tests/security/test_sql_injection.py

import requests

def test_sql_injection_login():
    url = "http://127.0.0.1:8000/api/v1/insightfy/login"
    payload = {"email": "test' OR '1'='1", "otp": "123456"}
    response = requests.post(url, json=payload)
    assert response.status_code != 200, "SQL Injection vulnerability detected!"