feat(rules): make case insensitivity optional (#1215)

CONTRIBUTING.md

@@ -39,7 +39,7 @@ If you want to add a new rule to the [default Gitleaks configuration](https://gi
 
 
            // Regex used for detecting secrets. See regex section below for more details
-           Regex: generateSemiGenericRegex([]string{"beamer"}, `b_[a-z0-9=_\-]{44}`),
+           Regex: generateSemiGenericRegex([]string{"beamer"}, `b_[a-z0-9=_\-]{44}`, true)
 
            // Keywords used for string matching on fragments (think of this as a prefilter)
            Keywords: []string{"beamer"},
@@ -63,18 +63,18 @@ If you want to add a new rule to the [default Gitleaks configuration](https://gi
    The function signatures look like this:
 
    ```golang
-   func generateSemiGenericRegex(identifiers []string, secretRegex string) *regexp.Regexp
+   func generateSemiGenericRegex(identifiers []string, secretRegex string, isCaseInsensitive bool) *regexp.Regexp
 
-   func generateUniqueTokenRegex(secretRegex string) *regexp.Regexp
+   func generateUniqueTokenRegex(secretRegex string, isCaseInsensitive bool) *regexp.Regexp
    ```
 
-   `generateSemiGenericRegex` accepts a list of identifiers and a regex.
+   `generateSemiGenericRegex` accepts a list of identifiers, a regex, and a boolean indicating whether the pattern should be case-insensitive.
    The list of identifiers _should_ match the list of `Keywords` in the rule
    definition above. Both `identifiers` in the `generateSemiGenericRegex`
    function _and_ `Keywords` act as filters for Gitleaks telling the program
    "_at least one of these strings must be present to be considered a leak_"
 
-   `generateUniqueToken` just accepts a regex. If you are writing a rule for a
+   `generateUniqueToken` just accepts a regex and a boolean indicating whether the pattern should be case-insensitive. If you are writing a rule for a
    token that is unique enough not to require an identifier then you can use
    this function. For example, Pulumi's API Token has the prefix `pul-` which is
    unique enough to use `generateUniqueToken`. But something like Beamer's API

cmd/generate/config/rules/adafruit.go

@@ -10,7 +10,7 @@ func AdafruitAPIKey() *config.Rule {
 	r := config.Rule{
 		Description: "Adafruit API Key",
 		RuleID:      "adafruit-api-key",
-		Regex:       generateSemiGenericRegex([]string{"adafruit"}, alphaNumericExtendedShort("32")),
+		Regex:       generateSemiGenericRegex([]string{"adafruit"}, alphaNumericExtendedShort("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"adafruit"},
 	}

cmd/generate/config/rules/adobe.go

@@ -10,7 +10,7 @@ func AdobeClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Adobe Client ID (OAuth Web)",
 		RuleID:      "adobe-client-id",
-		Regex:       generateSemiGenericRegex([]string{"adobe"}, hex("32")),
+		Regex:       generateSemiGenericRegex([]string{"adobe"}, hex("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"adobe"},
 	}
@@ -27,7 +27,7 @@ func AdobeClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Adobe Client Secret",
 		RuleID:      "adobe-client-secret",
-		Regex:       generateUniqueTokenRegex(`(p8e-)(?i)[a-z0-9]{32}`),
+		Regex:       generateUniqueTokenRegex(`(p8e-)(?i)[a-z0-9]{32}`, true),
 		Keywords:    []string{"p8e-"},
 	}
 

cmd/generate/config/rules/airtable.go

@@ -10,7 +10,7 @@ func Airtable() *config.Rule {
 	r := config.Rule{
 		Description: "Airtable API Key",
 		RuleID:      "airtable-api-key",
-		Regex:       generateSemiGenericRegex([]string{"airtable"}, alphaNumeric("17")),
+		Regex:       generateSemiGenericRegex([]string{"airtable"}, alphaNumeric("17"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"airtable"},
 	}

cmd/generate/config/rules/algolia.go

@@ -10,7 +10,7 @@ func AlgoliaApiKey() *config.Rule {
 	r := config.Rule{
 		Description: "Algolia API Key",
 		RuleID:      "algolia-api-key",
-		Regex:       generateSemiGenericRegex([]string{"algolia"}, `[a-z0-9]{32}`),
+		Regex:       generateSemiGenericRegex([]string{"algolia"}, `[a-z0-9]{32}`, true),
 		Keywords:    []string{"algolia"},
 	}
 

cmd/generate/config/rules/alibaba.go

@@ -10,7 +10,7 @@ func AlibabaAccessKey() *config.Rule {
 	r := config.Rule{
 		Description: "Alibaba AccessKey ID",
 		RuleID:      "alibaba-access-key-id",
-		Regex:       generateUniqueTokenRegex(`(LTAI)(?i)[a-z0-9]{20}`),
+		Regex:       generateUniqueTokenRegex(`(LTAI)(?i)[a-z0-9]{20}`, true),
 		Keywords:    []string{"LTAI"},
 	}
 
@@ -28,7 +28,7 @@ func AlibabaSecretKey() *config.Rule {
 		Description: "Alibaba Secret Key",
 		RuleID:      "alibaba-secret-key",
 		Regex: generateSemiGenericRegex([]string{"alibaba"},
-			alphaNumeric("30")),
+			alphaNumeric("30"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"alibaba"},
 	}

cmd/generate/config/rules/asana.go

@@ -10,7 +10,7 @@ func AsanaClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Asana Client ID",
 		RuleID:      "asana-client-id",
-		Regex:       generateSemiGenericRegex([]string{"asana"}, numeric("16")),
+		Regex:       generateSemiGenericRegex([]string{"asana"}, numeric("16"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"asana"},
 	}
@@ -27,7 +27,7 @@ func AsanaClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Asana Client Secret",
 		RuleID:      "asana-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"asana"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"asana"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"asana"},
 	}

cmd/generate/config/rules/atlassian.go

@@ -11,7 +11,7 @@ func Atlassian() *config.Rule {
 		Description: "Atlassian API token",
 		RuleID:      "atlassian-api-token",
 		Regex: generateSemiGenericRegex([]string{
-			"atlassian", "confluence", "jira"}, alphaNumeric("24")),
+			"atlassian", "confluence", "jira"}, alphaNumeric("24"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"atlassian", "confluence", "jira"},
 	}

cmd/generate/config/rules/authress.go

@@ -14,7 +14,7 @@ func Authress() *config.Rule {
 		Description: "Authress Service Client Access Key",
 		RuleID:      "authress-service-client-access-key",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`(?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120}`),
+		Regex:       generateUniqueTokenRegex(`(?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120}`, true),
 		Keywords:    []string{"sc_", "ext_", "scauth_", "authress_"},
 	}
 

