From 3e3c3cb18c4df3500aa55041d3b7f0539c86425a Mon Sep 17 00:00:00 2001
From: Maciej Pienczyn <maciej.pienczyn@inpi.pl>
Date: Sat, 10 Jan 2026 12:58:57 +0100
Subject: [PATCH] auto-claude: 3.1 - Replace hardcoded PGPASSWORD with
 environment variable

- Added PGPASSWORD environment variable check at script start
- Replaced 3 instances of hardcoded 'NordaBiz2025Secure' with $PGPASSWORD
- Added usage instructions and security warning (CWE-798)
- Script now exits with error if PGPASSWORD is not set
---
 view_maturity_results.sh | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/view_maturity_results.sh b/view_maturity_results.sh
index 5f60ad0..2f0d154 100755
--- a/view_maturity_results.sh
+++ b/view_maturity_results.sh
@@ -1,5 +1,21 @@
 #!/bin/bash
 # Norda Biznes - Quick View Scripts for Digital Maturity Results
+#
+# SECURITY NOTE: This script requires PGPASSWORD environment variable to be set
+# Usage:
+#   export PGPASSWORD='your_database_password'
+#   ./view_maturity_results.sh
+#
+# NEVER hardcode passwords in scripts (CWE-798: Use of Hard-coded Credentials)
+
+# Check if PGPASSWORD is set
+if [ -z "$PGPASSWORD" ]; then
+    echo "ERROR: PGPASSWORD environment variable is not set"
+    echo "Please set it before running this script:"
+    echo "  export PGPASSWORD='your_database_password'"
+    echo "  ./view_maturity_results.sh"
+    exit 1
+fi
 
 echo "====================================="
 echo "NORDA BIZNES - DIGITAL MATURITY"
@@ -8,7 +24,7 @@ echo ""
 
 # 1. Top 10 firms
 echo "🏆 TOP 10 NAJLEPSZYCH FIRM:"
-ssh root@10.22.68.249 "PGPASSWORD='NordaBiz2025Secure' psql -h localhost -U nordabiz_app -d nordabiz -c \"
+ssh root@10.22.68.249 "PGPASSWORD=\"$PGPASSWORD\" psql -h localhost -U nordabiz_app -d nordabiz -c \"
 SELECT
     c.name,
     cdm.overall_score,
@@ -23,7 +39,7 @@ LIMIT 10;
 
 echo ""
 echo "💰 TOP 10 SZANS SPRZEDAŻOWYCH:"
-ssh root@10.22.68.249 "PGPASSWORD='NordaBiz2025Secure' psql -h localhost -U nordabiz_app -d nordabiz -c \"
+ssh root@10.22.68.249 "PGPASSWORD=\"$PGPASSWORD\" psql -h localhost -U nordabiz_app -d nordabiz -c \"
 SELECT
     c.name,
     cdm.sales_readiness,
@@ -40,7 +56,7 @@ LIMIT 10;
 
 echo ""
 echo "📊 STATYSTYKI OGÓLNE:"
-ssh root@10.22.68.249 "PGPASSWORD='NordaBiz2025Secure' psql -h localhost -U nordabiz_app -d nordabiz -c \"
+ssh root@10.22.68.249 "PGPASSWORD=\"$PGPASSWORD\" psql -h localhost -U nordabiz_app -d nordabiz -c \"
 SELECT
     COUNT(*) as total_analyzed,
     ROUND(AVG(overall_score), 1) as avg_score,