compare-agentic-sdks/test-codebase (Test Codebase for Agentic SDK Comparison)

This is an intentionally vulnerable codebase designed to test AI coding assistants' ability to:

1. Identify security vulnerabilities
2. Suggest secure alternatives
3. Understand cross-file dependencies
4. Generate production-ready fixes

Known Issues

user_service.py

• MD5 password hashing (insecure)
• Timing attack vulnerability in authentication
• Predictable session tokens
• Returns password hashes in get_user_data()
• Doesn't invalidate sessions on user deletion

payment_processor.py

• Float for currency (precision issues)
• Stores CVV (PCI-DSS violation)
• Stores full card numbers
• Logs sensitive data
• No input validation
• Float arithmetic for money calculations