Add new jira api token pattern (#1601)

* add new jira api token pattern

* Apply suggestions from code review

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* apply comments from PR

* Apply suggestions from code review

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* apply comments from PR

---------

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

cmd/generate/config/rules/atlassian.go

@@ -11,15 +11,23 @@ func Atlassian() *config.Rule {
 	r := config.Rule{
 		Description: "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality.",
 		RuleID:      "atlassian-api-token",
-		Regex: utils.GenerateSemiGenericRegex([]string{
-			"atlassian", "confluence", "jira"}, utils.AlphaNumeric("24"), true),
-		Keywords: []string{"atlassian", "confluence", "jira"},
+		Regex: utils.MergeRegexps(
+			utils.GenerateSemiGenericRegex(
+				[]string{"atlassian", "confluence", "jira"},
+				`[a-zA-Z0-9]{24}`,
+				false,
+			),
+			utils.GenerateUniqueTokenRegex(`ATATT3[A-Za-z0-9_\-=]{186}`, false),
+		),
+		Entropy:  3.5,
+		Keywords: []string{"atlassian", "confluence", "jira", "atatt3"},
 	}
 
 	// validate
 	tps := utils.GenerateSampleSecrets("atlassian", secrets.NewSecret(utils.AlphaNumeric("24")))
 	tps = append(tps, utils.GenerateSampleSecrets("confluence", secrets.NewSecret(utils.AlphaNumeric("24")))...)
 	tps = append(tps, utils.GenerateSampleSecrets("jira", secrets.NewSecret(utils.AlphaNumeric("24")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("jira", "ATATT3xFfGF0K3irG5tKKi-6u-wwaXQFeGwZ-IHR-hQ3CulkKtMSuteRQFfLZ6jihHThzZCg_UjnDt-4Wl_gIRf4zrZJs5JqaeuBhsfJ4W5GD6yGg3W7903gbvaxZPBjxIQQ7BgFDSkPS8oPispw4KLz56mdK-G6CIvLO6hHRrZHY0Q3tvJ6JxE=C63992E6")...)
 
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/utils/generate.go

@@ -50,6 +50,16 @@ func GenerateSemiGenericRegex(identifiers []string, secretRegex string, isCaseIn
 	return regexp.MustCompile(sb.String())
 }
 
+func MergeRegexps(regexps ...*regexp.Regexp) *regexp.Regexp {
+	patterns := make([]string, len(regexps))
+
+	for i, r := range regexps {
+		patterns[i] = r.String()
+	}
+
+	return regexp.MustCompile(strings.Join(patterns, "|"))
+}
+
 func writeIdentifiers(sb *strings.Builder, identifiers []string) {
 	sb.WriteString(identifierPrefix)
 	sb.WriteString(strings.Join(identifiers, "|"))

config/gitleaks.toml

@@ -131,11 +131,13 @@ keywords = ["asana"]
 [[rules]]
 id = "atlassian-api-token"
 description = "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality."
-regex = '''(?i)[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+entropy = 3.5
 keywords = [
     "atlassian",
     "confluence",
     "jira",
+    "atatt3",
 ]
 
 [[rules]]