test: Add Python security vulnerabilities test case

.github/ai-skills/developers/satya-blend360.json

@@ -0,0 +1,6 @@
+{
+  "name": "satya-blend360",
+  "pr_count": 1,
+  "common_issues": [],
+  "last_pr": "2026-05-27T18:57:54.667461"
+}

.github/ai-skills/learned-patterns.json

@@ -0,0 +1,8 @@
+{
+  "common_bugs": [],
+  "recurring_issues": [],
+  "accepted_suggestions": [],
+  "rejected_patterns": [],
+  "tech_specific_rules": {},
+  "last_updated": "2026-05-27T18:57:54.667078"
+}

.github/ai-skills/project-analysis.json

@@ -0,0 +1,15 @@
+{
+  "tech_stack": [
+    "Node.js/JavaScript",
+    "Express",
+    "TypeScript",
+    "Python"
+  ],
+  "patterns": {
+    "naming": {
+      "camelCase": 3,
+      "snake_case": 1
+    }
+  },
+  "last_updated": "2026-05-27T18:57:40+00:00"
+}

requirements.txt

@@ -0,0 +1,4 @@
+Flask>=3.0.0
+requests>=2.31.0
+psycopg2-binary>=2.9.0
+python-dotenv>=1.0.0

test-python-api.py

@@ -0,0 +1,116 @@
+# Test file for Python security review
+# This file contains intentional security vulnerabilities and code quality issues
+
+import os
+import sqlite3
+from flask import Flask, request, jsonify
+
+app = Flask(__name__)
+
+# 🔴 CRITICAL: Hardcoded credentials
+DATABASE_URL = "postgresql://admin:password123@localhost/prod"
+SECRET_KEY = "supersecretkey12345"
+API_TOKEN = "sk-1234567890abcdefghijklmnop"
+
+# 🔴 CRITICAL: SQL Injection vulnerability
+@app.route('/user/<username>')
+def get_user(username):
+    conn = sqlite3.connect('users.db')
+    cursor = conn.cursor()
+    # Direct string interpolation - SQL injection!
+    query = f"SELECT * FROM users WHERE username = '{username}'"
+    cursor.execute(query)
+    result = cursor.fetchone()
+    return jsonify(result)
+
+# 🟠 HIGH: Command injection vulnerability
+@app.route('/backup')
+def backup_data():
+    filename = request.args.get('filename')
+    # No input validation - command injection!
+    os.system(f'tar -czf {filename} /var/data')
+    return "Backup created"
+
+# 🟠 HIGH: Missing error handling
+@app.route('/api/data')
+def fetch_data():
+    response = request.get('https://api.external.com/data')
+    data = response.json()  # Will crash if request fails!
+    return jsonify(data)
+
+# 🟡 MEDIUM: Using eval() - code injection risk
+@app.route('/calculate')
+def calculate():
+    expression = request.args.get('expr')
+    result = eval(expression)  # Never use eval with user input!
+    return str(result)
+
+# 🟡 MEDIUM: Poor error handling, exposing stack traces
+@app.route('/divide')
+def divide():
+    a = int(request.args.get('a'))
+    b = int(request.args.get('b'))
+    return str(a / b)  # No zero division check!
+
+# 🟡 MEDIUM: Missing type hints and docstrings
+def process_payment(user_id, amount, currency):
+    if amount > 0:
+        charge_card(user_id, amount)
+        send_receipt(user_id)
+        return True
+    return False
+
+# 🟢 LOW: Debug mode enabled in production
+if __name__ == '__main__':
+    app.run(debug=True, host='0.0.0.0')  # Debug mode in production!
+
+# 🟢 LOW: Not following PEP 8
+def CalculateTotal(items,tax_rate):  # Should be snake_case
+    Total=0  # Should be lowercase
+    for item in items:
+        Total+=item['price']*item['qty']
+    return Total*(1+tax_rate)
+
+# ✅ GOOD: Well-written function with proper error handling
+def get_user_by_id(user_id: int) -> dict:
+    """
+    Fetch user by ID with proper error handling.
+
+    Args:
+        user_id: The unique identifier for the user
+
+    Returns:
+        dict: User data or None if not found
+
+    Raises:
+        ValueError: If user_id is invalid
+        DatabaseError: If database connection fails
+    """
+    if not isinstance(user_id, int) or user_id <= 0:
+        raise ValueError("Invalid user ID")
+
+    try:
+        conn = sqlite3.connect('users.db')
+        cursor = conn.cursor()
+
+        # Using parameterized query to prevent SQL injection
+        cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
+        result = cursor.fetchone()
+
+        if result:
+            return {
+                'id': result[0],
+                'username': result[1],
+                'email': result[2]
+            }
+        return None
+
+    except sqlite3.Error as e:
+        raise DatabaseError(f"Failed to fetch user: {e}")
+    finally:
+        if conn:
+            conn.close()
+# Test trigger
+
+# Trigger
+# Final trigger