From d7f13dd42b6b8da154ab622670dd79f7c2c228b1 Mon Sep 17 00:00:00 2001
From: "pensarapp[bot]" <182705637+pensarapp[bot]@users.noreply.github.com>
Date: Thu, 22 May 2025 07:59:26 +0000
Subject: [PATCH] Fix security issue: Hardcoded Neo4j Database Credentials in
 Jupyter Notebook (CWE-798)

---
 notebooks/cognee_graphiti_demo.ipynb | 31 ++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/notebooks/cognee_graphiti_demo.ipynb b/notebooks/cognee_graphiti_demo.ipynb
index 79123a483..c0251000d 100644
--- a/notebooks/cognee_graphiti_demo.ipynb
+++ b/notebooks/cognee_graphiti_demo.ipynb
@@ -62,6 +62,8 @@
    "outputs": [],
    "source": [
     "import os\n",
+    "import warnings\n",
+    "import getpass\n",
     "\n",
     "# We ignore warnigns for now\n",
     "warnings.filterwarnings(\"ignore\")\n",
@@ -74,15 +76,26 @@
     "if \"OPENAI_API_KEY\" not in os.environ:\n",
     "    os.environ[\"OPENAI_API_KEY\"] = \"\"\n",
     "\n",
-    "GRAPH_DATABASE_PROVIDER = \"neo4j\"\n",
-    "GRAPH_DATABASE_USERNAME = \"neo4j\"\n",
-    "GRAPH_DATABASE_PASSWORD = \"pleaseletmein\"\n",
-    "GRAPH_DATABASE_URL = \"bolt://localhost:7687\"\n",
+    "# Securely set graph DB configuration, avoiding hard-coded credentials\n",
+    "if \"GRAPH_DATABASE_PROVIDER\" not in os.environ:\n",
+    "    os.environ[\"GRAPH_DATABASE_PROVIDER\"] = \"neo4j\"\n",
     "\n",
-    "os.environ[\"GRAPH_DATABASE_PROVIDER\"] = GRAPH_DATABASE_PROVIDER\n",
-    "os.environ[\"GRAPH_DATABASE_USERNAME\"] = GRAPH_DATABASE_USERNAME\n",
-    "os.environ[\"GRAPH_DATABASE_PASSWORD\"] = GRAPH_DATABASE_PASSWORD\n",
-    "os.environ[\"GRAPH_DATABASE_URL\"] = GRAPH_DATABASE_URL\n"
+    "if \"GRAPH_DATABASE_URL\" not in os.environ:\n",
+    "    os.environ[\"GRAPH_DATABASE_URL\"] = \"bolt://localhost:7687\"\n",
+    "\n",
+    "if \"GRAPH_DATABASE_USERNAME\" not in os.environ:\n",
+    "    # Prompt user for username if not set\n",
+    "    username = input(\"Enter Neo4j database username: \")\n",
+    "    os.environ[\"GRAPH_DATABASE_USERNAME\"] = username.strip()\n",
+    "else:\n",
+    "    username = os.environ[\"GRAPH_DATABASE_USERNAME\"]\n",
+    "\n",
+    "if \"GRAPH_DATABASE_PASSWORD\" not in os.environ:\n",
+    "    # Securely prompt user for password if not set\n",
+    "    password = getpass.getpass(\"Enter Neo4j database password: \")\n",
+    "    os.environ[\"GRAPH_DATABASE_PASSWORD\"] = password\n",
+    "else:\n",
+    "    password = os.environ[\"GRAPH_DATABASE_PASSWORD\"]\n"
    ]
   },
   {
@@ -222,4 +235,4 @@
  },
  "nbformat": 4,
  "nbformat_minor": 2
-}
+}
\ No newline at end of file