32 lines
815 B
Diff
32 lines
815 B
Diff
diff --git a/src/auth.py b/src/auth.py
|
|
index 1234567..abcdefg 100644
|
|
--- a/src/auth.py
|
|
+++ b/src/auth.py
|
|
@@ -1,10 +1,25 @@
|
|
"""Authentication module."""
|
|
|
|
import sqlite3
|
|
+import os
|
|
|
|
|
|
def get_user(username: str) -> dict | None:
|
|
"""Get user from database."""
|
|
conn = sqlite3.connect("users.db")
|
|
cursor = conn.cursor()
|
|
- cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
|
|
+ # FIXME: this is vulnerable to SQL injection
|
|
+ query = "SELECT * FROM users WHERE username = '" + username + "'"
|
|
+ cursor.execute(query)
|
|
return cursor.fetchone()
|
|
+
|
|
+
|
|
+def run_command(cmd: str) -> str:
|
|
+ """Run a shell command."""
|
|
+ # Command injection vulnerability
|
|
+ return os.popen(cmd).read()
|
|
+
|
|
+
|
|
+# Hardcoded credentials
|
|
+API_KEY = "sk-1234567890abcdef"
|
|
+DB_PASSWORD = "admin123"
|