This repository contains INTENTIONALLY VULNERABLE CODE for educational and demonstration purposes.
DO NOT DEPLOY TO PRODUCTION OR PUBLICLY ACCESSIBLE SERVERS!
This demo repository is designed to demonstrate:
- Gemini CLI code review capabilities
- Gemini CLI Security scanning and analysis tools
This is a FastAPI-based Inventory Management System that has been intentionally modified to include OWASP security vulnerabilities:
- Broken Access Control
- Cryptographic Failures
- Injection (SQL & Command)
- Insecure Design
- Security Misconfiguration
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery (SSRF)
-
Change branch to
refactor/analysis-demogit checkout refactor/analysis-demo
-
Creating GEMINI.md for code review best practices
gemini --yolo --output-format text "create a comprehensive best practice on code review guideline for reviewers and write to GEMINI.md" -
Run the code-review process
gemini --yolo --output-format text "/code-review" > code-review.md
-
Run the security scanning process
gemini --yolo --output-format text "/security:analyze" > security-analysis.md
-
Inspect the result on
code-review.mdandsecurity-analysis.md
❌ NOT FOR PRODUCTION USE
❌ DO NOT EXPOSE PUBLICLY
This code is intentionally vulnerable for educational purposes.
Remember: This is vulnerable by design. Never use this code in production!