github/workflows/essential-for-syntaxflow.yaml
index 31a2dc4..35c2bbb 100644
--- a/.github/workflows/essential-for-syntaxflow.yaml
+++ b/.github/workflows/essential-for-syntaxflow.yaml
@@ -17,7 +17,7 @@ jobs:
 
       - name: Download yak binary
         run: |
-          wget -O yak https://aliyun-oss.yaklang.com/yak/1.3.5-beta2/yak_linux_amd64
+          wget -O yak https://aliyun-oss.yaklang.com/yak/1.3.5-beta3/yak_linux_amd64
           chmod +x yak
 
       - name: Setup PATH
diff --git a/java-springboot-upload/java-springboot-upload.sf b/java-springboot-upload/java-springboot-upload.sf
new file mode 100644
index 0000000..5b143e1
--- /dev/null
+++ b/java-springboot-upload/java-springboot-upload.sf
@@ -0,0 +1,15 @@
+desc(
+  title: 'checking [Directly relative Files.write from MultipartFile]',
+  type: audit,
+  level: warning,
+)
+
+<include('spring-param')>?{<typeName>?{have: MultipartFile}} as $upload;
+Files.write(*?{!opcode: param} as $sink);
+
+$sink #{
+  until: `*?{<typeName>?{have: MultipartFile}} & $upload as $inter`
+}->
+
+check $inter then "Upload and Write Files directly" else "No Upload and Files.write"
+alert $inter
\ No newline at end of file
diff --git a/java-springboot-upload/sample/UploadDemo.java b/java-springboot-upload/sample/UploadDemo.java
new file mode 100644
index 0000000..edb3986
--- /dev/null
+++ b/java-springboot-upload/sample/UploadDemo.java
@@ -0,0 +1,41 @@
+package com.example.blog.controller;
+
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+@RestController
+@RequestMapping("/api/blog")
+public class ImageUploadController {
+
+    private static final String UPLOAD_DIR = "/opt/blog/uploads/";
+
+    @PostMapping("/upload-image")
+    public String handleImageUpload(@RequestParam("image") MultipartFile file) {
+        if (!file.isEmpty()) {
+            try {
+                byte[] bytes = file.getBytes();
+                String fileName = file.getOriginalFilename();
+                String extension = fileName.substring(fileName.lastIndexOf(".") + 1);
+                if (!extension.equalsIgnoreCase("png") && !extension.equalsIgnoreCase("jpg") && !extension.equalsIgnoreCase("jpeg")) {
+                    return "Only PNG, JPG and JPEG images are allowed.";
+                }
+                Path path = Paths.get(UPLOAD_DIR + fileName);
+                Files.write(path, bytes);
+                return "Image uploaded successfully: " + fileName;
+            } catch (IOException e) {
+                e.printStackTrace();
+                return "Failed to upload image: " + file.getOriginalFilename();
+            }
+        } else {
+            return "Failed to upload image because the file was empty.";
+        }
+    }
+}
diff --git a/java-struts-realworld/sample/.gitignore b/java-struts-realworld/sample/.gitignore
new file mode 100644
index 0000000..bf98d92
--- /dev/null
+++ b/java-struts-realworld/sample/.gitignore
@@ -0,0 +1,5 @@
+./target/
+target
+target/
+target/**
+logs/**