I used Coverity Scan to scan my Python project and got the
HARDCODED_CREDENTIALS warning
which indicated that it was unsafe for me to read the password from the Linux environment variable file. Specifically, I read the password as follows:
import os
MY_PASSWORD=os.getenv("MYPASSWD","owner")
And I use it to connect to MySQL as follows:
mysql_conn=pymysql.connect(password=MY_PASSWORD,...)
How can I fix this warning?