Rule (regex) identify MSSQL credentials in code analysis
fhverga opened this issue · comments
Hello, I had created a local .yml rule to identify these types of mssql "connection" password exposure. Because originally running gitleaks on pip it was not identified. And when manually reviewing via code-review I caught this type of scenario. With that I made the regex to automate and try to contribute so that if this type of exposure comes again, gitleaks will be able to catch it and alert me.
Below is an example of the manual test.
yml (example)
rules:
- id: mssql_database_credentials
regex: "Password=[^;]+"
description: Detects exposure of MSSQL database credentials.
tags: ["database", "MSSQL", "credentials"]
or
go (example)
package rules
import (
"regexp"
"github.com/zricethezav/gitleaks/v8/config"
)
// MSSQLDatabaseCredentials generates a rule for detecting exposure of MSSQL database credentials.
func MSSQLDatabaseCredentials() *config.Rule {
// Define Rule
r := config.Rule{
// Human readable description of the rule
Description: "Detects exposure of MSSQL database credentials",
// Unique ID for the rule
RuleID: "mssql-database-credentials",
// Regex used for detecting secrets
Regex: regexp.MustCompile(
`Password=[^;]+`),
// Keywords used for string matching on fragments (pre-filter)
Keywords: []string{"MSSQL", "credentials"},
}
// Validate rule
tps := []string{
// Example secrets that match the rule
"Password=mySecurePassword123;",
}
return validate(r, tps, nil)
}
The default generic rules captures this. "Password=mySecurePassword123;",
doesn't match because of the extensive stoplist associated with the generic rule