From b2a0fa8be9b6839cfe33d7de287f4748240091ea Mon Sep 17 00:00:00 2001
From: "david.dai" <david.dai@tron.network>
Date: Thu, 9 Apr 2026 22:19:07 +0800
Subject: [PATCH 1/2] test: add security test demo with intentional
 vulnerabilities

Add a demo file with intentional security issues (SQL injection,
hardcoded credentials, command injection, insecure random) to
test the AI security audit workflow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../java/org/tron/demo/SecurityTestDemo.java  | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 src/main/java/org/tron/demo/SecurityTestDemo.java

diff --git a/src/main/java/org/tron/demo/SecurityTestDemo.java b/src/main/java/org/tron/demo/SecurityTestDemo.java
new file mode 100644
index 00000000..c93c0bc4
--- /dev/null
+++ b/src/main/java/org/tron/demo/SecurityTestDemo.java
@@ -0,0 +1,40 @@
+package org.tron.demo;
+
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.Statement;
+
+/**
+ * This is a DEMO file to test AI security audit.
+ * It contains intentional security issues for testing purposes only.
+ * DO NOT use in production.
+ */
+public class SecurityTestDemo {
+
+    // Hardcoded credentials (security issue)
+    private static final String DB_PASSWORD = "admin123456";
+    private static final String PRIVATE_KEY = "aabbccdd11223344aabbccdd11223344aabbccdd11223344aabbccdd11223344";
+
+    // SQL injection vulnerability (security issue)
+    public void queryUser(String userId) throws Exception {
+        Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/test", "root", DB_PASSWORD);
+        Statement stmt = conn.createStatement();
+        String sql = "SELECT * FROM users WHERE id = '" + userId + "'";
+        stmt.executeQuery(sql);
+    }
+
+    // Command injection vulnerability (security issue)
+    public void checkAddress(String address) throws Exception {
+        Runtime.getRuntime().exec("curl http://api.trongrid.io/v1/accounts/" + address);
+    }
+
+    // Insecure random for key generation (security issue)
+    public String generateToken() {
+        java.util.Random random = new java.util.Random();
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < 32; i++) {
+            sb.append(Integer.toHexString(random.nextInt(16)));
+        }
+        return sb.toString();
+    }
+}

From 61c12ede5e1ecaec5a9d791e9ec05882a94a5437 Mon Sep 17 00:00:00 2001
From: "david.dai" <david.dai@tron.network>
Date: Thu, 9 Apr 2026 22:55:02 +0800
Subject: [PATCH 2/2] chore: retrigger AI security audit