cmd/generate/config/rules/beamer.go

@@ -12,7 +12,7 @@ func Beamer() *config.Rule {
 		RuleID:      "beamer-api-token",
 		SecretGroup: 1,
 		Regex: generateSemiGenericRegex([]string{"beamer"},
-			`b_[a-z0-9=_\-]{44}`),
+			`b_[a-z0-9=_\-]{44}`, true),
 		Keywords: []string{"beamer"},
 	}
 

cmd/generate/config/rules/bitbucket.go

@@ -10,7 +10,7 @@ func BitBucketClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Bitbucket Client ID",
 		RuleID:      "bitbucket-client-id",
-		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"bitbucket"},
 	}
@@ -27,7 +27,7 @@ func BitBucketClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Bitbucket Client Secret",
 		RuleID:      "bitbucket-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumericExtended("64")),
+		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumericExtended("64"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"bitbucket"},
 	}

cmd/generate/config/rules/bittrex.go

@@ -10,7 +10,7 @@ func BittrexAccessKey() *config.Rule {
 	r := config.Rule{
 		Description: "Bittrex Access Key",
 		RuleID:      "bittrex-access-key",
-		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"bittrex"},
 	}
@@ -27,7 +27,7 @@ func BittrexSecretKey() *config.Rule {
 	r := config.Rule{
 		Description: "Bittrex Secret Key",
 		RuleID:      "bittrex-secret-key",
-		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"bittrex"},
 	}

cmd/generate/config/rules/codecov.go

@@ -10,7 +10,7 @@ func CodecovAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "codecov-access-token",
 		Description: "Codecov Access Token",
-		Regex:       generateSemiGenericRegex([]string{"codecov"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"codecov"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"codecov",

cmd/generate/config/rules/coinbase.go

@@ -11,7 +11,7 @@ func CoinbaseAccessToken() *config.Rule {
 		RuleID:      "coinbase-access-token",
 		Description: "Coinbase Access Token",
 		Regex: generateSemiGenericRegex([]string{"coinbase"},
-			alphaNumericExtendedShort("64")),
+			alphaNumericExtendedShort("64"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"coinbase",

cmd/generate/config/rules/confluent.go

@@ -10,7 +10,7 @@ func ConfluentSecretKey() *config.Rule {
 	r := config.Rule{
 		RuleID:      "confluent-secret-key",
 		Description: "Confluent Secret Key",
-		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("64")),
+		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("64"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"confluent",
@@ -29,7 +29,7 @@ func ConfluentAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "confluent-access-token",
 		Description: "Confluent Access Token",
-		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("16")),
+		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("16"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"confluent",

cmd/generate/config/rules/contentful.go

@@ -11,7 +11,7 @@ func Contentful() *config.Rule {
 		Description: "Contentful delivery API token",
 		RuleID:      "contentful-delivery-api-token",
 		Regex: generateSemiGenericRegex([]string{"contentful"},
-			alphaNumericExtended("43")),
+			alphaNumericExtended("43"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"contentful"},
 	}

cmd/generate/config/rules/databricks.go

@@ -10,7 +10,7 @@ func Databricks() *config.Rule {
 	r := config.Rule{
 		Description: "Databricks API token",
 		RuleID:      "databricks-api-token",
-		Regex:       generateUniqueTokenRegex(`dapi[a-h0-9]{32}`),
+		Regex:       generateUniqueTokenRegex(`dapi[a-h0-9]{32}`, true),
 		Keywords:    []string{"dapi"},
 	}
 

cmd/generate/config/rules/datadog.go

@@ -11,7 +11,7 @@ func DatadogtokenAccessToken() *config.Rule {
 		RuleID:      "datadog-access-token",
 		Description: "Datadog Access Token",
 		Regex: generateSemiGenericRegex([]string{"datadog"},
-			alphaNumeric("40")),
+			alphaNumeric("40"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"datadog",

cmd/generate/config/rules/definednetworking.go

@@ -18,7 +18,7 @@ func DefinedNetworkingAPIToken() *config.Rule {
 		SecretGroup: 1,
 
 		// Regex used for detecting secrets. See regex section below for more details
-		Regex: generateSemiGenericRegex([]string{"dnkey"}, `dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52}`),
+		Regex: generateSemiGenericRegex([]string{"dnkey"}, `dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52}`, true),
 
 		// Keywords used for string matching on fragments (think of this as a prefilter)
 		Keywords: []string{"dnkey"},

cmd/generate/config/rules/digitalocean.go

@@ -10,7 +10,7 @@ func DigitalOceanPAT() *config.Rule {
 		Description: "DigitalOcean Personal Access Token",
 		RuleID:      "digitalocean-pat",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`dop_v1_[a-f0-9]{64}`),
+		Regex:       generateUniqueTokenRegex(`dop_v1_[a-f0-9]{64}`, true),
 		Keywords:    []string{"dop_v1_"},
 	}
 
@@ -25,7 +25,7 @@ func DigitalOceanOAuthToken() *config.Rule {
 		Description: "DigitalOcean OAuth Access Token",
 		RuleID:      "digitalocean-access-token",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`),
+		Regex:       generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`, true),
 		Keywords:    []string{"doo_v1_"},
 	}
 
@@ -40,7 +40,7 @@ func DigitalOceanRefreshToken() *config.Rule {
 		Description: "DigitalOcean OAuth Refresh Token",
 		RuleID:      "digitalocean-refresh-token",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`),
+		Regex:       generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`, true),
 		Keywords:    []string{"dor_v1_"},
 	}
 

cmd/generate/config/rules/discord.go

@@ -10,7 +10,7 @@ func DiscordAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Discord API key",
 		RuleID:      "discord-api-token",
-		Regex:       generateSemiGenericRegex([]string{"discord"}, hex("64")),
+		Regex:       generateSemiGenericRegex([]string{"discord"}, hex("64"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
@@ -27,7 +27,7 @@ func DiscordClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Discord client ID",
 		RuleID:      "discord-client-id",
-		Regex:       generateSemiGenericRegex([]string{"discord"}, numeric("18")),
+		Regex:       generateSemiGenericRegex([]string{"discord"}, numeric("18"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
@@ -44,7 +44,7 @@ func DiscordClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Discord client secret",
 		RuleID:      "discord-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"discord"}, alphaNumericExtended("32")),
+		Regex:       generateSemiGenericRegex([]string{"discord"}, alphaNumericExtended("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}

cmd/generate/config/rules/droneci.go

@@ -10,7 +10,7 @@ func DroneciAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "droneci-access-token",
 		Description: "Droneci Access Token",
-		Regex:       generateSemiGenericRegex([]string{"droneci"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"droneci"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"droneci",

