test: add vulnerable code for final demo

[Codewithaiyan]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
vibe-guard	Ready	Preview, Comment	May 31, 2026 4:55pm

[github-actions]

VibeGuard Security Scan Results

Scan Type	File	Score	Risk Level
Code	demo/test_vulnerable.py	20/100	CRITICAL

Code Vulnerabilities

demo/test_vulnerable.py

• Hardcoded Secrets (Line 5)
  Description: The database password and API key are hardcoded in the source code, which can lead to unauthorized access if the code is exposed.
  Fix suggestion: Store sensitive information in environment variables or a secure vault instead of hardcoding them.
• SQL Injection (Line 10)
  Description: The SQL query is constructed using string concatenation, making it vulnerable to SQL injection attacks.
  Fix suggestion: Use parameterized queries or prepared statements to safely handle user input.
• Command Injection (Line 14)
  Description: The user input is directly passed to the os.system command, which can lead to command injection vulnerabilities.
  Fix suggestion: Use safer alternatives like subprocess.run with proper input validation and sanitization.

Dependency Vulnerabilities

No supported dependency files changed in this PR.

Dependency Scan Notes

No dependency scan notes because no supported dependency files changed.

---

Powered by VibeGuard