Issue #980: Add support for Telegram Bot API Token (#981)

* Issue #980: Add support for Telegram Bot API Token

* Replace test with random bot_id length by tests with fixed one.
Add tests for the corner cases.

Co-authored-by: Alex Goncharov <b4bay@users.noreply.github.com>

cmd/generate/config/main.go

@@ -142,6 +142,7 @@ func main() {
 	configRules = append(configRules, rules.SumoLogicAccessID())
 	configRules = append(configRules, rules.SumoLogicAccessToken())
 	configRules = append(configRules, rules.TeamsWebhook())
+	configRules = append(configRules, rules.TelegramBotToken())
 	configRules = append(configRules, rules.TravisCIAccessToken())
 	configRules = append(configRules, rules.Twilio())
 	configRules = append(configRules, rules.TwitchAPIToken())

cmd/generate/config/rules/telegram.go

@@ -0,0 +1,57 @@
+package rules
+
+import (
+	"regexp"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func TelegramBotToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Telegram Bot API Token",
+		RuleID:      "telegram-bot-api-token",
+		SecretGroup: 1,
+		Regex:       regexp.MustCompile(`(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\-]{34})(?:$|[^a-zA-Z0-9_\-])`),
+		Keywords: []string{
+			"telegram",
+			"api",
+			"bot",
+			"token",
+			"url",
+		},
+	}
+
+	// validate
+	validToken := secrets.NewSecret(numeric("8") + ":A" + alphaNumericExtendedShort("34"))
+	minToken := secrets.NewSecret(numeric("5") + ":A" + alphaNumericExtendedShort("34"))
+	maxToken := secrets.NewSecret(numeric("16") + ":A" + alphaNumericExtendedShort("34"))
+	tps := []string{
+		// variable assigment
+		generateSampleSecret("telegram", validToken),
+		// URL contaning token
+		generateSampleSecret("url", "https://api.telegram.org/bot"+validToken+"/sendMessage"),
+		// object constructor
+		`const bot = new Telegraf("` + validToken + `")`,
+		// .env
+		`API_TOKEN = ` + validToken,
+		// YAML
+		`bot: ` + validToken,
+		// Token with min bot_id
+		generateSampleSecret("telegram", minToken),
+		// Token with max bot_id
+		generateSampleSecret("telegram", maxToken),
+	}
+
+	tooSmallToken := secrets.NewSecret(numeric("4") + ":A" + alphaNumericExtendedShort("34"))
+	tooBigToken := secrets.NewSecret(numeric("17") + ":A" + alphaNumericExtendedShort("34"))
+	fps := []string{
+		// Token with too small bot_id
+		generateSampleSecret("telegram", tooSmallToken),
+		// Token with too big bot_id
+		generateSampleSecret("telegram", tooBigToken),
+	}
+
+	return validate(r, tps, fps)
+}

config/gitleaks.toml

@@ -2585,6 +2585,15 @@ keywords = [
     "sumo",
 ]
 
+[[rules]]
+description = "Telegram Bot API Token"
+id = "telegram-bot-api-token"
+regex = '''(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\-]{34})(?:$|[^a-zA-Z0-9_\-])'''
+secretGroup = 1
+keywords = [
+    "telegram","api","bot","token","url",
+]
+
 [[rules]]
 description = "Travis CI Access Token"
 id = "travisci-access-token"