feat: Hashicorp Terraform fields for password (#1237)

* Hashicorp Terraform fields for password
Fixes #1236

* fix duplicate description

* set caseInsensitive

cmd/generate/config/main.go

@@ -87,6 +87,7 @@ func main() {
 	configRules = append(configRules, rules.GrafanaCloudApiToken())
 	configRules = append(configRules, rules.GrafanaServiceAccountToken())
 	configRules = append(configRules, rules.Hashicorp())
+	configRules = append(configRules, rules.HashicorpField())
 	configRules = append(configRules, rules.Heroku())
 	configRules = append(configRules, rules.HubSpot())
 	configRules = append(configRules, rules.HuggingFaceAccessToken())

cmd/generate/config/rules/hashicorp.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"fmt"
 	"regexp"
 
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
@@ -22,3 +23,26 @@ func Hashicorp() *config.Rule {
 	}
 	return validate(r, tps, nil)
 }
+
+func HashicorpField() *config.Rule {
+	keywords := []string{"administrator_login_password", "password"}
+	// define rule
+	r := config.Rule{
+		Description: "HashiCorp Terraform password field",
+		RuleID:      "hashicorp-tf-password",
+		Regex:       generateSemiGenericRegex(keywords, fmt.Sprintf(`"%s"`, alphaNumericExtended("8,20")), true),
+		Keywords:    keywords,
+	}
+
+	tps := []string{
+		// Example from: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server.html
+		"administrator_login_password = " + `"thisIsDog11"`,
+		// https://registry.terraform.io/providers/petoju/mysql/latest/docs
+		"password       = " + `"rootpasswd"`,
+	}
+	fps := []string{
+		"administrator_login_password = var.db_password",
+		`password = "${aws_db_instance.default.password}"`,
+	}
+	return validate(r, tps, fps)
+}

config/gitleaks.toml

@@ -2107,6 +2107,14 @@ keywords = [
     "atlasv1",
 ]
 
+[[rules]]
+id = "hashicorp-tf-password"
+description = "HashiCorp Terraform password field"
+regex = '''(?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+keywords = [
+    "administrator_login_password","password",
+]
+
 [[rules]]
 id = "heroku-api-key"
 description = "Heroku API Key"