From b7343c3598824b95e5f422efbcb3aba953781b28 Mon Sep 17 00:00:00 2001
From: Reuben Hillyer <reuben.hillyer@madetech.com>
Date: Wed, 15 Oct 2025 11:02:47 +0100
Subject: [PATCH] Add python file with security vulnerabilities

---
 Exercises/python.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 Exercises/python.py

diff --git a/Exercises/python.py b/Exercises/python.py
new file mode 100644
index 0000000..549a959
--- /dev/null
+++ b/Exercises/python.py
@@ -0,0 +1,26 @@
+from flask import Flask, request, render_template
+import sqlite3
+
+app = Flask(__name__)
+
+@app.route('/search')
+def search_users():
+    search_term = request.args.get('name')
+    
+    conn = sqlite3.connect('users.db')
+    cursor = conn.cursor()
+    
+    # Find users matching the search
+    query = f"SELECT username, email FROM users WHERE username LIKE '%{search_term}%'"
+    cursor.execute(query)
+    results = cursor.fetchall()
+    
+    return render_template('results.html', users=results)
+
+@app.route('/admin')
+def admin_panel():
+    user_role = request.args.get('role')
+    if user_role == 'admin':
+        return render_template('admin.html')
+    else:
+        return "Access Denied"
\ No newline at end of file