diff --git a/.github/ai-skills/developers/satya-blend360.json b/.github/ai-skills/developers/satya-blend360.json new file mode 100644 index 0000000..a2837c7 --- /dev/null +++ b/.github/ai-skills/developers/satya-blend360.json @@ -0,0 +1,6 @@ +{ + "name": "satya-blend360", + "pr_count": 1, + "common_issues": [], + "last_pr": "2026-05-27T18:57:54.667461" +} \ No newline at end of file diff --git a/.github/ai-skills/learned-patterns.json b/.github/ai-skills/learned-patterns.json new file mode 100644 index 0000000..8f79da0 --- /dev/null +++ b/.github/ai-skills/learned-patterns.json @@ -0,0 +1,8 @@ +{ + "common_bugs": [], + "recurring_issues": [], + "accepted_suggestions": [], + "rejected_patterns": [], + "tech_specific_rules": {}, + "last_updated": "2026-05-27T18:57:54.667078" +} \ No newline at end of file diff --git a/.github/ai-skills/project-analysis.json b/.github/ai-skills/project-analysis.json new file mode 100644 index 0000000..d4b5101 --- /dev/null +++ b/.github/ai-skills/project-analysis.json @@ -0,0 +1,15 @@ +{ + "tech_stack": [ + "Node.js/JavaScript", + "Express", + "TypeScript", + "Python" + ], + "patterns": { + "naming": { + "camelCase": 3, + "snake_case": 1 + } + }, + "last_updated": "2026-05-27T18:57:40+00:00" +} \ No newline at end of file diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..ee989a5 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +Flask>=3.0.0 +requests>=2.31.0 +psycopg2-binary>=2.9.0 +python-dotenv>=1.0.0 diff --git a/test-python-api.py b/test-python-api.py new file mode 100644 index 0000000..c7b00d2 --- /dev/null +++ b/test-python-api.py @@ -0,0 +1,116 @@ +# Test file for Python security review +# This file contains intentional security vulnerabilities and code quality issues + +import os +import sqlite3 +from flask import Flask, request, jsonify + +app = Flask(__name__) + +# 🔴 CRITICAL: Hardcoded credentials +DATABASE_URL = "postgresql://admin:password123@localhost/prod" +SECRET_KEY = "supersecretkey12345" +API_TOKEN = "sk-1234567890abcdefghijklmnop" + +# 🔴 CRITICAL: SQL Injection vulnerability +@app.route('/user/') +def get_user(username): + conn = sqlite3.connect('users.db') + cursor = conn.cursor() + # Direct string interpolation - SQL injection! + query = f"SELECT * FROM users WHERE username = '{username}'" + cursor.execute(query) + result = cursor.fetchone() + return jsonify(result) + +# 🟠 HIGH: Command injection vulnerability +@app.route('/backup') +def backup_data(): + filename = request.args.get('filename') + # No input validation - command injection! + os.system(f'tar -czf {filename} /var/data') + return "Backup created" + +# 🟠 HIGH: Missing error handling +@app.route('/api/data') +def fetch_data(): + response = request.get('https://api.external.com/data') + data = response.json() # Will crash if request fails! + return jsonify(data) + +# 🟡 MEDIUM: Using eval() - code injection risk +@app.route('/calculate') +def calculate(): + expression = request.args.get('expr') + result = eval(expression) # Never use eval with user input! + return str(result) + +# 🟡 MEDIUM: Poor error handling, exposing stack traces +@app.route('/divide') +def divide(): + a = int(request.args.get('a')) + b = int(request.args.get('b')) + return str(a / b) # No zero division check! + +# 🟡 MEDIUM: Missing type hints and docstrings +def process_payment(user_id, amount, currency): + if amount > 0: + charge_card(user_id, amount) + send_receipt(user_id) + return True + return False + +# 🟢 LOW: Debug mode enabled in production +if __name__ == '__main__': + app.run(debug=True, host='0.0.0.0') # Debug mode in production! + +# 🟢 LOW: Not following PEP 8 +def CalculateTotal(items,tax_rate): # Should be snake_case + Total=0 # Should be lowercase + for item in items: + Total+=item['price']*item['qty'] + return Total*(1+tax_rate) + +# ✅ GOOD: Well-written function with proper error handling +def get_user_by_id(user_id: int) -> dict: + """ + Fetch user by ID with proper error handling. + + Args: + user_id: The unique identifier for the user + + Returns: + dict: User data or None if not found + + Raises: + ValueError: If user_id is invalid + DatabaseError: If database connection fails + """ + if not isinstance(user_id, int) or user_id <= 0: + raise ValueError("Invalid user ID") + + try: + conn = sqlite3.connect('users.db') + cursor = conn.cursor() + + # Using parameterized query to prevent SQL injection + cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,)) + result = cursor.fetchone() + + if result: + return { + 'id': result[0], + 'username': result[1], + 'email': result[2] + } + return None + + except sqlite3.Error as e: + raise DatabaseError(f"Failed to fetch user: {e}") + finally: + if conn: + conn.close() +# Test trigger + +# Trigger +# Final trigger