test: Add vulnerable Python file for security testing

[diksha190]

No description provided.

[github-actions]

🛡️ AI Security Analysis

📄 ../test_vulnerable.py

⚠️ Found 3 issue(s): 1 Critical, 2 High, 0 Medium, 0 Low

🚨 Critical Issues

1. SQL Injection in login_user function

• Line: 6
• Description: The login_user function constructs an SQL query using string concatenation, allowing an attacker to manipulate the SQL query by injecting malicious input into the username or password fields.
• Fix: Use parameterized queries to prevent SQL injection. Example:

query = 'SELECT * FROM users WHERE username=? AND password=?'
cursor.execute(query, (username, password))

⚠️ High Severity Issues

1. Command Injection in execute_command function

• Line: 10
• Description: The execute_command function uses os.system with user input, which can lead to command injection if an attacker provides a specially crafted command.
• Fix: Use the subprocess module with a list of arguments instead of os.system. Example:

import subprocess
subprocess.run(['ping', '-c', '1', cmd])

2. Path Traversal in read_file function

• Line: 15
• Description: The read_file function allows an attacker to read arbitrary files on the server by manipulating the filename parameter, leading to potential exposure of sensitive information.
• Fix: Validate and sanitize the filename input to ensure it does not contain path traversal characters. Example:

import os
if '..' in filename or filename.startswith('/'): raise ValueError('Invalid filename')
with open(os.path.join('/var/data', filename), 'r') as f:

💰 Analysis cost: $0.0006

---

📊 Summary

• Total vulnerabilities: 3
• Files analyzed: 1
• Total cost: $0.0006

---

🤖 Powered by AI Security Agent