Detect Notion Public API Keys #1889 (#1890)

* add notion api rule

* Update cmd/generate/config/rules/notion.go

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* Update cmd/generate/config/rules/notion.go

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* change gitleaks toml

---------

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

cmd/generate/config/main.go

@@ -161,6 +161,7 @@ func main() {
 		rules.NewRelicUserKey(),
 		rules.NewRelicBrowserAPIKey(),
 		rules.NewRelicInsertKey(),
+		rules.Notion(),
 		rules.NPM(),
 		rules.NugetConfigPassword(),
 		rules.NytimesAccessToken(),

cmd/generate/config/rules/notion.go

@@ -0,0 +1,39 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func Notion() *config.Rule {
+    // Define the identifiers that match the Keywords
+    identifiers := []string{"ntn_"}
+    
+    // Define the regex pattern for Notion API token
+    secretRegex := `ntn_[0-9]{11}[A-Za-z0-9]{32}[A-Za-z0-9]{3}`
+    
+    regex := utils.GenerateUniqueTokenRegex(secretRegex, false)
+    
+    r := config.Rule{
+        Description: "Notion API token",
+        RuleID: "notion-api-token",
+        Regex: regex,
+        Entropy: 4,
+        Keywords: identifiers,
+    }
+
+    // validate
+	tps := []string{
+		"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",
+		"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",
+		"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",
+	}
+
+	fps:= []string{
+		"ntn_12345678901",
+		"ntn_123456789012345678901234567890123456789012345678901234567890",
+		"ntn_12345678901abc",
+	}
+
+    return utils.Validate(r, tps, fps)
+}

config/gitleaks.toml

@@ -2585,6 +2585,13 @@ description = "Discovered a New Relic user API Key, which could lead to compromi
 regex = '''(?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRAK-[a-z0-9]{27})(?:[\x60'"\s;]|\\[nr]|$)'''
 keywords = ["nrak"]
 
+[[rules]]
+id = "notion-api-token"
+description = "Notion API token"
+regex = '''\b(ntn_[0-9]{11}[A-Za-z0-9]{32}[A-Za-z0-9]{3})(?:[\x60'"\s;]|\\[nr]|$)'''
+entropy = 4
+keywords = ["ntn_"]
+
 [[rules]]
 id = "npm-access-token"
 description = "Uncovered an npm access token, potentially compromising package management and code repository access."