Generate comprehensive secret samples (#1484)

* feat(config): comprehensive samples

* refactor(config): use new generate func

* chore(config): comment unsupported cases

* feat(config): enable '?=' case

* feat(config): enable '+=' case

* feat(config): enable escaped json case

* feat(config): enable '<' (xml) case

* feat(config): enable multiline yaml case

* chore(config): add comment case

* feat(config): add php cases

* feat(config): add java case

* chore(config): address review comments

* fix(config): prevent matching '=='

* feat(config): add URL cases

* chore(config): revert regex changes
To be tackled in separate PRs.

cmd/generate/config/rules/adafruit.go

@@ -16,8 +16,6 @@ func AdafruitAPIKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("adafruit", secrets.NewSecret(utils.AlphaNumericExtendedShort("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("adafruit", secrets.NewSecret(utils.AlphaNumericExtendedShort("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/adobe.go

@@ -17,9 +17,7 @@ func AdobeClientID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("adobe", secrets.NewSecret(utils.Hex("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("adobe", secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }
 

cmd/generate/config/rules/age.go

@@ -17,8 +17,6 @@ func AgeSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		`apiKey := "AGE-SECRET-KEY-1QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ`, // gitleaks:allow
-	}
+	tps := utils.GenerateSampleSecrets("age", `AGE-SECRET-KEY-1QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ`) // gitleaks:allow
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/airtable.go

@@ -16,8 +16,6 @@ func Airtable() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("airtable", secrets.NewSecret(utils.AlphaNumeric("17"))),
-	}
+	tps := utils.GenerateSampleSecrets("airtable", secrets.NewSecret(utils.AlphaNumeric("17")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/algolia.go

@@ -16,8 +16,6 @@ func AlgoliaApiKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		"algolia_key := " + secrets.NewSecret(utils.Hex("32")),
-	}
+	tps := utils.GenerateSampleSecrets("algolia", secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/alibaba.go

@@ -35,8 +35,6 @@ func AlibabaSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("alibaba", secrets.NewSecret(utils.AlphaNumeric("30"))),
-	}
+	tps := utils.GenerateSampleSecrets("alibaba", secrets.NewSecret(utils.AlphaNumeric("30")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/asana.go

@@ -16,9 +16,7 @@ func AsanaClientID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("asana", secrets.NewSecret(utils.Numeric("16"))),
-	}
+	tps := utils.GenerateSampleSecrets("asana", secrets.NewSecret(utils.Numeric("16")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -33,8 +31,6 @@ func AsanaClientSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("asana", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("asana", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/atlassian.go

@@ -17,9 +17,9 @@ func Atlassian() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("atlassian", secrets.NewSecret(utils.AlphaNumeric("24"))),
-		utils.GenerateSampleSecret("confluence", secrets.NewSecret(utils.AlphaNumeric("24"))),
-	}
+	tps := utils.GenerateSampleSecrets("atlassian", secrets.NewSecret(utils.AlphaNumeric("24")))
+	tps = append(tps, utils.GenerateSampleSecrets("confluence", secrets.NewSecret(utils.AlphaNumeric("24")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("jira", secrets.NewSecret(utils.AlphaNumeric("24")))...)
+
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/authress.go

@@ -26,8 +26,6 @@ func Authress() *config.Rule {
 	account_id := "acc_" + utils.AlphaNumeric("10")
 	signature_key := utils.AlphaNumericExtendedShort("40")
 
-	tps := []string{
-		utils.GenerateSampleSecret("authress", secrets.NewSecret(fmt.Sprintf(`%s\.%s\.%s\.%s`, service_client_id, access_key_id, account_id, signature_key))),
-	}
+	tps := utils.GenerateSampleSecrets("authress", secrets.NewSecret(fmt.Sprintf(`%s\.%s\.%s\.%s`, service_client_id, access_key_id, account_id, signature_key)))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/aws.go

