logo

Database

Elixir Cassandra Hardcoded Credentials

Description

This detector identifies hardcoded credentials in Elixir Cassandra database connections using the Xandra library. Hardcoded authentication credentials in source code pose a significant security risk as they can be exposed in version control systems, logs, or to unauthorized personnel with code access.

Weakness:

359 - Sensitive information in source code - Credentials

Category: Information Collection

Detection Strategy

    Scans Elixir source files for calls to the Xandra.start_link function which establishes Cassandra database connections

    Examines the authentication parameter passed to Xandra.start_link to check if credentials are provided

    Reports a vulnerability when authentication credentials (username/password) are hardcoded as literal string values in the source code rather than being retrieved from environment variables, configuration files, or secure credential stores

Vulnerable code example

defmodule MyApp.CassandraConnection do
  def connect do
    Xandra.start_link(
      nodes: ["127.0.0.1:9042"],
      # Vulnerable: hardcoded Cassandra credentials
      authentication: {Xandra.Authenticator.Password, [username: "cassandra", password: "SuperSecret123"]}
    )
  end...

✅ Secure code example

defmodule MyApp.CassandraConnection do
  def connect do
    Xandra.start_link(
      nodes: ["127.0.0.1:9042"],
      # Secure: credentials loaded from environment variables instead of hardcoded
      authentication: {Xandra.Authenticator.Password, [
        username: System.fetch_env!("CASSANDRA_USER"), 
        password: System.fetch_env!("CASSANDRA_PASSWORD")...