Python Hardcoded Db Credentials
Description
Detects hardcoded database passwords in PyMySQL database connection calls. This represents a security risk since credentials embedded directly in source code can be easily exposed through version control systems or code access, potentially leading to unauthorized database access.
Detection Strategy
• Look for database connection attempts using 'pymysql.connect'
• Check if the connection call includes a 'password' parameter
• Verify if the password value is a hardcoded string literal rather than a variable or environment reference
• Report a vulnerability if credentials are directly embedded in the code instead of being retrieved from secure configuration
Vulnerable code example
import pymysql
# Insecure: Hardcoded credentials directly in code
DB_PASSWORD = "P@ssw0rd123" # Vulnerable: Sensitive data in source code
def connect_to_db():
connection = pymysql.connect(
host="localhost",...✅ Secure code example
import os
import pymysql
from dotenv import load_dotenv
# Load environment variables from .env file
load_dotenv()
def connect_to_db():...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.