added sourcegraph token rule (#1736)

* added sourcegraph token rule

* updated ruleid

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* added more true positive test cases

---------

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

cmd/generate/config/main.go

@@ -206,6 +206,7 @@ func main() {
 		rules.SlackLegacyToken(),
 		rules.SlackWebHookUrl(),
 		rules.Snyk(),
+		rules.SourceGraph(),
 		rules.StripeAccessToken(),
 		rules.SquareAccessToken(),
 		rules.SquareSpaceAccessToken(),

cmd/generate/config/rules/sourcegraph.go

@@ -0,0 +1,34 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func SourceGraph() *config.Rule {
+	// define rule
+	r := config.Rule{
+		RuleID:      "sourcegraph-access-token",
+		Description: "Sourcegraph is a code search and navigation engine.",
+		Regex:       utils.GenerateUniqueTokenRegex(`\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\b`, true),
+		Entropy:     3,
+		Keywords:    []string{"sgp_", "sourcegraph"},
+	}
+
+	// validate
+	tps := []string{
+		`sgp_AaD80dc6E02eCAE1_d3cba16CC0F18fA14A2EFB61CbDFceEBf9fAD16b`,
+		`sourcegraph: 6d2FabeB6ADd229Bc199FabA28fD3efb57dF0bD3`,
+		`sgp_0D697F54cb24238EefB29af05Abf1b505E90950F`,
+		`sgp_local_d7dfFD43cF2503B1da673EB560aAa3e80f16FA42`,
+		`sgp_local_bcD1DA18de0d6476Be0f3BD7Ef9Da4f09b479aE5`,
+	}
+	fps := []string{
+		`sgp_5555555dAAAAA7777777CcccCFaaaaaaaaaaaaaa`,                    // low entropy
+		`sgp_local_d45b6G86aBb0F2Cee943902dbaDBCFCFDD1dA089`,              // invalid case
+		`sgp_652d9a2e48FC7E!FcDbEA1BC2E2A6CE23cFe7F7D`,                    // invalid character
+		`sgp_78Ad84a5B6e8A2fE5B_4085FB0ccaDDd29DB66Fd7FE9bA2C1cdCE8400CD`, // invalid length
+		`BcAeb6640ad7DAD46AD73687946Ce85047d5C9Bb`,
+	}
+	return utils.Validate(r, tps, fps)
+}

config/gitleaks.toml

@@ -2939,6 +2939,16 @@ description = "Uncovered a Snyk API token, potentially compromising software vul
 regex = '''(?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
 keywords = ["snyk"]
 
+[[rules]]
+id = "sourcegraph-access-token"
+description = "Sourcegraph is a code search and navigation engine."
+regex = '''(?i)\b(\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\b)(?:[\x60'"\s;]|\\[nr]|$)'''
+entropy = 3
+keywords = [
+    "sgp_",
+    "sourcegraph",
+]
+
 [[rules]]
 id = "square-access-token"
 description = "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure."