From cffa93f499511421e5e53cff84eaf7aab8a33766 Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Fri, 1 May 2026 12:06:07 +0800
Subject: [PATCH 1/2] =?UTF-8?q?fix:=20sam.py=20=E2=80=94=20Precogs=20AI=20?=
 =?UTF-8?q?auto-fix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sam.py | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/sam.py b/sam.py
index d8d2425..883525d 100644
--- a/sam.py
+++ b/sam.py
@@ -1,19 +1,24 @@
-import os
-import sqlite3
-import pickle
-
 def process_user_request(user_input, username, raw_data):
     """
     This function is intentionally vulnerable.
     It contains multiple security issues for testing purposes.
     """
 
+    import sqlite3
+    import os
+    import pickle
+
     # 1️⃣ SQL Injection
+    # Use parameterized queries to avoid SQL injection attacks.
     conn = sqlite3.connect("users.db")
     cursor = conn.cursor()
-    query = f"SELECT * FROM users WHERE username = '{username}'"
-    cursor.execute(query)
-    user_data = cursor.fetchall()
+    try:
+        # PRECOGS_FIX: use parameterized query to prevent SQL injection
+        cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
+        user_data = cursor.fetchall()
+    finally:
+        cursor.close()
+        conn.close()
 
     # 2️⃣ Command Injection
     command = "echo Processing user && " + user_input
@@ -48,3 +53,4 @@ def process_user_request(user_input, username, raw_data):
         "file_data": file_data,
         "api_key_used": api_key
     }
+

From 6a02565b8532218f87fc493eddf12555bc2e7618 Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Thu, 14 May 2026 11:55:21 +0530
Subject: [PATCH 2/2] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index ea39499..b737a23 100644
--- a/README.md
+++ b/README.md
@@ -4,3 +4,4 @@ cdsav
  kjhbvljhv
 wfewqfd
 acWDSCV
+wffqwe