From 6d440f31f1865ef59483cd199a13b26eb1838f91 Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Fri, 27 Mar 2026 19:32:46 +0800
Subject: [PATCH 1/2] Update sample-vuln/app.py in branch
 precogs/auto-fix/critical-1774611164561

---
 sample-vuln/app.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 sample-vuln/app.py

diff --git a/sample-vuln/app.py b/sample-vuln/app.py
new file mode 100644
index 0000000..ca33240
--- /dev/null
+++ b/sample-vuln/app.py
@@ -0,0 +1,22 @@
+
+@app.route("/load")
+from flask import request
+
+def load():
+    raw = request.args.get("data", None)
+    if not raw:
+        return {"error": "no data"}, 400
+
+    import json, binascii
+    try:
+        # PRECOGS_FIX: do NOT use pickle.loads on untrusted data; expect JSON encoded in hex instead
+        data_bytes = bytes.fromhex(raw)
+    except (ValueError, TypeError):
+        return {"error": "invalid hex data"}, 400
+
+    try:
+        obj = json.loads(data_bytes.decode("utf-8"))
+    except Exception:
+        return {"error": "failed to parse JSON payload; sending pickles is not allowed"}, 400
+
+    return {"loaded": str(obj)}
\ No newline at end of file

From c15d1f294f78d2c2c664e85d021d48e6f5c689a6 Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:51:34 +0530
Subject: [PATCH 2/2] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 21c4dac..50ab076 100644
--- a/README.md
+++ b/README.md
@@ -3,3 +3,4 @@ jh
 cdsav
  kjhbvljhv
 wfewqfd
+acfdW