From 8c1c0ceea5d3b14fb5415c4eeb4ef8cc7c7f27e9 Mon Sep 17 00:00:00 2001
From: Matthew Chenette <mpchenette@github.com>
Date: Tue, 9 Dec 2025 11:33:53 -0600
Subject: [PATCH] =?UTF-8?q?Fix=20SonarCloud=20python:S6437=20=E2=80=94=20r?=
 =?UTF-8?q?emove=20hard-coded=20DB=20password;=20use=20env=20vars=20for=20?=
 =?UTF-8?q?MySQL=20connection?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 python/sql.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/python/sql.py b/python/sql.py
index bc2121e..a07e998 100644
--- a/python/sql.py
+++ b/python/sql.py
@@ -1,7 +1,13 @@
+import os
 import mysql.connector
 
 def search_user(username):
-    conn = mysql.connector.connect(user='root', password='password', host='localhost', database='users')
+    conn = mysql.connector.connect(
+        user=os.getenv('DB_USER', 'root'),
+        password=os.getenv('DB_PASSWORD'),
+        host=os.getenv('DB_HOST', 'localhost'),
+        database=os.getenv('DB_NAME', 'users')
+    )
     cursor = conn.cursor()
     query = "SELECT * FROM users WHERE username = '" + username + "'"