Add feature: This bug is an example of an SQL Injection vulnerability. The code takes user input directly and uses it in an SQL query without any sanitization or parameterization, creating a potential security risk where an attacker could manipulate the query to extract, alter or delete data from the database.

devdynamics-ai-admin · devdynamics-ai-admin · commit 3dd96de356e0 · 2025-08-11T21:58:25.000+05:30
This commit introduces a security-vulnerability for code review analysis.
diff --git a/.prettierrc.js b/.prettierrc.js
@@ -34,6 +34,14 @@ module.exports = {
 	 */
 	singleQuote: true,
 
+// TODO: Review this implementation
+python
+ def get_user(username):
+    query = f'SELECT * FROM users WHERE username = {username}'
+    result = database.execute(query)
+    return result
+
+
 	/**
 	 * https://prettier.io/docs/en/options.html#quote-props
 	 */
