feat(agents): implement agent framework and CLI
This commit is contained in:
31
tests/fixtures/security-issue.diff
vendored
Normal file
31
tests/fixtures/security-issue.diff
vendored
Normal file
@@ -0,0 +1,31 @@
|
||||
diff --git a/src/auth.py b/src/auth.py
|
||||
index 1234567..abcdefg 100644
|
||||
--- a/src/auth.py
|
||||
+++ b/src/auth.py
|
||||
@@ -1,10 +1,25 @@
|
||||
"""Authentication module."""
|
||||
|
||||
import sqlite3
|
||||
+import os
|
||||
|
||||
|
||||
def get_user(username: str) -> dict | None:
|
||||
"""Get user from database."""
|
||||
conn = sqlite3.connect("users.db")
|
||||
cursor = conn.cursor()
|
||||
- cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
|
||||
+ # FIXME: this is vulnerable to SQL injection
|
||||
+ query = "SELECT * FROM users WHERE username = '" + username + "'"
|
||||
+ cursor.execute(query)
|
||||
return cursor.fetchone()
|
||||
+
|
||||
+
|
||||
+def run_command(cmd: str) -> str:
|
||||
+ """Run a shell command."""
|
||||
+ # Command injection vulnerability
|
||||
+ return os.popen(cmd).read()
|
||||
+
|
||||
+
|
||||
+# Hardcoded credentials
|
||||
+API_KEY = "sk-1234567890abcdef"
|
||||
+DB_PASSWORD = "admin123"
|
||||
Reference in New Issue
Block a user