cmd/generate/config/rules/dropbox.go

@@ -10,7 +10,7 @@ func DropBoxAPISecret() *config.Rule {
 	r := config.Rule{
 		Description: "Dropbox API secret",
 		RuleID:      "dropbox-api-token",
-		Regex:       generateSemiGenericRegex([]string{"dropbox"}, alphaNumeric("15")),
+		Regex:       generateSemiGenericRegex([]string{"dropbox"}, alphaNumeric("15"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"dropbox"},
 	}
@@ -27,7 +27,7 @@ func DropBoxShortLivedAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "dropbox-short-lived-api-token",
 		Description: "Dropbox short lived API token",
-		Regex:       generateSemiGenericRegex([]string{"dropbox"}, `sl\.[a-z0-9\-=_]{135}`),
+		Regex:       generateSemiGenericRegex([]string{"dropbox"}, `sl\.[a-z0-9\-=_]{135}`, true),
 		Keywords:    []string{"dropbox"},
 	}
 
@@ -40,7 +40,7 @@ func DropBoxLongLivedAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "dropbox-long-lived-api-token",
 		Description: "Dropbox long lived API token",
-		Regex:       generateSemiGenericRegex([]string{"dropbox"}, `[a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}`),
+		Regex:       generateSemiGenericRegex([]string{"dropbox"}, `[a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}`, true),
 		Keywords:    []string{"dropbox"},
 	}
 

cmd/generate/config/rules/etsy.go

@@ -10,7 +10,7 @@ func EtsyAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "etsy-access-token",
 		Description: "Etsy Access Token",
-		Regex:       generateSemiGenericRegex([]string{"etsy"}, alphaNumeric("24")),
+		Regex:       generateSemiGenericRegex([]string{"etsy"}, alphaNumeric("24"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"etsy",

cmd/generate/config/rules/facebook.go

@@ -10,7 +10,7 @@ func Facebook() *config.Rule {
 	r := config.Rule{
 		Description: "Facebook Access Token",
 		RuleID:      "facebook",
-		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32")),
+		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"facebook"},
 	}

cmd/generate/config/rules/fastly.go

@@ -10,7 +10,7 @@ func FastlyAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Fastly API key",
 		RuleID:      "fastly-api-token",
-		Regex:       generateSemiGenericRegex([]string{"fastly"}, alphaNumericExtended("32")),
+		Regex:       generateSemiGenericRegex([]string{"fastly"}, alphaNumericExtended("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"fastly"},
 	}

cmd/generate/config/rules/finicity.go

@@ -10,7 +10,7 @@ func FinicityClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Finicity Client Secret",
 		RuleID:      "finicity-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"finicity"}, alphaNumeric("20")),
+		Regex:       generateSemiGenericRegex([]string{"finicity"}, alphaNumeric("20"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"finicity"},
 	}
@@ -27,7 +27,7 @@ func FinicityAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Finicity API token",
 		RuleID:      "finicity-api-token",
-		Regex:       generateSemiGenericRegex([]string{"finicity"}, hex("32")),
+		Regex:       generateSemiGenericRegex([]string{"finicity"}, hex("32"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"finicity"},
 	}

cmd/generate/config/rules/finnhub.go

@@ -10,7 +10,7 @@ func FinnhubAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "finnhub-access-token",
 		Description: "Finnhub Access Token",
-		Regex:       generateSemiGenericRegex([]string{"finnhub"}, alphaNumeric("20")),
+		Regex:       generateSemiGenericRegex([]string{"finnhub"}, alphaNumeric("20"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"finnhub",

cmd/generate/config/rules/flickr.go

@@ -10,7 +10,7 @@ func FlickrAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "flickr-access-token",
 		Description: "Flickr Access Token",
-		Regex:       generateSemiGenericRegex([]string{"flickr"}, alphaNumeric("32")),
+		Regex:       generateSemiGenericRegex([]string{"flickr"}, alphaNumeric("32"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"flickr",

cmd/generate/config/rules/freshbooks.go

@@ -10,7 +10,7 @@ func FreshbooksAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "freshbooks-access-token",
 		Description: "Freshbooks Access Token",
-		Regex:       generateSemiGenericRegex([]string{"freshbooks"}, alphaNumeric("64")),
+		Regex:       generateSemiGenericRegex([]string{"freshbooks"}, alphaNumeric("64"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"freshbooks",

cmd/generate/config/rules/gcp.go

@@ -29,7 +29,7 @@ func GCPAPIKey() *config.Rule {
 	r := config.Rule{
 		RuleID:      "gcp-api-key",
 		Description: "GCP API key",
-		Regex:       generateUniqueTokenRegex(`AIza[0-9A-Za-z\\-_]{35}`),
+		Regex:       generateUniqueTokenRegex(`AIza[0-9A-Za-z\\-_]{35}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"AIza",

cmd/generate/config/rules/generic.go

@@ -19,7 +19,7 @@ func GenericCredential() *config.Rule {
 			"password",
 			"auth",
 			"access",
-		}, `[0-9a-z\-_.=]{10,150}`),
+		}, `[0-9a-z\-_.=]{10,150}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"key",

cmd/generate/config/rules/gitter.go

@@ -11,7 +11,7 @@ func GitterAccessToken() *config.Rule {
 		RuleID:      "gitter-access-token",
 		Description: "Gitter Access Token",
 		Regex: generateSemiGenericRegex([]string{"gitter"},
-			alphaNumericExtendedShort("40")),
+			alphaNumericExtendedShort("40"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"gitter",

cmd/generate/config/rules/gocardless.go

@@ -10,7 +10,7 @@ func GoCardless() *config.Rule {
 	r := config.Rule{
 		RuleID:      "gocardless-api-token",
 		Description: "GoCardless API token",
-		Regex:       generateSemiGenericRegex([]string{"gocardless"}, `live_(?i)[a-z0-9\-_=]{40}`),
+		Regex:       generateSemiGenericRegex([]string{"gocardless"}, `live_(?i)[a-z0-9\-_=]{40}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"live_",

cmd/generate/config/rules/grafana.go

@@ -11,7 +11,7 @@ func GrafanaApiKey() *config.Rule {
 		Description: "Grafana api key (or Grafana cloud api key)",
 		RuleID:      "grafana-api-key",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`eyJrIjoi[A-Za-z0-9]{70,400}={0,2}`),
+		Regex:       generateUniqueTokenRegex(`eyJrIjoi[A-Za-z0-9]{70,400}={0,2}`, true),
 		Keywords:    []string{"eyJrIjoi"},
 	}
 
