feat(infra): Docker-compose configuration and environment-specific security guards for Beta deployment to Test environment #56
@@ -72,8 +72,28 @@ public static class DbInitializer
|
||||
|
||||
var adminPassword = configuration?["Nexus:AdminPassword"]
|
||||
|
mjasin marked this conversation as resolved
|
||||
?? configuration?["NEXUS_ADMIN_PASSWORD"]
|
||||
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD")
|
||||
?? "Admin123!";
|
||||
?? Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD");
|
||||
|
||||
var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")
|
||||
?? Environment.GetEnvironmentVariable("DOTNET_ENVIRONMENT")
|
||||
?? "Development";
|
||||
var isDevelopment = string.Equals(env, "Development", StringComparison.OrdinalIgnoreCase);
|
||||
|
||||
if (string.IsNullOrEmpty(adminPassword))
|
||||
{
|
||||
if (!isDevelopment)
|
||||
{
|
||||
throw new InvalidOperationException(
|
||||
"CRITICAL SECURITY ERROR: Admin password is NOT configured! " +
|
||||
"In non-Development environments (e.g. Test/Production), the admin password must be explicitly set " +
|
||||
"via configuration ('Nexus:AdminPassword' or 'NEXUS_ADMIN_PASSWORD') or environment variables. " +
|
||||
"Seeding aborted to prevent insecure credentials fallback.");
|
||||
}
|
||||
|
||||
Console.WriteLine("[Seeder] WARNING: Admin password is not set. Falling back to default weak password 'Admin123!' in Development environment.");
|
||||
adminPassword = "Admin123!";
|
||||
}
|
||||
|
||||
adminUser.PasswordHash = passwordHasher.HashPassword(adminUser, adminPassword);
|
||||
|
||||
dbContext.Users.Add(adminUser);
|
||||
|
||||
Reference in New Issue
Block a user
🔴 Blocking — Triple-layer fallback exposes hardcoded default credential in production
The current fallback chain
Nexus:AdminPassword→NEXUS_ADMIN_PASSWORD(fromIConfiguration) →Environment.GetEnvironmentVariable("NEXUS_ADMIN_PASSWORD")→"Admin123!"is dangerous. IfNEXUS_ADMIN_PASSWORDis not injected at container startup (e.g. operator error, mis-spelled var), the process will silently seed the admin account with"Admin123!"without any warning — a critical security regression in Test/Prod.The
Environment.GetEnvironmentVariablecall is also redundant becauseIConfigurationin ASP.NET Core already reads environment variables. You only need two keys, and the final fallback must only be allowed inDevelopment.Suggested fix:
🔴 Blocking — Still unresolved. Silent credential fallback in non-Development environments.
This code is identical to the original. The
"Admin123!"default will still be reached silently in Test/Production ifNEXUS_ADMIN_PASSWORDis absent (e.g. from a typo in the.envfile or a missing Docker secret). Thedocker-compose.test.ymldoes enforce${NEXUS_ADMIN_PASSWORD:?...}at the compose level, but this C# fallback provides a false safety net that can be triggered by non-compose deployments (e.g., directkubectl apply).Please add the environment check before applying the fallback:
This also eliminates the redundant
Environment.GetEnvironmentVariablecall, sinceIConfigurationalready reads env vars.