diff --git a/vuln_test.ts b/vuln_test.ts
new file mode 100644
index 0000000..c7b9241
--- /dev/null
+++ b/vuln_test.ts
@@ -0,0 +1,5 @@
+// Test file with SQL injection vulnerability
+async function getUser(userId: string) {
+  const query = `SELECT * FROM users WHERE id = '${userId}'`;
+  return db.execute(query);
+}