@@ -30,7 +30,7 @@ func GrafanaCloudApiToken() *config.Rule {
 		Description: "Grafana cloud api token",
 		RuleID:      "grafana-cloud-api-token",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`glc_[A-Za-z0-9+/]{32,400}={0,2}`),
+		Regex:       generateUniqueTokenRegex(`glc_[A-Za-z0-9+/]{32,400}={0,2}`, true),
 		Keywords:    []string{"glc_"},
 	}
 
@@ -49,7 +49,7 @@ func GrafanaServiceAccountToken() *config.Rule {
 		Description: "Grafana service account token",
 		RuleID:      "grafana-service-account-token",
 		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}`),
+		Regex:       generateUniqueTokenRegex(`glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}`, true),
 		Keywords:    []string{"glsa_"},
 	}
 

cmd/generate/config/rules/heroku.go

@@ -9,7 +9,7 @@ func Heroku() *config.Rule {
 	r := config.Rule{
 		Description: "Heroku API Key",
 		RuleID:      "heroku-api-key",
-		Regex:       generateSemiGenericRegex([]string{"heroku"}, hex8_4_4_4_12()),
+		Regex:       generateSemiGenericRegex([]string{"heroku"}, hex8_4_4_4_12(), true),
 		SecretGroup: 1,
 		Keywords:    []string{"heroku"},
 	}

cmd/generate/config/rules/hubspot.go

@@ -10,7 +10,7 @@ func HubSpot() *config.Rule {
 		Description: "HubSpot API Token",
 		RuleID:      "hubspot-api-key",
 		Regex: generateSemiGenericRegex([]string{"hubspot"},
-			`[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}`),
+			`[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}`, true),
 		SecretGroup: 1,
 		Keywords:    []string{"hubspot"},
 	}

cmd/generate/config/rules/intercom.go

@@ -10,7 +10,7 @@ func Intercom() *config.Rule {
 	r := config.Rule{
 		Description: "Intercom API Token",
 		RuleID:      "intercom-api-key",
-		Regex:       generateSemiGenericRegex([]string{"intercom"}, alphaNumericExtended("60")),
+		Regex:       generateSemiGenericRegex([]string{"intercom"}, alphaNumericExtended("60"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"intercom"},
 	}

cmd/generate/config/rules/jfrog.go

@@ -22,12 +22,11 @@ func JFrogAPIKey() *config.Rule {
 		SecretGroup: 1,
 
 		// Regex used for detecting secrets. See regex section below for more details
-		Regex: generateSemiGenericRegex(keywords, alphaNumeric("73")),
+		Regex: generateSemiGenericRegex(keywords, alphaNumeric("73"), true),
 
 		// Keywords used for string matching on fragments (think of this as a prefilter)
 		Keywords: keywords,
 	}
-
 	// validate
 	tps := []string{
 		fmt.Sprintf("--set imagePullSecretJfrog.password=%s", secrets.NewSecret(alphaNumeric("73"))),
@@ -50,7 +49,7 @@ func JFrogIdentityToken() *config.Rule {
 		SecretGroup: 1,
 
 		// Regex used for detecting secrets. See regex section below for more details
-		Regex: generateSemiGenericRegex(keywords, alphaNumeric("64")),
+		Regex: generateSemiGenericRegex(keywords, alphaNumeric("64"), true),
 
 		// Keywords used for string matching on fragments (think of this as a prefilter)
 		Keywords: keywords,

cmd/generate/config/rules/jwt.go

@@ -9,7 +9,7 @@ func JWT() *config.Rule {
 	r := config.Rule{
 		Description: "JSON Web Token",
 		RuleID:      "jwt",
-		Regex:       generateUniqueTokenRegex(`ey[0-9a-z]{30,34}\.ey[0-9a-z-\/_]{30,500}\.[0-9a-zA-Z-\/_]{10,200}={0,2}`),
+		Regex:       generateUniqueTokenRegex(`ey[0-9a-z]{30,34}\.ey[0-9a-z-\/_]{30,500}\.[0-9a-zA-Z-\/_]{10,200}={0,2}`, true),
 		Keywords:    []string{"ey"},
 	}
 

cmd/generate/config/rules/kraken.go

@@ -11,7 +11,7 @@ func KrakenAccessToken() *config.Rule {
 		RuleID:      "kraken-access-token",
 		Description: "Kraken Access Token",
 		Regex: generateSemiGenericRegex([]string{"kraken"},
-			alphaNumericExtendedLong("80,90")),
+			alphaNumericExtendedLong("80,90"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"kraken",

cmd/generate/config/rules/kucoin.go

@@ -10,7 +10,7 @@ func KucoinAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "kucoin-access-token",
 		Description: "Kucoin Access Token",
-		Regex:       generateSemiGenericRegex([]string{"kucoin"}, hex("24")),
+		Regex:       generateSemiGenericRegex([]string{"kucoin"}, hex("24"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"kucoin",
@@ -29,7 +29,7 @@ func KucoinSecretKey() *config.Rule {
 	r := config.Rule{
 		RuleID:      "kucoin-secret-key",
 		Description: "Kucoin Secret Key",
-		Regex:       generateSemiGenericRegex([]string{"kucoin"}, hex8_4_4_4_12()),
+		Regex:       generateSemiGenericRegex([]string{"kucoin"}, hex8_4_4_4_12(), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"kucoin",

cmd/generate/config/rules/launchdarkly.go

@@ -10,7 +10,7 @@ func LaunchDarklyAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "launchdarkly-access-token",
 		Description: "Launchdarkly Access Token",
-		Regex:       generateSemiGenericRegex([]string{"launchdarkly"}, alphaNumericExtended("40")),
+		Regex:       generateSemiGenericRegex([]string{"launchdarkly"}, alphaNumericExtended("40"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"launchdarkly",

cmd/generate/config/rules/linear.go

@@ -28,7 +28,7 @@ func LinearClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Linear Client Secret",
 		RuleID:      "linear-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"linear"}, hex("32")),
+		Regex:       generateSemiGenericRegex([]string{"linear"}, hex("32"), true),
 		Keywords:    []string{"linear"},
 		SecretGroup: 1,
 	}

cmd/generate/config/rules/linkedin.go

@@ -13,7 +13,7 @@ func LinkedinClientSecret() *config.Rule {
 		Regex: generateSemiGenericRegex([]string{
 			"linkedin",
 			"linked-in",
-		}, alphaNumeric("16")),
+		}, alphaNumeric("16"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"linkedin",
@@ -36,7 +36,7 @@ func LinkedinClientID() *config.Rule {
 		Regex: generateSemiGenericRegex([]string{
 			"linkedin",
 			"linked-in",
-		}, alphaNumeric("14")),
+		}, alphaNumeric("14"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"linkedin",

