Add grafana tokens rules (#959)

* Add grafana tokens rules

* Adding upper bound limits to Grafana tokens

cmd/generate/config/main.go

@@ -75,6 +75,9 @@ func main() {
 	configRules = append(configRules, rules.GitHubRefresh())
 	configRules = append(configRules, rules.Gitlab())
 	configRules = append(configRules, rules.GitterAccessToken())
+	configRules = append(configRules, rules.GrafanaApiKey())
+	configRules = append(configRules, rules.GrafanaCloudApiToken())
+	configRules = append(configRules, rules.GrafanaServiceAccountToken())
 	configRules = append(configRules, rules.Hashicorp())
 	configRules = append(configRules, rules.Heroku())
 	configRules = append(configRules, rules.HubSpot())

cmd/generate/config/rules/grafana.go

@@ -0,0 +1,65 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func GrafanaApiKey() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Grafana api key (or Grafana cloud api key)",
+		RuleID:      "grafana-api-key",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`eyJrIjoi[A-Za-z0-9]{70,400}={0,2}`),
+		Keywords:    []string{"eyJrIjoi"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("grafana-api-key",
+			"eyJrIjoi"+
+				secrets.NewSecret(alphaNumeric("70"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func GrafanaCloudApiToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Grafana cloud api token",
+		RuleID:      "grafana-cloud-api-token",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`glc_[A-Za-z0-9+/]{32,400}={0,2}`),
+		Keywords:    []string{"glc_"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("grafana-cloud-api-token",
+			"glc_"+
+				secrets.NewSecret(alphaNumeric("32"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func GrafanaServiceAccountToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Grafana service account token",
+		RuleID:      "grafana-service-account-token",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}`),
+		Keywords:    []string{"glsa_"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("grafana-service-account-token",
+			"glsa_"+
+				secrets.NewSecret(alphaNumeric("32"))+
+				"_"+
+				secrets.NewSecret((hex("8")))),
+	}
+	return validate(r, tps, nil)
+}

config/gitleaks.toml

@@ -1996,6 +1996,33 @@ keywords = [
     "live_","gocardless",
 ]
 
+[[rules]]
+description = "Grafana api key (or Grafana cloud api key)"
+id = "grafana-api-key"
+regex = '''(?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "eyjrijoi",
+]
+
+[[rules]]
+description = "Grafana cloud api token"
+id = "grafana-cloud-api-token"
+regex = '''(?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "glc_",
+]
+
+[[rules]]
+description = "Grafana service account token"
+id = "grafana-service-account-token"
+regex = '''(?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "glsa_",
+]
+
 [[rules]]
 description = "HashiCorp Terraform user/org API token"
 id = "hashicorp-tf-api-token"