Giters

gitleaks / gitleaks

Protect and discover secrets using Gitleaks 🔑

Home Page:https://gitleaks.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Rule (regex) identify MSSQL credentials in code analysis

fhverga opened this issue · comments

commented

Hello, I had created a local .yml rule to identify these types of mssql "connection" password exposure. Because originally running gitleaks on pip it was not identified. And when manually reviewing via code-review I caught this type of scenario. With that I made the regex to automate and try to contribute so that if this type of exposure comes again, gitleaks will be able to catch it and alert me.

Below is an example of the manual test.

image

yml (example)

rules:
  - id: mssql_database_credentials
    regex: "Password=[^;]+"
    description: Detects exposure of MSSQL database credentials.
    tags: ["database", "MSSQL", "credentials"]

or

go (example)

package rules

import (
	"regexp"

	"github.com/zricethezav/gitleaks/v8/config"
)

// MSSQLDatabaseCredentials generates a rule for detecting exposure of MSSQL database credentials.
func MSSQLDatabaseCredentials() *config.Rule {
	// Define Rule
	r := config.Rule{
		// Human readable description of the rule
		Description: "Detects exposure of MSSQL database credentials",

		// Unique ID for the rule
		RuleID: "mssql-database-credentials",

		// Regex used for detecting secrets
		Regex: regexp.MustCompile(
			`Password=[^;]+`),

		// Keywords used for string matching on fragments (pre-filter)
		Keywords: []string{"MSSQL", "credentials"},
	}

	// Validate rule
	tps := []string{
		// Example secrets that match the rule
		"Password=mySecurePassword123;",
	}
	return validate(r, tps, nil)
}
commented

The default generic rules captures this. "Password=mySecurePassword123;", doesn't match because of the extensive stoplist associated with the generic rule