Update database.yml

[jordan-dr]

No description provided.

[dryrunsecurity]

🔴 Risk threshold exceeded.

This pull request contains multiple critical security vulnerabilities, including hardcoded credentials in the database configuration file and a potential GraphQL authentication bypass that would allow unauthorized access to mutation endpoints.

Hardcoded Credentials in config/database.yml

Vulnerability	Hardcoded Credentials
Description	A hardcoded password 'lsjdfa8u4uqf' is directly embedded in the database configuration file. This poses a significant security risk as the password is easily discoverable by anyone with access to the source code. Hardcoded credentials can lead to unauthorized access if the password is not changed or if the configuration file is exposed.

rails-projects/config/database.yml

Lines 5 to 13 in 6d3ac49

	# gem "sqlite3"
	#
	<% user = ENV.key?("POSTGRESQL_ADMIN_PASSWORD") ? "root" : ENV["POSTGRESQL_USER"] %>
	<% password = "lsjdfa8u4uqf" %>
	<% db_service = ENV.fetch("DATABASE_SERVICE_NAME","").upcase %>
	default: &default
	adapter: sqlite3

Code Policy: hardcoded-creds

Policy	hardcoded-creds
Result	Yes, this change adds a hard-coded credential in config/database.yml. A password value is directly hard-coded in the configuration file on line 6 where password is set to a static string value. Guidance: refer issues to the security team

Code Policy: graphql-auth-check

Policy	graphql-auth-check
Result	Yes, this change bypasses authentication by modifying the authorized? method in the BaseMutation class to always return true. Since BaseMutation is the base class for GraphQL mutations, this change would effectively disable authorization checks for all mutations that inherit from this class, allowing any user to access protected mutation endpoints regardless of their authentication status.

---

All finding details can be found in the DryRun Security Dashboard.