Important: Exposed MongoDB cluster in your code

[GaillardTom]

[!WARNING]

You have an exposed mongoDB cluster containing multiple databases in this repository.

Hey thombergs, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code that I got from this file https://github.com/thombergs/code-examples/blob/67d3508c1e1d5310e5db47e8c7f011a1faf58143/nodejs/url-shortener/urlbackend/.env.

I was able to connect and expose those databases from your cluster:

• Anon
• test
• admin
• local

From these possible clusters: cluster0.oq1hdin.mongodb.net

A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:

1. Put your secrets in a .env file
2. Use a library like dotenv to load the environment variables from your file onto your code
3. At this point, I would either suggest either using github's tool to erase the history or you could delete the repos on Github, remove the .git folder locally and recreate a new repos with a clean history

In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.

If you like what I am doing for the community, please feel free to follow my github account @GaillardTom