Fix security issue: Hardcoded Neo4j Database Credentials in Jupyter Notebook (CWE-798)

2025-05-22 07:59:26 +00:00 · 2025-05-22 07:59:26 +00:00 · d7f13dd42b
commit d7f13dd42b
parent b1b4ae3d5f
1 changed files with 22 additions and 9 deletions
--- a/notebooks/cognee_graphiti_demo.ipynb
+++ b/notebooks/cognee_graphiti_demo.ipynb
@ -62,6 +62,8 @@
   "outputs": [],
   "source": [
    "import os\n",
+    "import warnings\n",
+    "import getpass\n",
    "\n",
    "# We ignore warnigns for now\n",
    "warnings.filterwarnings(\"ignore\")\n",
@ -74,15 +76,26 @@
    "if \"OPENAI_API_KEY\" not in os.environ:\n",
    "    os.environ[\"OPENAI_API_KEY\"] = \"\"\n",
    "\n",
-    "GRAPH_DATABASE_PROVIDER = \"neo4j\"\n",
-    "GRAPH_DATABASE_USERNAME = \"neo4j\"\n",
-    "GRAPH_DATABASE_PASSWORD = \"pleaseletmein\"\n",
-    "GRAPH_DATABASE_URL = \"bolt://localhost:7687\"\n",
+    "# Securely set graph DB configuration, avoiding hard-coded credentials\n",
+    "if \"GRAPH_DATABASE_PROVIDER\" not in os.environ:\n",
+    "    os.environ[\"GRAPH_DATABASE_PROVIDER\"] = \"neo4j\"\n",
    "\n",
-    "os.environ[\"GRAPH_DATABASE_PROVIDER\"] = GRAPH_DATABASE_PROVIDER\n",
-    "os.environ[\"GRAPH_DATABASE_USERNAME\"] = GRAPH_DATABASE_USERNAME\n",
-    "os.environ[\"GRAPH_DATABASE_PASSWORD\"] = GRAPH_DATABASE_PASSWORD\n",
-    "os.environ[\"GRAPH_DATABASE_URL\"] = GRAPH_DATABASE_URL\n"
+    "if \"GRAPH_DATABASE_URL\" not in os.environ:\n",
+    "    os.environ[\"GRAPH_DATABASE_URL\"] = \"bolt://localhost:7687\"\n",
+    "\n",
+    "if \"GRAPH_DATABASE_USERNAME\" not in os.environ:\n",
+    "    # Prompt user for username if not set\n",
+    "    username = input(\"Enter Neo4j database username: \")\n",
+    "    os.environ[\"GRAPH_DATABASE_USERNAME\"] = username.strip()\n",
+    "else:\n",
+    "    username = os.environ[\"GRAPH_DATABASE_USERNAME\"]\n",
+    "\n",
+    "if \"GRAPH_DATABASE_PASSWORD\" not in os.environ:\n",
+    "    # Securely prompt user for password if not set\n",
+    "    password = getpass.getpass(\"Enter Neo4j database password: \")\n",
+    "    os.environ[\"GRAPH_DATABASE_PASSWORD\"] = password\n",
+    "else:\n",
+    "    password = os.environ[\"GRAPH_DATABASE_PASSWORD\"]\n"
   ]
  },
  {
@ -222,4 +235,4 @@
 },
 "nbformat": 4,
 "nbformat_minor": 2
-}
+}