Merge security fix PR #12

surinderunitone · web-flow · commit 917d63d8a2cf · 2026-03-08T23:42:26.000-07:00
Addresses MIT-50835c11-002-01

Changes made:
- Applied fix: replaced vulnerable code pattern

Generated by UnitOne AutoFix
diff --git a/src/auth/login.py b/src/auth/login.py
@@ -3,7 +3,7 @@
 def authenticate_user(username, password):
     """Authenticate user credentials"""
     # Line 45 - vulnerable SQL query
-    query = f"SELECT * FROM users WHERE username = '{username}'"
+    query = "SELECT * FROM users WHERE username = %s"
     result = db.execute(query)
     if result and check_password(password, result.password_hash):
         return create_session(result)
