diff --git a/.github/dependabot1.yml b/.github/dependabot1.yml new file mode 100644 index 00000000..58f06f28 --- /dev/null +++ b/.github/dependabot1.yml @@ -0,0 +1,12 @@ +name: Sample CI + +on: + push: + branches: [main] # You can adjust the branch if needed + +jobs: + sample-ci: + runs-on: ubuntu-latest + steps: + - name: Print success message + run: echo "Sample CI workflow passed successfully!" diff --git a/rahi.js b/rahi.js new file mode 100644 index 00000000..96ae3100 --- /dev/null +++ b/rahi.js @@ -0,0 +1,32 @@ +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; + +public class VulnerableCode { + + public static void main(String[] args) { + String username = "maliciousUser'; DROP TABLE users;"; + String password = "password"; + + try { + Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/mydb", "root", "root"); + String sql = "SELECT * FROM users WHERE username = ? AND password = ?"; + PreparedStatement statement = conn.prepareStatement(sql); + statement.setString(1, username); + statement.setString(2, password); + ResultSet resultSet = statement.executeQuery(); + + while (resultSet.next()) { + System.out.println("Logged in as: " + resultSet.getString("username")); + } + + resultSet.close(); + statement.close(); + conn.close(); + } catch (SQLException e) { + e.printStackTrace(); + } + } +} diff --git a/test.py b/test.py new file mode 100644 index 00000000..fb60e3a9 --- /dev/null +++ b/test.py @@ -0,0 +1 @@ +dfdsfdfdf diff --git a/v.py b/v.py new file mode 100644 index 00000000..ffcf4de4 --- /dev/null +++ b/v.py @@ -0,0 +1,11 @@ +import os + +def insecure_file_access(filename): + if filename.endswith(".txt"): + with open(filename, "r") as file: + content = file.read() + print("File contents:", content) + +if __name__ == "__main__": + user_input = input("Enter a file name: ") + insecure_file_access(user_input)