Skip to content

Commit

Permalink
feat: Hashicorp Terraform fields for password (#1237)
Browse files Browse the repository at this point in the history 
* Hashicorp Terraform fields for password
Fixes #1236

* fix duplicate description

* set caseInsensitive
  • Loading branch information
@baruchiro
baruchiro committed Nov 9, 2023
1 parent b496677 commit 20fcf50
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 0 deletions.
1 change: 1 addition & 0 deletions cmd/generate/config/main.go
View file
Expand Up @@ -87,6 +87,7 @@ func main() {
configRules = append(configRules, rules.GrafanaCloudApiToken())
configRules = append(configRules, rules.GrafanaServiceAccountToken())
configRules = append(configRules, rules.Hashicorp())
configRules = append(configRules, rules.HashicorpField())
configRules = append(configRules, rules.Heroku())
configRules = append(configRules, rules.HubSpot())
configRules = append(configRules, rules.HuggingFaceAccessToken())
Expand Down
24 changes: 24 additions & 0 deletions cmd/generate/config/rules/hashicorp.go
View file
@@ -1,6 +1,7 @@
package rules

import (
"fmt"
"regexp"

"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
Expand All @@ -22,3 +23,26 @@ func Hashicorp() *config.Rule {
}
return validate(r, tps, nil)
}

func HashicorpField() *config.Rule {
keywords := []string{"administrator_login_password", "password"}
// define rule
r := config.Rule{
Description: "HashiCorp Terraform password field",
RuleID: "hashicorp-tf-password",
Regex: generateSemiGenericRegex(keywords, fmt.Sprintf(`"%s"`, alphaNumericExtended("8,20")), true),
Keywords: keywords,
}

tps := []string{
// Example from: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server.html
"administrator_login_password = " + `"thisIsDog11"`,
// https://registry.terraform.io/providers/petoju/mysql/latest/docs
"password = " + `"rootpasswd"`,
}
fps := []string{
"administrator_login_password = var.db_password",
`password = "${aws_db_instance.default.password}"`,
}
return validate(r, tps, fps)
}
8 changes: 8 additions & 0 deletions config/gitleaks.toml
View file
Expand Up @@ -2107,6 +2107,14 @@ keywords = [
"atlasv1",
]

[[rules]]
id = "hashicorp-tf-password"
description = "HashiCorp Terraform password field"
regex = '''(?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$)'''
keywords = [
"administrator_login_password","password",
]

[[rules]]
id = "heroku-api-key"
description = "Heroku API Key"
Expand Down

0 comments on commit 20fcf50

Please sign in to comment.