[ { "snippet_id": "hard_001", "filename": "db.py", "code": "def load_user(cursor, user_id):\n query = f\"SELECT * FROM users WHERE id = {user_id}\"\n return cursor.execute(query).fetchone()", "context": "Used by an internal admin dashboard.", "gold_issues": [ { "issue_id": "hard_001_sqli", "line": 2, "issue_type": "SECURITY", "severity": "CRITICAL", "description": "SQL query interpolates user input directly and is vulnerable to SQL injection.", "required": true, "explanation_keywords": ["sql injection", "parameterized", "query", "interpolate", "user input"], "fix_keywords": ["parameterized", "placeholder", "bind", "params"], "owasp_category": "A03:2021-Injection", "owasp_keywords": ["owasp", "injection", "a03"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_002", "filename": "settings.py", "code": "API_KEY = \"sk-live-hardcoded-secret\"\n\ndef get_auth_header():\n return {\"Authorization\": f\"Bearer {API_KEY}\"}", "gold_issues": [ { "issue_id": "hard_002_secret", "line": 1, "issue_type": "SECURITY", "severity": "HIGH", "description": "Hardcoded API secret in source code.", "required": true, "explanation_keywords": ["hardcoded", "secret", "api key", "credential"], "fix_keywords": ["environment", "vault", "secret manager", "config"], "owasp_category": "A07:2021-Identification and Authentication Failures", "owasp_keywords": ["secret", "credential", "authentication", "owasp"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_003", "filename": "storage.py", "code": "from pathlib import Path\n\ndef read_report(base_dir, user_filename):\n path = Path(base_dir) / user_filename\n return path.read_text()", "gold_issues": [ { "issue_id": "hard_003_path_traversal", "line": 4, "issue_type": "SECURITY", "severity": "HIGH", "description": "User-controlled file path can escape the intended directory.", "required": true, "explanation_keywords": ["path traversal", "directory", "user filename", "path"], "fix_keywords": ["resolve", "validate", "allowlist", "basename"], "owasp_category": "A01:2021-Broken Access Control", "owasp_keywords": ["broken access control", "path traversal", "owasp", "a01"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_004", "filename": "net.py", "code": "import os\n\ndef ping(hostname):\n return os.system(f\"ping -c 1 {hostname}\")", "gold_issues": [ { "issue_id": "hard_004_command_injection", "line": 4, "issue_type": "SECURITY", "severity": "CRITICAL", "description": "Shell command is built from user input, allowing command injection.", "required": true, "explanation_keywords": ["command injection", "shell", "os.system", "user input"], "fix_keywords": ["subprocess", "argument list", "shell false", "validate"], "owasp_category": "A03:2021-Injection", "owasp_keywords": ["owasp", "injection", "a03", "command injection"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_005", "filename": "serializer.py", "code": "import pickle\n\ndef load_session(user_data):\n return pickle.loads(user_data)", "gold_issues": [ { "issue_id": "hard_005_pickle", "line": 4, "issue_type": "SECURITY", "severity": "CRITICAL", "description": "Untrusted pickle deserialization can lead to arbitrary code execution.", "required": true, "explanation_keywords": ["pickle", "deserialization", "arbitrary code", "untrusted"], "fix_keywords": ["json", "safe format", "validate", "trusted"], "owasp_category": "A08:2021-Software and Data Integrity Failures", "owasp_keywords": ["integrity", "deserialization", "owasp", "a08"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_006", "filename": "crypto.py", "code": "import hashlib\n\ndef hash_password(password):\n return hashlib.md5(password.encode()).hexdigest()", "gold_issues": [ { "issue_id": "hard_006_weak_crypto", "line": 4, "issue_type": "SECURITY", "severity": "HIGH", "description": "Uses MD5 for password hashing, which is cryptographically weak.", "required": true, "explanation_keywords": ["md5", "weak", "hash", "password", "crypto"], "fix_keywords": ["bcrypt", "argon2", "scrypt", "salt"], "owasp_category": "A02:2021-Cryptographic Failures", "owasp_keywords": ["cryptographic", "owasp", "a02", "weak crypto"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_007", "filename": "shell.py", "code": "import subprocess\n\ndef run(cmd):\n return subprocess.run(cmd, shell=True, check=True)", "gold_issues": [ { "issue_id": "hard_007_shell_true", "line": 4, "issue_type": "SECURITY", "severity": "CRITICAL", "description": "Runs shell commands with shell=True on untrusted input.", "required": true, "explanation_keywords": ["shell=true", "subprocess", "command injection", "shell"], "fix_keywords": ["shell false", "argument list", "validate", "subprocess"], "owasp_category": "A03:2021-Injection", "owasp_keywords": ["owasp", "injection", "a03", "shell"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_008", "filename": "redirects.py", "code": "def login_redirect(next_url):\n return {\"location\": next_url, \"status\": 302}", "gold_issues": [ { "issue_id": "hard_008_open_redirect", "line": 2, "issue_type": "SECURITY", "severity": "HIGH", "description": "Redirect target is fully user-controlled, creating an open redirect.", "required": true, "explanation_keywords": ["open redirect", "redirect", "next_url", "user controlled"], "fix_keywords": ["allowlist", "relative path", "validate", "trusted host"], "owasp_category": "A01:2021-Broken Access Control", "owasp_keywords": ["owasp", "broken access control", "open redirect", "a01"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_009", "filename": "orders.py", "code": "def view_order(request, db):\n order_id = request.query_params[\"order_id\"]\n return db.get_order(order_id)", "context": "Customer dashboard handler.", "gold_issues": [ { "issue_id": "hard_009_idor", "line": 3, "issue_type": "SECURITY", "severity": "HIGH", "description": "Looks up an order by user-supplied id without an ownership check, enabling IDOR.", "required": true, "explanation_keywords": ["idor", "ownership", "authorization", "access control", "order id"], "fix_keywords": ["authorize", "ownership", "current user", "scoped query"], "owasp_category": "A01:2021-Broken Access Control", "owasp_keywords": ["owasp", "broken access control", "idor", "a01"] } ], "must_approve": false, "must_reject": true }, { "snippet_id": "hard_010", "filename": "yaml_loader.py", "code": "import yaml\n\ndef parse_config(data):\n return yaml.load(data, Loader=yaml.Loader)", "gold_issues": [ { "issue_id": "hard_010_yaml_load", "line": 4, "issue_type": "SECURITY", "severity": "HIGH", "description": "Unsafe YAML loader can construct arbitrary Python objects from untrusted input.", "required": true, "explanation_keywords": ["yaml.load", "unsafe", "loader", "object", "untrusted"], "fix_keywords": ["safe_load", "safe loader", "validate", "trusted"], "owasp_category": "A08:2021-Software and Data Integrity Failures", "owasp_keywords": ["owasp", "integrity", "yaml", "a08"] } ], "must_approve": false, "must_reject": true } ]