From 4e8eb3256c1ae5c3c81888c06810d38e8b6b69a7 Mon Sep 17 00:00:00 2001
From: Steven Susanto <steven.susanto20@gmail.com>
Date: Mon, 1 Dec 2025 09:23:59 -0500
Subject: [PATCH] Add files via upload

---
 sast_test_file.py | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 sast_test_file.py

diff --git a/sast_test_file.py b/sast_test_file.py
new file mode 100644
index 0000000..8cb5fcb
--- /dev/null
+++ b/sast_test_file.py
@@ -0,0 +1,33 @@
+
+import sqlite3
+import os
+import pickle
+
+# Hardcoded credentials (Issue: Sensitive Information Exposure)
+USERNAME = "admin"
+PASSWORD = "password123"
+
+# SQL Injection vulnerability
+user_input = input("Enter username: ")
+connection = sqlite3.connect("example.db")
+cursor = connection.cursor()
+query = f"SELECT * FROM users WHERE username = '{user_input}'"
+cursor.execute(query)
+print(cursor.fetchall())
+
+# Command Injection vulnerability
+filename = input("Enter filename to list: ")
+os.system(f"ls {filename}")
+
+# Insecure deserialization
+malicious_data = b"cos
+system
+(S'echo hacked'
+tR."
+pickle.loads(malicious_data)
+
+# Weak cryptography
+import hashlib
+password = "mypassword"
+hash_value = hashlib.md5(password.encode()).hexdigest()
+print("MD5 hash:", hash_value)