Update database.yml by jordan-dr · Pull Request #83 · DryRunSecurity/rails-projects
🔴 Risk threshold exceeded.
This pull request contains multiple critical security vulnerabilities, including hardcoded credentials in the database configuration file and a potential GraphQL authentication bypass that would allow unauthorized access to mutation endpoints.
Hardcoded Credentials in config/database.yml
| Vulnerability | Hardcoded Credentials |
|---|---|
| Description | A hardcoded password 'lsjdfa8u4uqf' is directly embedded in the database configuration file. This poses a significant security risk as the password is easily discoverable by anyone with access to the source code. Hardcoded credentials can lead to unauthorized access if the password is not changed or if the configuration file is exposed. |
rails-projects/config/database.yml
Lines 5 to 13 in 6d3ac49
| # gem "sqlite3" | |
| # | |
| <% user = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? "root" : ENV["POSTGRESQL_USER"] %> | |
| <% password = "lsjdfa8u4uqf" %> | |
| <% db_service = ENV.fetch("DATABASE_SERVICE_NAME","").upcase %> | |
| default: &default | |
| adapter: sqlite3 |
Code Policy: hardcoded-creds
| Policy | hardcoded-creds |
|---|---|
| Result | Yes, this change adds a hard-coded credential in config/database.yml. A password value is directly hard-coded in the configuration file on line 6 where password is set to a static string value. Guidance: refer issues to the security team |
Code Policy: graphql-auth-check
| Policy | graphql-auth-check |
|---|---|
| Result | Yes, this change bypasses authentication by modifying the authorized? method in the BaseMutation class to always return true. Since BaseMutation is the base class for GraphQL mutations, this change would effectively disable authorization checks for all mutations that inherit from this class, allowing any user to access protected mutation endpoints regardless of their authentication status. |
All finding details can be found in the DryRun Security Dashboard.