Intellij IDEA generates unsafe code for new project

[apatrida]

This is likely the Intellij Kotlin project wizard, more than KTOR plugin, but I can't tell from outside which plugin adds the Kotlin "Full Stack Web" project creator. Anyways, it generates this code for serving the static content:

fun main() {
    embeddedServer(Netty, port = 8080, host = "127.0.0.1") {
        routing {
            get("/") {
                call.respondHtml(HttpStatusCode.OK, HTML::index)
            }
            static("/static") {
                resources()
            }
        }
    }.start(wait = true)
}

The resources() seems dangerous, without a limit on the file extensions served, and without a package prefix, you could basically download class files and anything else in the class path, which could include configuration and other unintended files.

This is a bad practice to teach, and people won't question what this wizard creates.