24 lines
568 B
Python
24 lines
568 B
Python
# A simple app with some issues for Heimdall to find
|
|
|
|
import os
|
|
import subprocess
|
|
|
|
def get_user_input():
|
|
query = input("Enter search: ")
|
|
# SQL injection vulnerability
|
|
result = db.execute(f"SELECT * FROM users WHERE name = '{query}'")
|
|
return result
|
|
|
|
def run_command(cmd):
|
|
# Command injection vulnerability
|
|
subprocess.call(cmd, shell=True)
|
|
|
|
# Hardcoded secret
|
|
API_KEY = "sk-1234567890abcdef"
|
|
|
|
def fetch_data():
|
|
# No error handling
|
|
response = requests.get(f"https://api.example.com?key={API_KEY}")
|
|
return response.json()
|
|
# More code
|