Rule (regex) identify MSSQL credentials in code analysis

[fhverga]

Hello, I had created a local .yml rule to identify these types of mssql "connection" password exposure. Because originally running gitleaks on pip it was not identified. And when manually reviewing via code-review I caught this type of scenario. With that I made the regex to automate and try to contribute so that if this type of exposure comes again, gitleaks will be able to catch it and alert me.

Below is an example of the manual test.

yml (example)

rules:
  - id: mssql_database_credentials
    regex: "Password=[^;]+"
    description: Detects exposure of MSSQL database credentials.
    tags: ["database", "MSSQL", "credentials"]

or  

go (example)

package rules

import (
	"regexp"

	"github.com/zricethezav/gitleaks/v8/config"
)

// MSSQLDatabaseCredentials generates a rule for detecting exposure of MSSQL database credentials.
func MSSQLDatabaseCredentials() *config.Rule {
	// Define Rule
	r := config.Rule{
		// Human readable description of the rule
		Description: "Detects exposure of MSSQL database credentials",

		// Unique ID for the rule
		RuleID: "mssql-database-credentials",

		// Regex used for detecting secrets
		Regex: regexp.MustCompile(
			`Password=[^;]+`),

		// Keywords used for string matching on fragments (pre-filter)
		Keywords: []string{"MSSQL", "credentials"},
	}

	// Validate rule
	tps := []string{
		// Example secrets that match the rule
		"Password=mySecurePassword123;",
	}
	return validate(r, tps, nil)
}