cmd/generate/config/rules/lob.go

@@ -10,7 +10,7 @@ func LobPubAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Lob Publishable API Key",
 		RuleID:      "lob-pub-api-key",
-		Regex:       generateSemiGenericRegex([]string{"lob"}, `(test|live)_pub_[a-f0-9]{31}`),
+		Regex:       generateSemiGenericRegex([]string{"lob"}, `(test|live)_pub_[a-f0-9]{31}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"test_pub",
@@ -31,7 +31,7 @@ func LobAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Lob API Key",
 		RuleID:      "lob-api-key",
-		Regex:       generateSemiGenericRegex([]string{"lob"}, `(live|test)_[a-f0-9]{35}`),
+		Regex:       generateSemiGenericRegex([]string{"lob"}, `(live|test)_[a-f0-9]{35}`, true),
 		Keywords: []string{
 			"test_",
 			"live_",

cmd/generate/config/rules/mailchimp.go

@@ -10,7 +10,7 @@ func MailChimp() *config.Rule {
 	r := config.Rule{
 		RuleID:      "mailchimp-api-key",
 		Description: "Mailchimp API key",
-		Regex:       generateSemiGenericRegex([]string{"mailchimp"}, `[a-f0-9]{32}-us20`),
+		Regex:       generateSemiGenericRegex([]string{"mailchimp"}, `[a-f0-9]{32}-us20`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"mailchimp",

cmd/generate/config/rules/mailgun.go

@@ -10,7 +10,7 @@ func MailGunPrivateAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "mailgun-private-api-token",
 		Description: "Mailgun private API token",
-		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `key-[a-f0-9]{32}`),
+		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `key-[a-f0-9]{32}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"mailgun",
@@ -29,7 +29,7 @@ func MailGunPubAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "mailgun-pub-key",
 		Description: "Mailgun public validation key",
-		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `pubkey-[a-f0-9]{32}`),
+		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `pubkey-[a-f0-9]{32}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"mailgun",
@@ -48,7 +48,7 @@ func MailGunSigningKey() *config.Rule {
 	r := config.Rule{
 		RuleID:      "mailgun-signing-key",
 		Description: "Mailgun webhook signing key",
-		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8}`),
+		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"mailgun",

cmd/generate/config/rules/mapbox.go

@@ -10,7 +10,7 @@ func MapBox() *config.Rule {
 	r := config.Rule{
 		Description: "MapBox API token",
 		RuleID:      "mapbox-api-token",
-		Regex:       generateSemiGenericRegex([]string{"mapbox"}, `pk\.[a-z0-9]{60}\.[a-z0-9]{22}`),
+		Regex:       generateSemiGenericRegex([]string{"mapbox"}, `pk\.[a-z0-9]{60}\.[a-z0-9]{22}`, true),
 		SecretGroup: 1,
 		Keywords:    []string{"mapbox"},
 	}

cmd/generate/config/rules/mattermost.go

@@ -10,7 +10,7 @@ func MattermostAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "mattermost-access-token",
 		Description: "Mattermost Access Token",
-		Regex:       generateSemiGenericRegex([]string{"mattermost"}, alphaNumeric("26")),
+		Regex:       generateSemiGenericRegex([]string{"mattermost"}, alphaNumeric("26"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"mattermost",

cmd/generate/config/rules/messagebird.go

@@ -14,7 +14,7 @@ func MessageBirdAPIToken() *config.Rule {
 			"messagebird",
 			"message-bird",
 			"message_bird",
-		}, alphaNumeric("25")),
+		}, alphaNumeric("25"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"messagebird",
@@ -41,7 +41,7 @@ func MessageBirdClientID() *config.Rule {
 			"messagebird",
 			"message-bird",
 			"message_bird",
-		}, hex8_4_4_4_12()),
+		}, hex8_4_4_4_12(), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"messagebird",

cmd/generate/config/rules/netlify.go

@@ -11,7 +11,7 @@ func NetlifyAccessToken() *config.Rule {
 		RuleID:      "netlify-access-token",
 		Description: "Netlify Access Token",
 		Regex: generateSemiGenericRegex([]string{"netlify"},
-			alphaNumericExtended("40,46")),
+			alphaNumericExtended("40,46"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"netlify",

cmd/generate/config/rules/newrelic.go

@@ -14,7 +14,7 @@ func NewRelicUserID() *config.Rule {
 			"new-relic",
 			"newrelic",
 			"new_relic",
-		}, `NRAK-[a-z0-9]{27}`),
+		}, `NRAK-[a-z0-9]{27}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"NRAK",
@@ -37,7 +37,7 @@ func NewRelicUserKey() *config.Rule {
 			"new-relic",
 			"newrelic",
 			"new_relic",
-		}, alphaNumeric("64")),
+		}, alphaNumeric("64"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"new-relic",
@@ -62,7 +62,7 @@ func NewRelicBrowserAPIKey() *config.Rule {
 			"new-relic",
 			"newrelic",
 			"new_relic",
-		}, `NRJS-[a-f0-9]{19}`),
+		}, `NRJS-[a-f0-9]{19}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"NRJS-",

cmd/generate/config/rules/npm.go

@@ -10,7 +10,7 @@ func NPM() *config.Rule {
 	r := config.Rule{
 		RuleID:      "npm-access-token",
 		Description: "npm access token",
-		Regex:       generateUniqueTokenRegex(`npm_[a-z0-9]{36}`),
+		Regex:       generateUniqueTokenRegex(`npm_[a-z0-9]{36}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"npm_",

cmd/generate/config/rules/nytimes.go

@@ -12,7 +12,7 @@ func NytimesAccessToken() *config.Rule {
 		Description: "Nytimes Access Token",
 		Regex: generateSemiGenericRegex([]string{
 			"nytimes", "new-york-times,", "newyorktimes"},
-			alphaNumericExtended("32")),
+			alphaNumericExtended("32"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"nytimes",

cmd/generate/config/rules/okta.go

@@ -11,7 +11,7 @@ func OktaAccessToken() *config.Rule {
 		RuleID:      "okta-access-token",
 		Description: "Okta Access Token",
 		Regex: generateSemiGenericRegex([]string{"okta"},
-			alphaNumericExtended("42")),
+			alphaNumericExtended("42"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"okta",

cmd/generate/config/rules/openai.go

@@ -10,7 +10,7 @@ func OpenAI() *config.Rule {
 	r := config.Rule{
 		RuleID:      "openai-api-key",
 		Description: "OpenAI API Key",
-		Regex:       generateUniqueTokenRegex(`sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20}`),
+		Regex:       generateUniqueTokenRegex(`sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"T3BlbkFJ",

