# A simple app with some issues for Heimdall to find

import os
import subprocess

def get_user_input():
    query = input("Enter search: ")
    # SQL injection vulnerability
    result = db.execute(f"SELECT * FROM users WHERE name = '{query}'")
    return result

def run_command(cmd):
    # Command injection vulnerability  
    subprocess.call(cmd, shell=True)

# Hardcoded secret
API_KEY = "sk-1234567890abcdef"

def fetch_data():
    # No error handling
    response = requests.get(f"https://api.example.com?key={API_KEY}")
    return response.json()
# More code
# Even more