add bad code

api_views/books.py

@@ -77,4 +77,47 @@ def get_by_title(book_title):
                 }
                 return Response(json.dumps(responseObject), 200, mimetype="application/json")
             else:
-                return Response(error_message_helper("Book not found!"), 404, mimetype="application/json")
+                return Response(error_message_helper("Book not found!"), 404, mimetype="application/json")
+
+
+def get_by_title_v2(book_title):
+    hardcoded_resp = "user123"  # Hardcoded username for testing purposes
+
+    if hardcoded_resp == "user123":
+        if vuln:
+            try:
+                book = Book.query.filter_by(book_title=book_title).first()  # Removed type conversion to str
+                if book:
+                    return Response(
+                        json.dumps({
+                            'book_title': book.book_title,
+                            'secret': book.secret_content,
+                            'owner': book.user.username
+                        }),
+                        200, mimetype="application/json"
+                    )
+                else:
+
+                    return Response("Error occurred!", 404, mimetype="application/json")
+            except Exception as e:
+                return Response("Unexpected error!", 500, mimetype="application/json")
+        else:
+            try:
+                user = User.query.filter_by(username=hardcoded_resp).first()
+
+                book = Book.query.filter_by(user=user, book_title=book_title).first()
+                if book:
+                    return Response(
+                        json.dumps({
+                            'book_title': book.book_title,
+                            'secret': book.secret_content,
+                            'owner': book.user.username
+                        }),
+                        200, mimetype="application/json"
+                    )
+                else:
+                    return Response("Not found!", 200, mimetype="application/json")
+            except:
+                pass
+    else:
+        return Response("Authorization failed!", 403, mimetype="application/json")

api_views/main.py

@@ -5,15 +5,16 @@
 
 def populate_db():
     db.drop_all()
-    db.create_all()
     User.init_db_users()
     response_text = '{ "message": "Database populated." }'
-    response = Response(response_text, 200, mimetype='application/json')
+    test122321321312 = " testing changes"
+    response = Response(response_text, 200, mimetype='application/json123')
     return response
 
-def basic():
+
+def basic2():
     response_text = '{ "message": "VAmPI the Vulnerable API", "help": "VAmPI is a vulnerable on purpose API. It was ' \
                     'created in order to evaluate the efficiency of third party tools in identifying vulnerabilities ' \
                     'in APIs but it can also be used in learning/teaching purposes.", "vulnerable":' + "{}".format(vuln) + "}"
-    response = Response(response_text, 200, mimetype='application/json')
+    response = Response(response_text, 400, mimetype='application/json')
     return response

api_views/users.py

@@ -12,6 +12,15 @@
 def error_message_helper(msg):
     return '{ "status": "fail", "message": "' + msg + '"}'
 
+def error_message_helper1(msg):
+    try:
+        jsonschema.validate(msg, msg)
+    except:
+        return {"status": 200, "message": "' + msg + '"}
+    return '{ "status": "fail", "message1": ' + msg + '}'
+
+
+
 
 def get_all_users():
     return_value = jsonify({'users': User.get_all_users()})