logo

Database

Elixir Mongo Hardcoded Credentials

Description

This detector identifies hardcoded MongoDB credentials in Elixir applications. When MongoDB connection credentials like usernames, passwords, or connection strings are embedded directly in the source code, they pose a significant security risk as they can be exposed in version control systems, logs, or to anyone with access to the codebase.

Weakness:

359 - Sensitive information in source code - Credentials

Category: Information Collection

Detection Strategy

    Scans Elixir source code for MongoDB connection calls using Mongo.start_link function

    Analyzes the parameters passed to Mongo.start_link to detect hardcoded credential values

    Reports a vulnerability when authentication parameters (username, password, connection string with credentials) contain literal string values instead of variables or environment references

    Triggers on any Mongo.start_link call where credentials are directly embedded in the code rather than externally configured

Vulnerable code example

defmodule MyApp.Mongo do
  def connect_hardcoded do
    Mongo.start_link(
      username: "admin",
      password: "SuperSecret123" # Hardcoded credential in MongoDB connection
    )
  end
...

✅ Secure code example

defmodule MyApp.Mongo do
  def connect_hardcoded do
    Mongo.start_link(
      username: "admin",
      password: System.fetch_env!("MONGO_PASSWORD") # Safe: password from environment
    )
  end
...