When relying on the password authentication mode for the database connection, a secure password should be chosen.
This rule raises an issue when an empty password is used.
Noncompliant Code Example
Flask-SQLAlchemy
def configure_app(app):
app.config['SQLALCHEMY_DATABASE_URI'] = "postgresql://user:@domain.com" # Noncompliant
Django
# settings.py
DATABASES = {
'postgresql_db': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'quickdb',
'USER': 'sonarsource',
'PASSWORD': '', # Noncompliant
'HOST': 'localhost',
'PORT': '5432'
}
}
mysql/mysql-connector-python
from mysql.connector import connection
connection.MySQLConnection(host='localhost', user='sonarsource', password='') # Noncompliant
Compliant Solution
Flask-SQLAlchemy
def configure_app(app, pwd):
app.config['SQLALCHEMY_DATABASE_URI'] = f"postgresql://user:{pwd}@domain.com" # Compliant
Django
# settings.py
import os
DATABASES = {
'postgresql_db': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'quickdb',
'USER': 'sonarsource',
'PASSWORD': os.getenv('DB_PASSWORD'), # Compliant
'HOST': 'localhost',
'PORT': '5432'
}
}
mysql/mysql-connector-python
from mysql.connector import connection
import os
db_password = os.getenv('DB_PASSWORD')
connection.MySQLConnection(host='localhost', user='sonarsource', password=db_password) # Compliant
See
