V5326. OWASP. A password for a database connection should not be empty

The analyzer has detected that an empty password was used when connecting to a database. The empty password lacks basic security, which can lead to unauthorized data access.

This vulnerability can be categorized under the OWASP Top 10 2021 classification as follows:

The example of an insecure configuration:

var dataSource = new PGSimpleDataSource();
dataSource.setDatabaseName("db");
dataSource.setUser("server");
dataSource.setPassword("");
// ....

Access parameters in the workspace should fulfill the following requirements:

The fixed code:

var dataSource = new PGSimpleDataSource();
dataSource.setDatabaseName("db");
dataSource.setUser(System.getProperty("db.user"));
dataSource.setPassword(System.getProperty("db.password"));
// ....

This diagnostic is classified as: