[request] Add detector for credentials in .pypirc file

[bugbaba]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hello Team :)

Currently the truffleHog is not having any detector for credentials and API token hardcoded inside the .pypirc file. It allows authenticated access to pypi.org

Problem to be Addressed

Credentials and API token hardcoded inside the .pypirc file not detected by trufflehog.

Description of the Preferred Solution

Add a detector to detect Credentials and API token in the .pypirc file.

References

https://packaging.python.org/en/latest/specifications/pypirc/

--
Regards,
@bugbaba

[tbenthompson]

This is partially related to #716

The password format for a pypirc file would be caught by that generic scanner:

[distutils]
index-servers =
    pypi
    testpypi

[pypi]
username = ...
password = ...

But it would be great to also verify these credentials!