diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go index 1738f514f..c57fba8b4 100644 --- a/cmd/generate/config/main.go +++ b/cmd/generate/config/main.go @@ -182,6 +182,7 @@ func main() { configRules = append(configRules, rules.YandexAccessToken()) configRules = append(configRules, rules.ZendeskSecretKey()) configRules = append(configRules, rules.GenericCredential()) + configRules = append(configRules, rules.InfracostAPIToken()) // ensure rules have unique ids ruleLookUp := make(map[string]config.Rule) diff --git a/cmd/generate/config/rules/infracost.go b/cmd/generate/config/rules/infracost.go new file mode 100644 index 000000000..82c742dec --- /dev/null +++ b/cmd/generate/config/rules/infracost.go @@ -0,0 +1,32 @@ +package rules + +import ( + "github.com/zricethezav/gitleaks/v8/cmd/generate/secrets" + "github.com/zricethezav/gitleaks/v8/config" +) + +func InfracostAPIToken() *config.Rule { + // define rule + r := config.Rule{ + // Human readable description of the rule + Description: "Infracost API Token", + + // Unique ID for the rule + RuleID: "infracost-api-token", + + // Regex capture group for the actual secret + SecretGroup: 1, + + // Regex used for detecting secrets. See regex section below for more details + Regex: generateUniqueTokenRegex(`ico-[a-zA-Z0-9]{32}`, true), + + // Keywords used for string matching on fragments (think of this as a prefilter) + Keywords: []string{"ico-"}, + } + + // validate + tps := []string{ + generateSampleSecret("ico", "ico-"+secrets.NewSecret("[A-Za-z0-9]{32}")), + } + return validate(r, tps, nil) +} diff --git a/config/gitleaks.toml b/config/gitleaks.toml index be915ac22..c2e560ca3 100644 --- a/config/gitleaks.toml +++ b/config/gitleaks.toml @@ -2145,6 +2145,15 @@ keywords = [ "api_org_", ] +[[rules]] +id = "infracost-api-token" +description = "Infracost API Token" +regex = '''(?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +secretGroup = 1 +keywords = [ + "ico-", +] + [[rules]] id = "intercom-api-key" description = "Intercom API Token"