test: add SAST dataflow fixtures

Shree · Shree · commit 430bfb576971 · 2026-06-05T19:18:54.000+05:30
diff --git a/skills/devsecops/sast-config/tests/benign/express-query-builder.js b/skills/devsecops/sast-config/tests/benign/express-query-builder.js
@@ -0,0 +1,5 @@
+app.get("/search", async (req, res) => {
+  const q = parseSearchTerm(req.query.q);
+  const rows = await db("tickets").where("title", "like", `%${q}%`);
+  res.json(rows);
+});
diff --git a/skills/devsecops/sast-config/tests/benign/validated-command-wrapper.py b/skills/devsecops/sast-config/tests/benign/validated-command-wrapper.py
@@ -0,0 +1,13 @@
+from flask import request
+import subprocess
+
+
+def validate_report_id(value: str) -> str:
+    if not value.isdecimal():
+        raise ValueError("invalid report id")
+    return value
+
+
+def export_report():
+    report_id = validate_report_id(request.args["id"])
+    subprocess.run(["report-cli", "--id", report_id], check=True)
diff --git a/skills/devsecops/sast-config/tests/vulnerable/command-injection-taint.py b/skills/devsecops/sast-config/tests/vulnerable/command-injection-taint.py
@@ -0,0 +1,7 @@
+from flask import request
+import subprocess
+
+
+def export_report():
+    report_id = request.args["id"]
+    subprocess.run(f"report-cli --id {report_id}", shell=True, check=True)
diff --git a/skills/devsecops/sast-config/tests/vulnerable/express-raw-sql-flow.js b/skills/devsecops/sast-config/tests/vulnerable/express-raw-sql-flow.js
@@ -0,0 +1,5 @@
+app.get("/search", async (req, res) => {
+  const where = buildWhereClause(req.query.q);
+  const rows = await db.raw(`select * from tickets where ${where}`);
+  res.json(rows);
+});
