From d8d3d996c4d52886b97e84d6c5c7c3b2564dc50a Mon Sep 17 00:00:00 2001
From: Ana Scolari <127357173+apsscolari@users.noreply.github.com>
Date: Mon, 15 Sep 2025 22:08:11 -0700
Subject: [PATCH] Implement dangerous function for user input execution

Added a dangerous function that executes user input as a shell command.
---
 test.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/test.py b/test.py
index 360ad4a..856a291 100644
--- a/test.py
+++ b/test.py
@@ -2,6 +2,7 @@
 
 import os
 from dotenv import load_dotenv
+import subprocess
 
 #to trigger secret scanning
 user = 'test'
@@ -10,7 +11,15 @@
 google_api_token = "AIzaSyAQfxPJiounkhOjODEO5ZieffeBv6yft2Q"
 gh_PAT = "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"
 
+
+def dangerous(user_input):
+    # BAD: user input is passed directly to shell=True, which is dangerous!
+    subprocess.call(f"echo {user_input}", shell=True)
+
 # main
 if __name__ == '__main__':
 
     print('hello Github world')
+
+    user_input = input("Enter something: ")
+    dangerous(user_input)