1 changed files with 31 additions and 0 deletions
--- a/app.py
+++ b/app.py
@@ -0,0 +1,31 @@
 # A simple app with some issues for Heimdall to find
 import os
 import subprocess
 def get_user_input():
    query = input("Enter search: ")
    # SQL injection vulnerability
    result = db.execute(f"SELECT * FROM users WHERE name = '{query}'")
    return result
 def run_command(cmd):
    # Command injection vulnerability  
    subprocess.call(cmd, shell=True)
 # Hardcoded secret
 API_KEY = "sk-1234567890abcdef"
 def fetch_data():
    # No error handling
    response = requests.get(f"https://api.example.com?key={API_KEY}")
    return response.json()
 # More code
 # Even more
 # debug2
 # foreground test
 # actual test
 # retry
 # fixed clone
 # deepen test
 # full clone