From a73ac01ef2446a7f051a3fffd48b90b94847ebb6 Mon Sep 17 00:00:00 2001
From: Sam Wu <22262939+samjwu@users.noreply.github.com>
Date: Wed, 1 May 2024 10:14:20 -0600
Subject: [PATCH] Add example code for CodeQL to flag

---
 test.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 test.py

diff --git a/test.py b/test.py
new file mode 100644
index 000000000..35b49c536
--- /dev/null
+++ b/test.py
@@ -0,0 +1,24 @@
+import sqlite3
+
+def get_user_data(username):
+    query = "SELECT * FROM users WHERE username = '" + username + "'"
+    
+    try:
+        conn = sqlite3.connect('database.db')
+        cursor = conn.cursor()
+        cursor.execute(query)
+        
+        rows = cursor.fetchall()
+        for row in rows:
+            print("User ID:", row[0])
+            print("Username:", row[1])
+            print("Email:", row[2])
+        
+        cursor.close()
+        conn.close()
+    except sqlite3.Error as e:
+        print("Error executing SQLite query:", e)
+
+# Simulate user input with potential SQL injection
+username_input = "admin' OR '1'='1"
+get_user_data(username_input)