Resolve vulnerability: Use of hard-coded password
AI GENERATED PATCH
The suggested code changes were generated by GitLab Duo Vulnerability Resolution, an AI feature. Use this feature with caution. Before you apply the code changes, carefully review and test them, to ensure that they solve the vulnerability, don't harm the functional behavior of your application or introduce new vulnerabilities.
The large language model that generated the suggested code changes was only provided with the affected lines of code, and the vulnerability in that code. It is not aware of any functionality outside of this context.
Please see our documentation for more information about this feature. We'd love to hear your feedback so we can improve on this feature as we work to bring it to general availability.
Description:
A potential hard-coded password was identified in a hard-coded string. Passwords should not be stored directly in code but loaded from secure locations such as a Key Management System (KMS).
The purpose of using a Key Management System is so access can be audited and keys easily rotated in the event of a breach. By hardcoding passwords, it will be extremely difficult to determine when or if, a key is compromised.
The recommendation on which KMS to use depends on the environment the application is running in:
- For Google Cloud Platform consider Cloud Key Management
- For Amazon Web Services consider AWS Key Management
- For on premise or other alternatives to cloud providers, consider Hashicorp's Vault
- For other cloud providers, please see their documentation
- Severity: critical
- Confidence: unknown
- Location: backend/db/lib/src/main/java/org/example/DatabaseQuery.java:26
Identifiers:
- A2:2017 - Broken Authentication
- CWE-259
- Find Security Bugs-HARD_CODE_PASSWORD
- A07:2021 - Identification and Authentication Failures
- find_sec_bugs.HARD_CODE_PASSWORD-1