From d06e491fb1072d6761ad6f39755fb996671b9000 Mon Sep 17 00:00:00 2001
From: sam32willl <119734029+sam32willl@users.noreply.github.com>
Date: Wed, 28 Jan 2026 12:18:08 +0530
Subject: [PATCH 1/3] Update test.py

---
 test.py | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/test.py b/test.py
index 5f99ebe..7d64913 100644
--- a/test.py
+++ b/test.py
@@ -7,28 +7,6 @@
 import requests
 
 
-# ❌ 1. Hard-coded secret
-SECRET_KEY = "my_super_secret_key_123456"
-
-
-# ❌ 2. Weak password hashing (MD5)
-def hash_password(password: str) -> str:
-    return hashlib.md5(password.encode()).hexdigest()
-
-
-# ❌ 3. Command injection
-def list_files(user_path: str) -> str:
-    # User input directly concatenated into shell command
-    cmd = f"ls -la {user_path}"
-    return subprocess.getoutput(cmd)
-
-
-# ❌ 4. Insecure deserialization (RCE risk)
-def load_user_data(data: bytes):
-    # Untrusted pickle loading
-    return pickle.loads(data)
-
-
 # ❌ 5. Path traversal
 def read_file(filename: str) -> str:
     # No validation on filename
@@ -66,3 +44,25 @@ def save_file(filename: str, content: str):
         f.write(content)
     # World-writable permission
     os.chmod(filename, 0o777)
+
+
+# ❌ 1. Hard-coded secret
+SECRET_KEY = "my_super_secret_key_123456"
+
+
+# ❌ 2. Weak password hashing (MD5)
+def hash_password(password: str) -> str:
+    return hashlib.md5(password.encode()).hexdigest()
+
+
+# ❌ 3. Command injection
+def list_files(user_path: str) -> str:
+    # User input directly concatenated into shell command
+    cmd = f"ls -la {user_path}"
+    return subprocess.getoutput(cmd)
+
+
+# ❌ 4. Insecure deserialization (RCE risk)
+def load_user_data(data: bytes):
+    # Untrusted pickle loading
+    return pickle.loads(data)

From 8a9abbccd2584382ddec333f0b927790a2ae90fc Mon Sep 17 00:00:00 2001
From: sam32willl <119734029+sam32willl@users.noreply.github.com>
Date: Wed, 28 Jan 2026 17:04:31 +0530
Subject: [PATCH 2/3] Update app.py

---
 app.py | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/app.py b/app.py
index 15a3f51..1f30a12 100644
--- a/app.py
+++ b/app.py
@@ -10,23 +10,6 @@
 API_KEY = "SUPER_SECRET_API_KEY_12345"  # Snyk should flag this
 
 
-# --- VULN 2: SQL Injection ---
-def get_user_by_name(username):
-    conn = sqlite3.connect("test.db")
-    cursor = conn.cursor()
-    # Intentionally vulnerable query
-    query = f"SELECT * FROM users WHERE username = '{username}'"
-    cursor.execute(query)
-    result = cursor.fetchall()
-    conn.close()
-    return result
-
-
-@app.route("/user")
-def user():
-    username = request.args.get("username", "test")
-    data = get_user_by_name(username)
-    return {"data": str(data)}
 
 
 # --- VULN 3: Command Injection ---
@@ -49,6 +32,23 @@ def load():
     obj = pickle.loads(bytes.fromhex(raw))
     return {"loaded": str(obj)}
 
+# --- VULN 2: SQL Injection ---
+def get_user_by_name(username):
+    conn = sqlite3.connect("test.db")
+    cursor = conn.cursor()
+    # Intentionally vulnerable query
+    query = f"SELECT * FROM users WHERE username = '{username}'"
+    cursor.execute(query)
+    result = cursor.fetchall()
+    conn.close()
+    return result
+
+
+@app.route("/user")
+def user():
+    username = request.args.get("username", "test")
+    data = get_user_by_name(username)
+    return {"data": str(data)}
 
 # --- VULN 5: Unsafe YAML load ---
 @app.route("/yaml")

From df620941b32a43151ac490397f0feb97bf2ba620 Mon Sep 17 00:00:00 2001
From: sam32willl <119734029+sam32willl@users.noreply.github.com>
Date: Wed, 28 Jan 2026 17:10:02 +0530
Subject: [PATCH 3/3] Create pre.py

---
 pre.py | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 pre.py

diff --git a/pre.py b/pre.py
new file mode 100644
index 0000000..dea218b
--- /dev/null
+++ b/pre.py
@@ -0,0 +1,51 @@
+
+import os
+import sqlite3
+import pickle
+
+def process_user_request(user_input, username, raw_data):
+    """
+    This function is intentionally vulnerable.
+    It contains multiple security issues for testing purposes.
+    """
+
+    # 1️⃣ SQL Injection
+    conn = sqlite3.connect("users.db")
+    cursor = conn.cursor()
+    query = f"SELECT * FROM users WHERE username = '{username}'"
+    cursor.execute(query)
+    user_data = cursor.fetchall()
+
+    # 2️⃣ Command Injection
+    command = "echo Processing user && " + user_input
+    os.system(command)
+
+    # 3️⃣ Arbitrary Code Execution via eval
+    try:
+        result = eval(user_input)
+    except Exception:
+        result = None
+
+    # 4️⃣ Insecure Deserialization
+    try:
+        data = pickle.loads(raw_data)
+    except Exception:
+        data = {}
+
+    # 5️⃣ Hardcoded Secret
+    api_key = "sk_test_123456789"
+
+    # 6️⃣ Path Traversal
+    try:
+        with open(f"/tmp/{user_input}.txt", "r") as f:
+            file_data = f.read()
+    except Exception:
+        file_data = ""
+
+    return {
+        "user_data": user_data,
+        "eval_result": result,
+        "deserialized_data": data,
+        "file_data": file_data,
+        "api_key_used": api_key
+    }