cmd/generate/config/rules/plaid.go

@@ -12,7 +12,7 @@ func PlaidAccessID() *config.Rule {
 	r := config.Rule{
 		RuleID:      "plaid-client-id",
 		Description: "Plaid Client ID",
-		Regex:       generateSemiGenericRegex([]string{"plaid"}, alphaNumeric("24")),
+		Regex:       generateSemiGenericRegex([]string{"plaid"}, alphaNumeric("24"), true),
 		SecretGroup: 1,
 		Entropy:     3.5,
 		Keywords: []string{
@@ -32,7 +32,7 @@ func PlaidSecretKey() *config.Rule {
 	r := config.Rule{
 		RuleID:      "plaid-secret-key",
 		Description: "Plaid Secret key",
-		Regex:       generateSemiGenericRegex([]string{"plaid"}, alphaNumeric("30")),
+		Regex:       generateSemiGenericRegex([]string{"plaid"}, alphaNumeric("30"), true),
 		SecretGroup: 1,
 		Entropy:     3.5,
 		Keywords: []string{
@@ -53,7 +53,7 @@ func PlaidAccessToken() *config.Rule {
 		RuleID:      "plaid-api-token",
 		Description: "Plaid API Token",
 		Regex: generateSemiGenericRegex([]string{"plaid"},
-			fmt.Sprintf("access-(?:sandbox|development|production)-%s", hex8_4_4_4_12())),
+			fmt.Sprintf("access-(?:sandbox|development|production)-%s", hex8_4_4_4_12()), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"plaid",

cmd/generate/config/rules/planetscale.go

@@ -10,7 +10,7 @@ func PlanetScalePassword() *config.Rule {
 	r := config.Rule{
 		RuleID:      "planetscale-password",
 		Description: "PlanetScale password",
-		Regex:       generateUniqueTokenRegex(`pscale_pw_(?i)[a-z0-9=\-_\.]{32,64}`),
+		Regex:       generateUniqueTokenRegex(`pscale_pw_(?i)[a-z0-9=\-_\.]{32,64}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"pscale_pw_",
@@ -31,7 +31,7 @@ func PlanetScaleAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "planetscale-api-token",
 		Description: "PlanetScale API token",
-		Regex:       generateUniqueTokenRegex(`pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64}`),
+		Regex:       generateUniqueTokenRegex(`pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"pscale_tkn_",
@@ -52,7 +52,7 @@ func PlanetScaleOAuthToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "planetscale-oauth-token",
 		Description: "PlanetScale OAuth token",
-		Regex:       generateUniqueTokenRegex(`pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64}`),
+		Regex:       generateUniqueTokenRegex(`pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"pscale_oauth_",

cmd/generate/config/rules/postman.go

@@ -10,7 +10,7 @@ func PostManAPI() *config.Rule {
 	r := config.Rule{
 		RuleID:      "postman-api-token",
 		Description: "Postman API token",
-		Regex:       generateUniqueTokenRegex(`PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}`),
+		Regex:       generateUniqueTokenRegex(`PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"PMAK-",

cmd/generate/config/rules/prefect.go

@@ -10,7 +10,7 @@ func Prefect() *config.Rule {
 	r := config.Rule{
 		RuleID:      "prefect-api-token",
 		Description: "Prefect API token",
-		Regex:       generateUniqueTokenRegex(`pnu_[a-z0-9]{36}`),
+		Regex:       generateUniqueTokenRegex(`pnu_[a-z0-9]{36}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"pnu_",

cmd/generate/config/rules/pulumi.go

@@ -10,7 +10,7 @@ func PulumiAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "pulumi-api-token",
 		Description: "Pulumi API token",
-		Regex:       generateUniqueTokenRegex(`pul-[a-f0-9]{40}`),
+		Regex:       generateUniqueTokenRegex(`pul-[a-f0-9]{40}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"pul-",

cmd/generate/config/rules/rapidapi.go

@@ -11,7 +11,7 @@ func RapidAPIAccessToken() *config.Rule {
 		RuleID:      "rapidapi-access-token",
 		Description: "RapidAPI Access Token",
 		Regex: generateSemiGenericRegex([]string{"rapidapi"},
-			alphaNumericExtendedShort("50")),
+			alphaNumericExtendedShort("50"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"rapidapi",

cmd/generate/config/rules/readme.go

@@ -10,7 +10,7 @@ func ReadMe() *config.Rule {
 	r := config.Rule{
 		RuleID:      "readme-api-token",
 		Description: "Readme API token",
-		Regex:       generateUniqueTokenRegex(`rdme_[a-z0-9]{70}`),
+		Regex:       generateUniqueTokenRegex(`rdme_[a-z0-9]{70}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"rdme_",

cmd/generate/config/rules/rubygems.go

@@ -10,7 +10,7 @@ func RubyGemsAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "rubygems-api-token",
 		Description: "Rubygem API token",
-		Regex:       generateUniqueTokenRegex(`rubygems_[a-f0-9]{48}`),
+		Regex:       generateUniqueTokenRegex(`rubygems_[a-f0-9]{48}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"rubygems_",

cmd/generate/config/rules/rule.go

@@ -15,8 +15,10 @@ const (
 	caseInsensitive = `(?i)`
 
 	// identifier prefix (just an ignore group)
-	identifierPrefix = `(?:`
-	identifierSuffix = `)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}`
+	identifierCaseInsensitivePrefix = `(?i:`
+	identifierCaseInsensitiveSuffix = `)`
+	identifierPrefix                = `(?:`
+	identifierSuffix                = `)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}`
 
 	// commonly used assignment operators or function call
 	operator = `(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)`
@@ -28,12 +30,18 @@ const (
 	secretSuffix       = `)(?:['|\"|\n|\r|\s|\x60|;]|$)`
 )
 
-func generateSemiGenericRegex(identifiers []string, secretRegex string) *regexp.Regexp {
+func generateSemiGenericRegex(identifiers []string, secretRegex string, isCaseInsensitive bool) *regexp.Regexp {
 	var sb strings.Builder
-	sb.WriteString(caseInsensitive)
-	sb.WriteString(identifierPrefix)
-	sb.WriteString(strings.Join(identifiers, "|"))
-	sb.WriteString(identifierSuffix)
+	// The identifiers should always be case-insensitive.
+	// This is inelegant but prevents an extraneous `(?i:)` from being added to the pattern; it could be removed.
+	if isCaseInsensitive {
+		sb.WriteString(caseInsensitive)
+		writeIdentifiers(&sb, identifiers)
+	} else {
+		sb.WriteString(identifierCaseInsensitivePrefix)
+		writeIdentifiers(&sb, identifiers)
+		sb.WriteString(identifierCaseInsensitiveSuffix)
+	}
 	sb.WriteString(operator)
 	sb.WriteString(secretPrefix)
 	sb.WriteString(secretRegex)
@@ -41,9 +49,17 @@ func generateSemiGenericRegex(identifiers []string, secretRegex string) *regexp.
 	return regexp.MustCompile(sb.String())
 }
 
-func generateUniqueTokenRegex(secretRegex string) *regexp.Regexp {
+func writeIdentifiers(sb *strings.Builder, identifiers []string) {
+	sb.WriteString(identifierPrefix)
+	sb.WriteString(strings.Join(identifiers, "|"))
+	sb.WriteString(identifierSuffix)
+}
+
+func generateUniqueTokenRegex(secretRegex string, isCaseInsensitive bool) *regexp.Regexp {
 	var sb strings.Builder
-	sb.WriteString(caseInsensitive)
+	if isCaseInsensitive {
+		sb.WriteString(caseInsensitive)
+	}
 	sb.WriteString(secretPrefixUnique)
 	sb.WriteString(secretRegex)
 	sb.WriteString(secretSuffix)

cmd/generate/config/rules/sendbird.go

@@ -10,7 +10,7 @@ func SendbirdAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "sendbird-access-token",
 		Description: "Sendbird Access Token",
-		Regex:       generateSemiGenericRegex([]string{"sendbird"}, hex("40")),
+		Regex:       generateSemiGenericRegex([]string{"sendbird"}, hex("40"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"sendbird",
@@ -29,7 +29,7 @@ func SendbirdAccessID() *config.Rule {
 	r := config.Rule{
 		RuleID:      "sendbird-access-id",
 		Description: "Sendbird Access ID",
-		Regex:       generateSemiGenericRegex([]string{"sendbird"}, hex8_4_4_4_12()),
+		Regex:       generateSemiGenericRegex([]string{"sendbird"}, hex8_4_4_4_12(), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"sendbird",

cmd/generate/config/rules/sendgrid.go

@@ -10,7 +10,7 @@ func SendGridAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "sendgrid-api-token",
 		Description: "SendGrid API token",
-		Regex:       generateUniqueTokenRegex(`SG\.(?i)[a-z0-9=_\-\.]{66}`),
+		Regex:       generateUniqueTokenRegex(`SG\.(?i)[a-z0-9=_\-\.]{66}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"SG.",

cmd/generate/config/rules/sendinblue.go

@@ -10,7 +10,7 @@ func SendInBlueAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "sendinblue-api-token",
 		Description: "Sendinblue API token",
-		Regex:       generateUniqueTokenRegex(`xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}`),
+		Regex:       generateUniqueTokenRegex(`xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"xkeysib-",

cmd/generate/config/rules/sentry.go

@@ -10,7 +10,7 @@ func SentryAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "sentry-access-token",
 		Description: "Sentry Access Token",
-		Regex:       generateSemiGenericRegex([]string{"sentry"}, hex("64")),
+		Regex:       generateSemiGenericRegex([]string{"sentry"}, hex("64"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"sentry",

cmd/generate/config/rules/shippo.go

@@ -10,7 +10,7 @@ func ShippoAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "shippo-api-token",
 		Description: "Shippo API token",
-		Regex:       generateUniqueTokenRegex(`shippo_(live|test)_[a-f0-9]{40}`),
+		Regex:       generateUniqueTokenRegex(`shippo_(live|test)_[a-f0-9]{40}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"shippo_",

cmd/generate/config/rules/sidekiq.go

@@ -13,7 +13,7 @@ func SidekiqSecret() *config.Rule {
 		RuleID:      "sidekiq-secret",
 		SecretGroup: 1,
 		Regex: generateSemiGenericRegex([]string{"BUNDLE_ENTERPRISE__CONTRIBSYS__COM", "BUNDLE_GEMS__CONTRIBSYS__COM"},
-			`[a-f0-9]{8}:[a-f0-9]{8}`),
+			`[a-f0-9]{8}:[a-f0-9]{8}`, true),
 		Keywords: []string{"BUNDLE_ENTERPRISE__CONTRIBSYS__COM", "BUNDLE_GEMS__CONTRIBSYS__COM"},
 	}
 

cmd/generate/config/rules/snyk.go

@@ -10,7 +10,7 @@ func Snyk() *config.Rule {
 		Description: "Snyk API token",
 		RuleID:      "snyk-api-token",
 		SecretGroup: 1,
-		Regex:       generateSemiGenericRegex([]string{"snyk"}, hex8_4_4_4_12()),
+		Regex:       generateSemiGenericRegex([]string{"snyk"}, hex8_4_4_4_12(), true),
 		Keywords:    []string{"snyk"},
 	}
 

cmd/generate/config/rules/square.go

@@ -10,7 +10,7 @@ func SquareAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "square-access-token",
 		Description: "Square Access Token",
-		Regex:       generateUniqueTokenRegex(`sq0atp-[0-9A-Za-z\-_]{22}`),
+		Regex:       generateUniqueTokenRegex(`sq0atp-[0-9A-Za-z\-_]{22}`, true),
 		Keywords:    []string{"sq0atp-"},
 	}
 
@@ -26,7 +26,7 @@ func SquareSecret() *config.Rule {
 	r := config.Rule{
 		RuleID:      "square-secret",
 		Description: "Square Secret",
-		Regex:       generateUniqueTokenRegex(`sq0csp-[0-9A-Za-z\\-_]{43}`),
+		Regex:       generateUniqueTokenRegex(`sq0csp-[0-9A-Za-z\\-_]{43}`, true),
 		Keywords:    []string{"sq0csp-"},
 	}
 

cmd/generate/config/rules/squarespace.go

@@ -10,7 +10,7 @@ func SquareSpaceAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "squarespace-access-token",
 		Description: "Squarespace Access Token",
-		Regex:       generateSemiGenericRegex([]string{"squarespace"}, hex8_4_4_4_12()),
+		Regex:       generateSemiGenericRegex([]string{"squarespace"}, hex8_4_4_4_12(), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"squarespace",

cmd/generate/config/rules/sumologic.go

@@ -14,7 +14,7 @@ func SumoLogicAccessID() *config.Rule {
 		Description: "SumoLogic Access ID",
 		// TODO: Make 'su' case-sensitive.
 		Regex: generateSemiGenericRegex([]string{"sumo"},
-			"su[a-zA-Z0-9]{12}"),
+			"su[a-zA-Z0-9]{12}", false),
 		SecretGroup: 1,
 		Entropy:     3,
 		Keywords: []string{
@@ -56,7 +56,7 @@ func SumoLogicAccessToken() *config.Rule {
 		RuleID:      "sumologic-access-token",
 		Description: "SumoLogic Access Token",
 		Regex: generateSemiGenericRegex([]string{"sumo"},
-			alphaNumeric("64")),
+			alphaNumeric("64"), true),
 		SecretGroup: 1,
 		Entropy:     3,
 		Keywords: []string{

