supabase-extract-db-string

skills-sh:yoanbernabeu_supabase-pentest-skills__supabase-extract-db-string

View source

76/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

76/100

MEDIUM 3

Findings (3)

MEDIUM

Database connection string CRED_006

credential-leak L74

Detects database connection strings with credentials

postgresql://postgres:MySecretPass123@db.abc123.supabase.co:

FIX

Remove the database connection string and replace it with an environment variable reference. Rotate the database password if the connection string was exposed publicly.

FP?

Likely FP if the connection string uses localhost with no password (e.g., mongodb://localhost:27017/mydb) or is a documented example URI.

MEDIUM

Database connection string CRED_006

credential-leak L101

Detects database connection strings with credentials

postgresql://postgres:pass@db.abc123.supabase.co:

FIX

Remove the database connection string and replace it with an environment variable reference. Rotate the database password if the connection string was exposed publicly.

FP?

Likely FP if the connection string uses localhost with no password (e.g., mongodb://localhost:27017/mydb) or is a documented example URI.

MEDIUM

Database connection string CRED_006

credential-leak L155

Detects database connection strings with credentials

postgresql://postgres:MySecr***@db.abc123def.supabase.co:

FIX

Remove the database connection string and replace it with an environment variable reference. Rotate the database password if the connection string was exposed publicly.

FP?

Likely FP if the connection string uses localhost with no password (e.g., mongodb://localhost:27017/mydb) or is a documented example URI.