say that you have two files on the disc

• secret.json
• profile.jpg

the server allows you to read the content of any file ending with with jpg, so it is automatically suffixed with +".jpg"

readFile(path + ".jpg")

but if you could trick it maybe you can get away with reading secret.json if you say that you want to read secret.json\0whatever_not_included

In what environment does that happen ?