From a2bcaa8aaf21faf902645ee531689c3f15593915 Mon Sep 17 00:00:00 2001
From: shekarraj625 <rajshekar.adulla94@gmail.com>
Date: Fri, 30 May 2025 18:14:52 +0530
Subject: [PATCH 1/2] Update AdvancedSecurityJavaApplicationTests.java

---
 .../AdvancedSecurityJavaApplicationTests.java        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/test/java/com/github/hackathon/advancedsecurityjava/AdvancedSecurityJavaApplicationTests.java b/src/test/java/com/github/hackathon/advancedsecurityjava/AdvancedSecurityJavaApplicationTests.java
index c358abf..0d8161a 100644
--- a/src/test/java/com/github/hackathon/advancedsecurityjava/AdvancedSecurityJavaApplicationTests.java
+++ b/src/test/java/com/github/hackathon/advancedsecurityjava/AdvancedSecurityJavaApplicationTests.java
@@ -9,5 +9,15 @@ class AdvancedSecurityJavaApplicationTests {
 	@Test
 	void contextLoads() {
 	}
-
+// Get username from parameters
+String username = request.getParameter("username");
+// Create a statement from database connection
+Statement statement = connection.createStatement();  
+// Create unsafe query by concatenating user defined data with query string
+String query = "SELECT secret FROM Users WHERE (username = '" + username + "' AND NOT role = 'admin')";
+// ... OR ...
+// Insecurely format the query string using user defined data 
+String query = String.format("SELECT secret FROM Users WHERE (username = '%s' AND NOT role = 'admin')", username);
+// Execute query and return the results
+ResultSet result = statement.executeQuery(query);
 }

From 5fd5457fb7f7733fd293ac25de2f293e13250f5c Mon Sep 17 00:00:00 2001
From: Jaiswal <jaiswalronjan@gmail.com>
Date: Thu, 13 Nov 2025 17:34:50 +0530
Subject: [PATCH 2/2] java vulnerable test

---
 .../test/VulnerableLogin.java                 | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 src/main/java/com/github/hackathon/advancedsecurityjava/test/VulnerableLogin.java

diff --git a/src/main/java/com/github/hackathon/advancedsecurityjava/test/VulnerableLogin.java b/src/main/java/com/github/hackathon/advancedsecurityjava/test/VulnerableLogin.java
new file mode 100644
index 0000000..4fd82a1
--- /dev/null
+++ b/src/main/java/com/github/hackathon/advancedsecurityjava/test/VulnerableLogin.java
@@ -0,0 +1,34 @@
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.Statement;
+import java.util.Scanner;
+
+public class VulnerableLogin {
+    public static void main(String[] args) {
+        Scanner scanner = new Scanner(System.in);
+
+        // Hardcoded credentials (bad practice)
+        String dbUrl = "jdbc:mysql://localhost:3306/testdb";
+        String dbUser = "admin";
+        String dbPassword = "password123";
+
+        System.out.print("Enter username: ");
+        String username = scanner.nextLine();
+
+        System.out.print("Enter password: ");
+        String password = scanner.nextLine();
+
+        try {
+            Connection conn = DriverManager.getConnection(dbUrl, dbUser, dbPassword);
+            Statement stmt = conn.createStatement();
+
+            // SQL Injection vulnerability
+            String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
+            stmt.executeQuery(query);
+
+            System.out.println("Login attempted with query: " + query);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}
\ No newline at end of file