Add app with some issues

2026-01-31 17:42:23 -07:00
parent de2e578893
commit 2cd17d5a3b
1 changed files with 22 additions and 0 deletions
--- a/app.py
+++ b/app.py
@@ -0,0 +1,22 @@
+# A simple app with some issues for Heimdall to find
+
+import os
+import subprocess
+
+def get_user_input():
+    query = input("Enter search: ")
+    # SQL injection vulnerability
+    result = db.execute(f"SELECT * FROM users WHERE name = '{query}'")
+    return result
+
+def run_command(cmd):
+    # Command injection vulnerability  
+    subprocess.call(cmd, shell=True)
+
+# Hardcoded secret
+API_KEY = "sk-1234567890abcdef"
+
+def fetch_data():
+    # No error handling
+    response = requests.get(f"https://api.example.com?key={API_KEY}")
+    return response.json()