From 3f559f23e04214041c61567304b16eea5543c06b Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Fri, 1 May 2026 09:45:34 +0530
Subject: [PATCH] Create djb2.py

---
 djb2.py | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 djb2.py

diff --git a/djb2.py b/djb2.py
new file mode 100644
index 0000000..cb2fa6e
--- /dev/null
+++ b/djb2.py
@@ -0,0 +1,9 @@
+# test_vuln.py — deliberately bad code
+import sqlite3
+
+def get_user(username):
+    conn = sqlite3.connect("users.db")
+    query = f"SELECT * FROM users WHERE name = '{username}'"  # SQL injection
+    return conn.execute(query).fetchone()
+
+SECRET_KEY = "hardcoded-secret-123"  # hard-coded secret