From d5ca6b533d49ed1505ff6a1768885287655fa2b8 Mon Sep 17 00:00:00 2001
From: Roman Babenko <babenek@users.noreply.github.com>
Date: Mon, 5 Aug 2024 10:46:17 +0300
Subject: [PATCH] hashicorp terraform token (#590)

---
 credsweeper/rules/config.yaml     | 15 +++++++++++++++
 tests/__init__.py                 | 10 +++++-----
 tests/data/depth_3.json           | 27 +++++++++++++++++++++++++++
 tests/data/doc.json               | 27 +++++++++++++++++++++++++++
 tests/data/ml_threshold.json      | 27 +++++++++++++++++++++++++++
 tests/data/output.json            | 27 +++++++++++++++++++++++++++
 tests/samples/hashicorp_terraform |  1 +
 7 files changed, 129 insertions(+), 5 deletions(-)
 create mode 100644 tests/samples/hashicorp_terraform

diff --git a/credsweeper/rules/config.yaml b/credsweeper/rules/config.yaml
index df36dee3f..fda7112eb 100644
--- a/credsweeper/rules/config.yaml
+++ b/credsweeper/rules/config.yaml
@@ -1190,6 +1190,21 @@
     - code
     - doc
 
+- name: Hashicorp Terraform Token
+  severity: high
+  confidence: strong
+  type: pattern
+  values:
+    - (?<![.0-9A-Za-z_/+-])(?P<value>[0-9A-Za-z_-]{14}\.atlasv1\.[0-9A-Za-z_-]{67})(?![=0-9A-Za-z_/+-])
+  filter_type:
+    - ValuePatternCheck
+  min_line_len: 90
+  required_substring:
+    - .atlasv1.
+  target:
+    - code
+    - doc
+
 - name: Jira 2FA
   severity: info
   confidence: weak
diff --git a/tests/__init__.py b/tests/__init__.py
index 3dfc0a7b5..bff4d614a 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -1,20 +1,20 @@
 from pathlib import Path
 
 # total number of files in test samples
-SAMPLES_FILES_COUNT: int = 130
+SAMPLES_FILES_COUNT: int = 131
 
 # the lowest value of ML threshold is used to display possible lowest values
 NEGLIGIBLE_ML_THRESHOLD = 0.0001
 
 # credentials count after scan
-SAMPLES_CRED_COUNT: int = 429
-SAMPLES_CRED_LINE_COUNT: int = 446
+SAMPLES_CRED_COUNT: int = 430
+SAMPLES_CRED_LINE_COUNT: int = 447
 
 # credentials count after post-processing
-SAMPLES_POST_CRED_COUNT: int = 387
+SAMPLES_POST_CRED_COUNT: int = 388
 
 # with option --doc
-SAMPLES_IN_DOC = 410
+SAMPLES_IN_DOC = 411
 
 # archived credentials that are not found without --depth
 SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 25
diff --git a/tests/data/depth_3.json b/tests/data/depth_3.json
index 448776d10..369eeee14 100644
--- a/tests/data/depth_3.json
+++ b/tests/data/depth_3.json
@@ -8451,6 +8451,33 @@
             }
         ]
     },
+    {
+        "api_validation": "NOT_AVAILABLE",
+        "ml_validation": "NOT_AVAILABLE",
+        "ml_probability": null,
+        "rule": "Hashicorp Terraform Token",
+        "severity": "high",
+        "confidence": "strong",
+        "line_data_list": [
+            {
+                "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "line_num": 1,
+                "path": "tests/samples/hashicorp_terraform",
+                "info": "tests/samples/hashicorp_terraform|RAW",
+                "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "value_start": 0,
+                "value_end": 90,
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "entropy_validation": {
+                    "iterator": "BASE64_CHARS",
+                    "entropy": 5.348551883097512,
+                    "valid": true
+                }
+            }
+        ]
+    },
     {
         "api_validation": "NOT_AVAILABLE",
         "ml_validation": "NOT_AVAILABLE",
diff --git a/tests/data/doc.json b/tests/data/doc.json
index be2eab7a4..edef67d77 100644
--- a/tests/data/doc.json
+++ b/tests/data/doc.json
@@ -11250,6 +11250,33 @@
             }
         ]
     },
+    {
+        "api_validation": "NOT_AVAILABLE",
+        "ml_validation": "NOT_AVAILABLE",
+        "ml_probability": null,
+        "rule": "Hashicorp Terraform Token",
+        "severity": "high",
+        "confidence": "strong",
+        "line_data_list": [
+            {
+                "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "line_num": 1,
+                "path": "tests/samples/hashicorp_terraform",
+                "info": "tests/samples/hashicorp_terraform|RAW",
+                "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "value_start": 0,
+                "value_end": 90,
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "entropy_validation": {
+                    "iterator": "BASE64_CHARS",
+                    "entropy": 5.348551883097512,
+                    "valid": true
+                }
+            }
+        ]
+    },
     {
         "api_validation": "NOT_AVAILABLE",
         "ml_validation": "NOT_AVAILABLE",
diff --git a/tests/data/ml_threshold.json b/tests/data/ml_threshold.json
index 0287a0ae5..d6e5801d2 100644
--- a/tests/data/ml_threshold.json
+++ b/tests/data/ml_threshold.json
@@ -9085,6 +9085,33 @@
             }
         ]
     },
+    {
+        "api_validation": "NOT_AVAILABLE",
+        "ml_validation": "NOT_AVAILABLE",
+        "ml_probability": null,
+        "rule": "Hashicorp Terraform Token",
+        "severity": "high",
+        "confidence": "strong",
+        "line_data_list": [
+            {
+                "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "line_num": 1,
+                "path": "tests/samples/hashicorp_terraform",
+                "info": "",
+                "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "value_start": 0,
+                "value_end": 90,
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "entropy_validation": {
+                    "iterator": "BASE64_CHARS",
+                    "entropy": 5.348551883097512,
+                    "valid": true
+                }
+            }
+        ]
+    },
     {
         "api_validation": "NOT_AVAILABLE",
         "ml_validation": "NOT_AVAILABLE",
diff --git a/tests/data/output.json b/tests/data/output.json
index b9d388ae9..2f3bee438 100644
--- a/tests/data/output.json
+++ b/tests/data/output.json
@@ -8194,6 +8194,33 @@
             }
         ]
     },
+    {
+        "api_validation": "NOT_AVAILABLE",
+        "ml_validation": "NOT_AVAILABLE",
+        "ml_probability": null,
+        "rule": "Hashicorp Terraform Token",
+        "severity": "high",
+        "confidence": "strong",
+        "line_data_list": [
+            {
+                "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "line_num": 1,
+                "path": "tests/samples/hashicorp_terraform",
+                "info": "",
+                "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
+                "value_start": 0,
+                "value_end": 90,
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "entropy_validation": {
+                    "iterator": "BASE64_CHARS",
+                    "entropy": 5.348551883097512,
+                    "valid": true
+                }
+            }
+        ]
+    },
     {
         "api_validation": "NOT_AVAILABLE",
         "ml_validation": "NOT_AVAILABLE",
diff --git a/tests/samples/hashicorp_terraform b/tests/samples/hashicorp_terraform
new file mode 100644
index 000000000..08695a5dd
--- /dev/null
+++ b/tests/samples/hashicorp_terraform
@@ -0,0 +1 @@
+Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0
\ No newline at end of file