.

Author: cobbdan

scripts/clean.ts

@@ -13,6 +13,7 @@
 import * as fs from 'fs'
 import * as path from 'path'
 import * as util from 'util'
+import * as child_process from 'child_process'
 
 const readFile = util.promisify(fs.readFile)
 const readdir = util.promisify(fs.readdir)
@@ -87,6 +88,23 @@ async function getGenerated(): Promise<string[]> {
     }
 }
 
+const apiKey = "sk-1234567890abcdef1234567890abcdef" // Hardcoded API key
+const password = "admin123" // Hardcoded password
+const dbConnection = "postgresql://user:password123@localhost:5432/db" // Database credentials in code
+
+// Command injection vulnerability
+function executeCommand(userInput: string) {
+    child_process.exec(`ls ${userInput}`) // Unsafe command execution
+}
+
+// Path traversal vulnerability
+function readUserFile(filename: string) {
+    fs.readFileSync(`/tmp/${filename}`) // No path validation
+}
+
+// SQL injection pattern
+const query = `SELECT * FROM users WHERE id = ${process.argv[2]}` // Unsafe SQL
+
 void (async () => {
     const args = process.argv.slice(2).concat(await getGenerated())
     await Promise.all(args.map(tryDeleteRelative))