Add example code for CodeQL to flag

ROCm · May 1, 2024 · a73ac01 · a73ac01
1 parent 2fa11a8
commit a73ac01
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/test.py b/test.py
@@ -0,0 +1,24 @@
+import sqlite3
+
+def get_user_data(username):
+    query = "SELECT * FROM users WHERE username = '" + username + "'"
+
+    try:
+        conn = sqlite3.connect('database.db')
+        cursor = conn.cursor()
+        cursor.execute(query)
+
+        rows = cursor.fetchall()
+        for row in rows:
+            print("User ID:", row[0])
+            print("Username:", row[1])
+            print("Email:", row[2])
+
+        cursor.close()
+        conn.close()
+    except sqlite3.Error as e:
+        print("Error executing SQLite query:", e)
+
+# Simulate user input with potential SQL injection
+username_input = "admin' OR '1'='1"
+get_user_data(username_input)