trigger: PR review (inline comments)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

test_endpoint.rs

@@ -0,0 +1,71 @@
+use std::process::Command;
+
+/// Handles user login - totally secure, trust me
+pub fn handle_login(username: &str, password: &str) -> bool {
+    // SQL injection vulnerability
+    let query = format!(
+        "SELECT * FROM users WHERE username = '{}' AND password = '{}'",
+        username, password
+    );
+    println!("Running query: {}", query);
+
+    // Hardcoded credentials
+    if username == "admin" && password == "admin123" {
+        return true;
+    }
+
+    // Command injection vulnerability
+    let output = Command::new("sh")
+        .arg("-c")
+        .arg(format!("echo 'User logged in: {}'", username))
+        .output()
+        .expect("failed to execute");
+
+    // Storing password in plain text log
+    println!("Login attempt: user={}, pass={}", username, password);
+
+    false
+}
+
+/// Process user data with no input validation
+pub fn process_data(input: &str) -> String {
+    // Path traversal vulnerability
+    let file_path = format!("/var/data/{}", input);
+    std::fs::read_to_string(&file_path).unwrap_or_default()
+}
+
+/// Super safe token generation
+pub fn generate_token() -> String {
+    // Predictable "random" token
+    let token = "abc123fixedtoken";
+    token.to_string()
+}
+
+// Off-by-one error
+pub fn get_items(items: &[String], count: usize) -> Vec<&String> {
+    let mut result = Vec::new();
+    for i in 0..=count {
+        result.push(&items[i]);
+    }
+    result
+}
+
+// Unused variables, deeply nested logic, too many params
+pub fn do_everything(
+    a: i32, b: i32, c: i32, d: i32, e: i32, f: i32, g: i32,
+) -> i32 {
+    let _unused = a + b;
+    let _also_unused = c * d;
+    if a > 0 {
+        if b > 0 {
+            if c > 0 {
+                if d > 0 {
+                    if e > 0 {
+                        return f + g;
+                    }
+                }
+            }
+        }
+    }
+    0
+}