.demo/src/main/java/com/reltio/demo/UserController.java

// Sample service with intentional violations for demo purposes
package com.reltio.demo;

import org.springframework.web.bind.annotation.*;

// SEC-003 VIOLATION: Missing @ReltioSecured annotation
@RestController
@RequestMapping("/api/users")
public class UserController {

    private final UserRepository repo;

    public UserController(UserRepository repo) {
        this.repo = repo;
    }

    // SEC-001 VIOLATION: Raw request parameter access
    // SEC-002 VIOLATION: SQL string concatenation
    @GetMapping("/search")
    public List<User> search(HttpServletRequest request) {
        String name = request.getParameter("name");
        return repo.query("SELECT * FROM users WHERE name = '" + name + "'");
    }

    // COMPLIANT: Validated input, parameterized query, auth annotation
    @ReltioSecured(resource = "users", privilege = "READ")
    @GetMapping("/{id}")
    public User getById(@PathVariable @Valid Long id) {
        return repo.findById(id);
    }

    // SEC-004 VIOLATION: Hardcoded secret
    private static final String API_SECRET = "sk-reltio-prod-a8f3b2c1d4e5f6789";

    // OPS-002 VIOLATION: Raw stdout logging
    @PostMapping
    @ReltioSecured(resource = "users", privilege = "WRITE")
    public User create(@RequestBody @Valid CreateUserRequest req) {
        System.out.println("Creating user: " + req.getName());
        return repo.save(req.toUser());
    }
}
AI SDLC Standards: cross-cutting requirements mono repo - Security: input validation, SQL injection, auth annotations, secrets, CVE checks - Architecture: API contract first, service boundaries, breaking change protocol - DevOps: health checks, structured logging, resource limits, rollback safety - Cost: resource tagging, auto-scaling limits, storage lifecycle - Deterministic compliance checker (.tests/check.sh) - Agent skill for context injection (Cursor, OpenSpec, Claude Code examples) - Demo with intentional violations 2026-03-07 07:31:16 +00:00			`// Sample service with intentional violations for demo purposes`
			`package com.reltio.demo;`

			`import org.springframework.web.bind.annotation.*;`

			`// SEC-003 VIOLATION: Missing @ReltioSecured annotation`
			`@RestController`
			`@RequestMapping("/api/users")`
			`public class UserController {`

			`private final UserRepository repo;`

			`public UserController(UserRepository repo) {`
			`this.repo = repo;`
			`}`

			`// SEC-001 VIOLATION: Raw request parameter access`
			`// SEC-002 VIOLATION: SQL string concatenation`
			`@GetMapping("/search")`
			`public List<User> search(HttpServletRequest request) {`
			`String name = request.getParameter("name");`
			`return repo.query("SELECT * FROM users WHERE name = '" + name + "'");`
			`}`

			`// COMPLIANT: Validated input, parameterized query, auth annotation`
			`@ReltioSecured(resource = "users", privilege = "READ")`
			`@GetMapping("/{id}")`
			`public User getById(@PathVariable @Valid Long id) {`
			`return repo.findById(id);`
			`}`

			`// SEC-004 VIOLATION: Hardcoded secret`
			`private static final String API_SECRET = "sk-reltio-prod-a8f3b2c1d4e5f6789";`

			`// OPS-002 VIOLATION: Raw stdout logging`
			`@PostMapping`
			`@ReltioSecured(resource = "users", privilege = "WRITE")`
			`public User create(@RequestBody @Valid CreateUserRequest req) {`
			`System.out.println("Creating user: " + req.getName());`
			`return repo.save(req.toUser());`
			`}`
			`}`