From fc39b49e70d5a69d8e128279e4d378ee162c3e51 Mon Sep 17 00:00:00 2001
From: diksha190 <diksha.bharti456@bitgo.com>
Date: Thu, 5 Feb 2026 15:54:09 +0530
Subject: [PATCH] test: Add vulnerable Python file for security testing

---
 test_vulnerable.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 test_vulnerable.py

diff --git a/test_vulnerable.py b/test_vulnerable.py
new file mode 100644
index 0000000..b49f5d5
--- /dev/null
+++ b/test_vulnerable.py
@@ -0,0 +1,19 @@
+import os
+import sqlite3
+
+def login_user(username, password):
+    # VULNERABILITY: SQL Injection
+    conn = sqlite3.connect('users.db')
+    cursor = conn.cursor()
+    query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
+    cursor.execute(query)
+    return cursor.fetchone()
+
+def execute_command(cmd):
+    # VULNERABILITY: Command Injection
+    os.system(f"ping -c 1 {cmd}")
+
+def read_file(filename):
+    # VULNERABILITY: Path Traversal
+    with open(f"/var/data/{filename}", 'r') as f:
+        return f.read()