cmd/generate/config/rules/travisci.go

@@ -10,7 +10,7 @@ func TravisCIAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "travisci-access-token",
 		Description: "Travis CI Access Token",
-		Regex:       generateSemiGenericRegex([]string{"travis"}, alphaNumeric("22")),
+		Regex:       generateSemiGenericRegex([]string{"travis"}, alphaNumeric("22"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"travis",

cmd/generate/config/rules/trello.go

@@ -10,7 +10,7 @@ func TrelloAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "trello-access-token",
 		Description: "Trello Access Token",
-		Regex:       generateSemiGenericRegex([]string{"trello"}, `[a-zA-Z-0-9]{32}`),
+		Regex:       generateSemiGenericRegex([]string{"trello"}, `[a-zA-Z-0-9]{32}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"trello",

cmd/generate/config/rules/twitch.go

@@ -10,7 +10,7 @@ func TwitchAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "twitch-api-token",
 		Description: "Twitch API token",
-		Regex:       generateSemiGenericRegex([]string{"twitch"}, alphaNumeric("30")),
+		Regex:       generateSemiGenericRegex([]string{"twitch"}, alphaNumeric("30"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"twitch",

cmd/generate/config/rules/twitter.go

@@ -10,7 +10,7 @@ func TwitterAPIKey() *config.Rule {
 	r := config.Rule{
 		Description: "Twitter API Key",
 		RuleID:      "twitter-api-key",
-		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("25")),
+		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("25"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
@@ -27,7 +27,7 @@ func TwitterAPISecret() *config.Rule {
 	r := config.Rule{
 		Description: "Twitter API Secret",
 		RuleID:      "twitter-api-secret",
-		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("50")),
+		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("50"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
@@ -44,7 +44,7 @@ func TwitterBearerToken() *config.Rule {
 	r := config.Rule{
 		Description: "Twitter Bearer Token",
 		RuleID:      "twitter-bearer-token",
-		Regex:       generateSemiGenericRegex([]string{"twitter"}, "A{22}[a-zA-Z0-9%]{80,100}"),
+		Regex:       generateSemiGenericRegex([]string{"twitter"}, "A{22}[a-zA-Z0-9%]{80,100}", true),
 		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
@@ -61,7 +61,7 @@ func TwitterAccessToken() *config.Rule {
 	r := config.Rule{
 		Description: "Twitter Access Token",
 		RuleID:      "twitter-access-token",
-		Regex:       generateSemiGenericRegex([]string{"twitter"}, "[0-9]{15,25}-[a-zA-Z0-9]{20,40}"),
+		Regex:       generateSemiGenericRegex([]string{"twitter"}, "[0-9]{15,25}-[a-zA-Z0-9]{20,40}", true),
 		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
@@ -78,7 +78,7 @@ func TwitterAccessSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Twitter Access Secret",
 		RuleID:      "twitter-access-secret",
-		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("45")),
+		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("45"), true),
 		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}

cmd/generate/config/rules/typeform.go

@@ -11,7 +11,7 @@ func Typeform() *config.Rule {
 		RuleID:      "typeform-api-token",
 		Description: "Typeform API token",
 		Regex: generateSemiGenericRegex([]string{"typeform"},
-			`tfp_[a-z0-9\-_\.=]{59}`),
+			`tfp_[a-z0-9\-_\.=]{59}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"tfp_",

cmd/generate/config/rules/vault.go

@@ -10,7 +10,7 @@ func VaultServiceToken() *config.Rule {
 	r := config.Rule{
 		Description: "Vault Service Token",
 		RuleID:      "vault-service-token",
-		Regex:       generateUniqueTokenRegex(`hvs\.[a-z0-9_-]{90,100}`),
+		Regex:       generateUniqueTokenRegex(`hvs\.[a-z0-9_-]{90,100}`, true),
 		Keywords:    []string{"hvs"},
 	}
 
@@ -26,7 +26,7 @@ func VaultBatchToken() *config.Rule {
 	r := config.Rule{
 		Description: "Vault Batch Token",
 		RuleID:      "vault-batch-token",
-		Regex:       generateUniqueTokenRegex(`hvb\.[a-z0-9_-]{138,212}`),
+		Regex:       generateUniqueTokenRegex(`hvb\.[a-z0-9_-]{138,212}`, true),
 		Keywords:    []string{"hvb"},
 	}
 

cmd/generate/config/rules/yandex.go

@@ -11,7 +11,7 @@ func YandexAWSAccessToken() *config.Rule {
 		RuleID:      "yandex-aws-access-token",
 		Description: "Yandex AWS Access Token",
 		Regex: generateSemiGenericRegex([]string{"yandex"},
-			`YC[a-zA-Z0-9_\-]{38}`),
+			`YC[a-zA-Z0-9_\-]{38}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"yandex",
@@ -32,7 +32,7 @@ func YandexAPIKey() *config.Rule {
 		RuleID:      "yandex-api-key",
 		Description: "Yandex API Key",
 		Regex: generateSemiGenericRegex([]string{"yandex"},
-			`AQVN[A-Za-z0-9_\-]{35,38}`),
+			`AQVN[A-Za-z0-9_\-]{35,38}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"yandex",
@@ -53,7 +53,7 @@ func YandexAccessToken() *config.Rule {
 		RuleID:      "yandex-access-token",
 		Description: "Yandex Access Token",
 		Regex: generateSemiGenericRegex([]string{"yandex"},
-			`t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}`),
+			`t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}`, true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"yandex",

cmd/generate/config/rules/zendesk.go

@@ -10,7 +10,7 @@ func ZendeskSecretKey() *config.Rule {
 	r := config.Rule{
 		RuleID:      "zendesk-secret-key",
 		Description: "Zendesk Secret Key",
-		Regex:       generateSemiGenericRegex([]string{"zendesk"}, alphaNumeric("40")),
+		Regex:       generateSemiGenericRegex([]string{"zendesk"}, alphaNumeric("40"), true),
 		SecretGroup: 1,
 		Keywords: []string{
 			"zendesk",

config/gitleaks.toml

@@ -2759,7 +2759,7 @@ keywords = [
 [[rules]]
 id = "sumologic-access-id"
 description = "SumoLogic Access ID"
-regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+regex = '''(?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 secretGroup = 1
 entropy = 3
 keywords = [