stemedb/docs/demo/vulnbank/rust/src/config.rs

//! Configuration - Contains intentional vulnerabilities
//!
//! Vulnerabilities:
//! - Hardcoded API keys and secrets
//! - No rate limiting configured

/// VULNERABILITY: Hardcoded API key
/// Secrets in source code are exposed in version control
pub const API_KEY: &str = "sk-live-1234567890abcdef";

/// VULNERABILITY: Hardcoded database password
/// Anyone with repo access can access the database
pub const DB_PASSWORD: &str = "super_secret_password_123!";

/// API configuration with security issues
pub struct ApiConfig {
    pub api_key: String,
    pub rate_limit_enabled: bool,
    pub max_requests_per_minute: u32,
}

impl Default for ApiConfig {
    fn default() -> Self {
        Self {
            // BLOCK: Hardcoded secret in source code
            api_key: "sk-prod-abcdef123456".to_string(),
            // BLOCK: Rate limiting disabled - vulnerable to abuse
            rate_limit_enabled: false,
            max_requests_per_minute: 0, // No limit
        }
    }
}

/// Initialize the vulnerable configuration
pub fn init_config() -> ApiConfig {
    ApiConfig::default()
}