Skip to content

PR comment test #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
iben20 wants to merge 3 commits into from
Closed

PR comment test #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f8a09d9
PR comment test
iben20 Feb 18, 2026
c8ab537
Update main.yml
iben20 Feb 18, 2026
967a8d3
Update main.yml
iben20 Feb 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,11 @@ jobs:
### SCANNING OPTIONAL
polaris_application_name: 'susantoblackduck'
polaris_project_name: 'PythonProjects'
polaris_branch_name: 'main'
#polaris_branch_name: 'main'

### SCANNING OPTIONAL: Pull Request comments
polaris_prComment_enabled: true
polaris_branch_parent_name: 'main'
github_token: ${{ secrets.GITHUB_TOKEN }} # Required when Pull Request comments field enabled

### ENABLE OPTIONAL SCAN REPORTS
Expand Down
55 changes: 55 additions & 0 deletions VulnerablePythonScript.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
import os
import subprocess
import requests
from flask import Flask, request

app = Flask(__name__)

# Vulnerability 1: Insecure Use of Subprocess (Command Injection)
@app.route('/ping', methods=['GET'])
def ping():
ip = request.args.get('ip', '')
result = subprocess.check_output(['ping', '-c', '4', ip])
return result

# Vulnerability 2: Hardcoded Credentials
USERNAME = 'admin'
PASSWORD = 'password123'

@app.route('/login', methods=['POST'])
def login():
username = request.form['username']
password = request.form['password']
if username == USERNAME and password == PASSWORD:
return "Login successful"
else:
return "Login failed", 401

# Vulnerability 3: Insecure Deserialization
@app.route('/unserialize', methods=['POST'])
def unserialize():
import pickle
data = request.data
obj = pickle.loads(data)
return str(obj)

# Vulnerability 4: Use of Outdated Library with Known Vulnerabilities
@app.route('/requests_example', methods=['GET'])
def requests_example():
response = requests.get('https://example.com')
return response.content

# Vulnerability 5: SQL Injection
@app.route('/user', methods=['GET'])
def get_user():
user_id = request.args.get('id', '')
query = "SELECT * FROM users WHERE id = '" + user_id + "'"
result = run_query(query) # This function is not defined but simulates a database query
return str(result)

def run_query(query):
# Simulating a database query without proper sanitization (SQL Injection risk)
return "Query result for: " + query

if __name__ == '__main__':
app.run(debug=True)
Loading