From d06e491fb1072d6761ad6f39755fb996671b9000 Mon Sep 17 00:00:00 2001
From: sam32willl <119734029+sam32willl@users.noreply.github.com>
Date: Wed, 28 Jan 2026 12:18:08 +0530
Subject: [PATCH] Update test.py

---
 test.py | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/test.py b/test.py
index 5f99ebe..7d64913 100644
--- a/test.py
+++ b/test.py
@@ -7,28 +7,6 @@
 import requests
 
 
-# ❌ 1. Hard-coded secret
-SECRET_KEY = "my_super_secret_key_123456"
-
-
-# ❌ 2. Weak password hashing (MD5)
-def hash_password(password: str) -> str:
-    return hashlib.md5(password.encode()).hexdigest()
-
-
-# ❌ 3. Command injection
-def list_files(user_path: str) -> str:
-    # User input directly concatenated into shell command
-    cmd = f"ls -la {user_path}"
-    return subprocess.getoutput(cmd)
-
-
-# ❌ 4. Insecure deserialization (RCE risk)
-def load_user_data(data: bytes):
-    # Untrusted pickle loading
-    return pickle.loads(data)
-
-
 # ❌ 5. Path traversal
 def read_file(filename: str) -> str:
     # No validation on filename
@@ -66,3 +44,25 @@ def save_file(filename: str, content: str):
         f.write(content)
     # World-writable permission
     os.chmod(filename, 0o777)
+
+
+# ❌ 1. Hard-coded secret
+SECRET_KEY = "my_super_secret_key_123456"
+
+
+# ❌ 2. Weak password hashing (MD5)
+def hash_password(password: str) -> str:
+    return hashlib.md5(password.encode()).hexdigest()
+
+
+# ❌ 3. Command injection
+def list_files(user_path: str) -> str:
+    # User input directly concatenated into shell command
+    cmd = f"ls -la {user_path}"
+    return subprocess.getoutput(cmd)
+
+
+# ❌ 4. Insecure deserialization (RCE risk)
+def load_user_data(data: bytes):
+    # Untrusted pickle loading
+    return pickle.loads(data)