security(pg0): add HINDSIGHT_API_PG0_PASSWORD env var and log warning on default#2799
Open
handnewb wants to merge 1 commit into
Open
security(pg0): add HINDSIGHT_API_PG0_PASSWORD env var and log warning on default#2799handnewb wants to merge 1 commit into
handnewb wants to merge 1 commit into
Conversation
… on default The pg0 embedded PostgreSQL database used hardcoded credentials (user='hindsight', password='hindsight') with no way to override except by passing explicit kwargs. This adds: - HINDSIGHT_API_PG0_PASSWORD env var to override the password - WARNING log when the hardcoded default is active - Backward compatible: existing callers continue to work unchanged Found during cybersecurity audit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The pg0 embedded PostgreSQL database used hardcoded credentials (
user='hindsight',password='hindsight') with no way to override except by passing explicit kwargs toEmbeddedPostgres().While pg0 only listens on localhost by default, containerized deployments where the pg0 port is accidentally mapped to the host create a risk — an attacker on the same network could connect with known credentials.
Changes
HINDSIGHT_API_PG0_PASSWORDenv var to override the default password_resolve_default_password()function that checks the env var firstEmbeddedPostgres.__init__()now usesNoneas default forpassword, resolving via_resolve_default_password()WARNINGwhen the hardcoded default is activeVerification
HINDSIGHT_API_PG0_PASSWORDoverrides the hardcoded defaultFound during cybersecurity audit.