Emit a warning when database URL is pasted directly into the schema

[millsp]

Problem

It should generally be considered a bad practice to paste a private database URL into the schema directly. If the user commits that schema by accident somewhere, or deploys it somewhere, they will be exposed to a security risk.

Suggested solution

I suggest that we emit a warning on prisma generate (maybe others too?) when we detect any URL that isn't pointing to localhost or 127.0.0.1 is pasted in the schema. This way, we can raise awareness around security and suggest users to either use .env or environment variables.

[algora-pbc]

💎 $50 bounty created by prisma
🙋 If you start working on this, comment /attempt #17640 to notify everyone
👉 To claim this bounty, submit a pull request that includes the text /claim #17640 somewhere in its body
📝 Before proceeding, please make sure you can receive payouts in your country
💵 Payment arrives in your account 2-5 days after the bounty is rewarded
💯 You keep 100% of the bounty award
🙏 Thank you for contributing to prisma/prisma!

Attempt	Started (GMT+0)	Solution
🟢 @mnmt7	Sep 4, 2023, 8:40:43 AM	WIP
🟢 @kunal00000		#20942

[mnmt7]

/attempt #17640

Options

• Cancel my attempt

[algora-pbc]

💡 @kunal00000 submitted a pull request that claims the bounty. You can visit your org dashboard to reward.

[petradonka]

Hi @kunal00000 👋 Thank you for opening the PR 🙌

As we reviewed your PR, we have noticed that the warning we had intended to show up when you run prisma generate with a private database URL in your schema was already present. That's a miss on us, we had another issue tracking that work, and didn't close this one when we completed it.

We really appreciate the time and effort you've put into this though, and would still like to recognize that with rewarding you the bounty, as you were our first bounty-hunter! 🌟

[algora-pbc]

🎉🎈 @kunal00000 has been awarded $50! 🎈🎊