add Infracost API rule (#1273)

cmd/generate/config/main.go

@@ -182,6 +182,7 @@ func main() {
 	configRules = append(configRules, rules.YandexAccessToken())
 	configRules = append(configRules, rules.ZendeskSecretKey())
 	configRules = append(configRules, rules.GenericCredential())
+	configRules = append(configRules, rules.InfracostAPIToken())
 
 	// ensure rules have unique ids
 	ruleLookUp := make(map[string]config.Rule)

cmd/generate/config/rules/infracost.go

@@ -0,0 +1,32 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func InfracostAPIToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		// Human readable description of the rule
+		Description: "Infracost API Token",
+
+		// Unique ID for the rule
+		RuleID: "infracost-api-token",
+
+		// Regex capture group for the actual secret
+		SecretGroup: 1,
+
+		// Regex used for detecting secrets. See regex section below for more details
+		Regex: generateUniqueTokenRegex(`ico-[a-zA-Z0-9]{32}`, true),
+
+		// Keywords used for string matching on fragments (think of this as a prefilter)
+		Keywords: []string{"ico-"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("ico", "ico-"+secrets.NewSecret("[A-Za-z0-9]{32}")),
+	}
+	return validate(r, tps, nil)
+}

config/gitleaks.toml

@@ -2145,6 +2145,15 @@ keywords = [
     "api_org_",
 ]
 
+[[rules]]
+id = "infracost-api-token"
+description = "Infracost API Token"
+regex = '''(?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "ico-",
+]
+
 [[rules]]
 id = "intercom-api-key"
 description = "Intercom API Token"