update mailchimp with new tokens (#1376)

cmd/generate/config/rules/mailchimp.go

@@ -10,7 +10,7 @@ func MailChimp() *config.Rule {
 	r := config.Rule{
 		RuleID:      "mailchimp-api-key",
 		Description: "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data.",
-		Regex:       generateSemiGenericRegex([]string{"mailchimp"}, `[a-f0-9]{32}-us20`, true),
+		Regex:       generateSemiGenericRegex([]string{"MailchimpSDK.initialize", "mailchimp"}, hex("32")+`-us\d\d`, true),
 
 		Keywords: []string{
 			"mailchimp",
@@ -20,6 +20,12 @@ func MailChimp() *config.Rule {
 	// validate
 	tps := []string{
 		generateSampleSecret("mailchimp", secrets.NewSecret(hex("32"))+"-us20"),
+		`mailchimp_api_key: cefa780880ba5f5696192a34f6292c35-us18`, // gitleaks:allow
+		`MAILCHIMPE_KEY = "b5b9f8e50c640da28993e8b6a48e3e53-us18"`, // gitleaks:allow
 	}
-	return validate(r, tps, nil)
+	fps := []string{
+		// False Negative
+		`MailchimpSDK.initialize(token: 3012a5754bbd716926f99c028f7ea428-us18)`, // gitleaks:allow
+	}
+	return validate(r, tps, fps)
 }

config/gitleaks.toml

@@ -2237,7 +2237,7 @@ keywords = [
 [[rules]]
 id = "mailchimp-api-key"
 description = "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data."
-regex = '''(?i)(?:mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us20)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+regex = '''(?i)(?:MailchimpSDK.initialize|mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 keywords = [
     "mailchimp",
 ]