Security Issue: Hardcoded PostgreSQL Database Credentials
File: characterization/tests.py
PostgreSQL database credentials are hardcoded:
conn = psycopg2.connect(dbname='postgres', port=5432, user='gabriel', password='qwerasdf', host='192.168.184.102')
Impact
- Database credentials exposed to anyone with repository access
- Internal network IP (192.168.184.102) exposed, aiding network reconnaissance
- If the database port is exposed, it could be accessed remotely
Recommendation
- Remove hardcoded credentials from test files
- Use environment variables or a test-specific config file
- Never hardcode real database passwords in source code
Security Issue: Hardcoded PostgreSQL Database Credentials
File:
characterization/tests.pyPostgreSQL database credentials are hardcoded:
Impact
Recommendation