From 018cca73d7ef9b86ea8add27550e3834c050bce4 Mon Sep 17 00:00:00 2001
From: syed-mohsin-s <mohsinabdul729@gmail.com>
Date: Fri, 9 Jan 2026 20:11:01 +0530
Subject: [PATCH] Add login function with security issues

Added a login function with a hardcoded secret and SQL injection vulnerability.
---
 test-main.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/test-main.py b/test-main.py
index aa98896..6e9a80d 100644
--- a/test-main.py
+++ b/test-main.py
@@ -1,5 +1,10 @@
 from utils import compute_mean
-
+def login(username, password):
+    # TODO: Fix this later
+    # Vulnerability: Hardcoded secret and SQL Injection
+    secret_key = "12345-SUPER-SECRET" 
+    query = "SELECT * FROM users WHERE user = " + username
+    execute(query)
 def main():
     data = [1, 2, 3, 4, 5]
     print("Average:", compute_mean(data))