Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Database password in plain text not warned for kotlin/micronaut api #962

Closed
guilhermepaulozup opened this issue Jan 31, 2022 · 1 comment · Fixed by #972
Closed

Database password in plain text not warned for kotlin/micronaut api #962

guilhermepaulozup opened this issue Jan 31, 2022 · 1 comment · Fixed by #972
Labels
kind/bug Something isn't working project/horusec-engine This issue is related to the project https://github.com/ZupIT/horusec-engine

Comments

@guilhermepaulozup
Copy link
Contributor

What happened:
Built a simple REST API with Kotlin/Micronaut using POSTGRES container as database. The application.yml file is using a plain_text and very simple password ("123456) and Horusec CLI is not warning me about this issue.

src/main/resources/application.yml
image

What you expected to happen:
Horusec CLI should point out the issue of using the plain_text and simple password as a database password

How to reproduce it (as minimally and precisely as possible):

  • Create a Kotlin/Micronaut application from the micronaut launch tool.
  • Add Micronaut Data dependency.
  • Add postgres driver
  • Configure POSTGRES access with plain_text password in application.yml
  • Run horusec CLI: horusec start on src folder.

Anything else we need to know?:

  • Kotlin: v1.6.10
  • Micronaut: v3.2.7

Environment:

  • Horusec version (use horusec version): v2.6.8
  • Operating System: Ubuntu 20.04 LTS
  • Network plugin / Tool and version (if this is a network-related / tool bug):
  • Others: Kotlin
@guilhermepaulozup guilhermepaulozup added the kind/bug Something isn't working label Jan 31, 2022
@matheusalcantarazup
Copy link
Contributor

Thanks for reporting @guilhermepaulozup

@matheusalcantarazup matheusalcantarazup added the project/horusec-engine This issue is related to the project https://github.com/ZupIT/horusec-engine label Feb 3, 2022
@nathanmartinszup nathanmartinszup linked a pull request Feb 4, 2022 that will close this issue
engine/leaks:bugfix - improving leaks rule 26 #972
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working project/horusec-engine This issue is related to the project https://github.com/ZupIT/horusec-engine
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

engine/leaks:bugfix - improving leaks rule 26 ZupIT/horusec
2 participants
@matheusalcantarazup @guilhermepaulozup