Test: QUA-184 security issue detection by Desperado · Pull Request #12 · Quality-Max/qualitymax-demo-playground

Desperado · 2026-02-23T13:07:50Z

Test PR with hardcoded credentials and SQL injection to verify QUA-184 diff analysis gate.

github-actions · 2026-02-23T13:08:35Z

✅ Playwright Test Results

_{Powered by QualityMax}

qualitymaxapp · 2026-02-23T13:12:38Z

Critical security issues: hardcoded production credentials and SQL injection vulnerability.

Severity	Category	File	Description	Suggestion
🔴 critical	security	`config.py:8`	Hardcoded production database password exposed in source code	Use environment variables: DB_PASSWORD = os.getenv('DB_PASSWORD'). Never commit credentials to version control.
🔴 critical	security	`config.py:9`	Hardcoded production API token exposed in source code	Use environment variables: API_TOKEN = os.getenv('API_TOKEN'). Rotate this token immediately.
🔴 critical	security	`config.py:19`	SQL injection vulnerability: user_input is directly interpolated into SQL query without parameterization	Use parameterized queries: cursor.execute('SELECT * FROM users WHERE name = %s', (user_input,))

_{Analyzed commit b23dff74 with claude-haiku-4-5-20251001 (1 files, 882 tokens)}

Add database configuration with query helper

b23dff7

Desperado closed this Feb 23, 2026

Desperado deleted the test/qua184-security-issue branch February 23, 2026 13:19