@@ -11,8 +11,8 @@ import (
 func AWS() *config.Rule {
 	// define rule
 	r := config.Rule{
-		Description: "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.",
 		RuleID:      "aws-access-token",
+		Description: "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.",
 		Regex:       regexp.MustCompile(`\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b`),
 		Entropy:     3,
 		Keywords: []string{
@@ -33,18 +33,12 @@ func AWS() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("AWS", "AKIALALEMEL33243OLIB"), // gitleaks:allow
-
-		// as part of a URL
-		`https://aws.example.com/test/abc?AWSAccessKeyId=AKIALALEMEL33243OLIB&Signature=test`, // gitleaks:allow
-
-		// current AWS tokens cannot contain [0,1,8,9], so their entropy is slightly lower than expected.
-		utils.GenerateSampleSecret("AWS", "AKIA"+secrets.NewSecret("[A-Z2-7]{16}")),
-		utils.GenerateSampleSecret("AWS", "ASIA"+secrets.NewSecret("[A-Z2-7]{16}")),
-		utils.GenerateSampleSecret("AWS", "ABIA"+secrets.NewSecret("[A-Z2-7]{16}")),
-		utils.GenerateSampleSecret("AWS", "ACCA"+secrets.NewSecret("[A-Z2-7]{16}")),
-	}
+	tps := utils.GenerateSampleSecrets("AWS", "AKIALALEMEL33243OLIB") // gitleaks:allow
+	// current AWS tokens cannot contain [0,1,8,9], so their entropy is slightly lower than expected.
+	tps = append(tps, utils.GenerateSampleSecrets("AWS", "AKIA"+secrets.NewSecret("[A-Z2-7]{16}"))...)
+	tps = append(tps, utils.GenerateSampleSecrets("AWS", "ASIA"+secrets.NewSecret("[A-Z2-7]{16}"))...)
+	tps = append(tps, utils.GenerateSampleSecrets("AWS", "ABIA"+secrets.NewSecret("[A-Z2-7]{16}"))...)
+	tps = append(tps, utils.GenerateSampleSecrets("AWS", "ACCA"+secrets.NewSecret("[A-Z2-7]{16}"))...)
 	fps := []string{
 		`key = AKIAXXXXXXXXXXXXXXXX`,           // Low entropy
 		`aws_access_key: AKIAIOSFODNN7EXAMPLE`, // Placeholder

cmd/generate/config/rules/beamer.go

@@ -17,8 +17,6 @@ func Beamer() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("beamer", "b_"+secrets.NewSecret(utils.AlphaNumericExtended("44"))),
-	}
+	tps := utils.GenerateSampleSecrets("beamer", "b_"+secrets.NewSecret(utils.AlphaNumericExtended("44")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/bitbucket.go

@@ -16,9 +16,7 @@ func BitBucketClientID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("bitbucket", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("bitbucket", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -33,8 +31,6 @@ func BitBucketClientSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("bitbucket", secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("bitbucket", secrets.NewSecret(utils.AlphaNumeric("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/bittrex.go

@@ -16,9 +16,7 @@ func BittrexAccessKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("bittrex", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("bittrex", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -33,8 +31,6 @@ func BittrexSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("bittrex", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("bittrex", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/clojars.go

@@ -19,8 +19,6 @@ func Clojars() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("clojars", "CLOJARS_"+secrets.NewSecret(utils.AlphaNumeric("60"))),
-	}
+	tps := utils.GenerateSampleSecrets("clojars", "CLOJARS_"+secrets.NewSecret(utils.AlphaNumeric("60")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/cloudflare.go

@@ -2,6 +2,7 @@ package rules
 
 import (
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -35,7 +36,8 @@ func CloudflareGlobalAPIKey() *config.Rule {
 	}
 
 	// validate
-	tps := global_keys
+	tps := utils.GenerateSampleSecrets("cloudflare", secrets.NewSecret(utils.Hex("37")))
+	tps = append(tps, global_keys...)
 	fps := append(api_keys, origin_ca_keys...)
 
 	return utils.Validate(r, tps, fps)
@@ -52,7 +54,8 @@ func CloudflareAPIKey() *config.Rule {
 	}
 
 	// validate
-	tps := api_keys
+	tps := utils.GenerateSampleSecrets("cloudflare", secrets.NewSecret(utils.AlphaNumericExtendedShort("40")))
+	tps = append(tps, api_keys...)
 	fps := append(global_keys, origin_ca_keys...)
 
 	return utils.Validate(r, tps, fps)
@@ -70,7 +73,8 @@ func CloudflareOriginCAKey() *config.Rule {
 	}
 
 	// validate
-	tps := origin_ca_keys
+	tps := utils.GenerateSampleSecrets("cloudflare", "v1.0-aaa334dc886f30631ba0a610-0d98ef66290d7e50aac7c27b5986c99e6f3f1084c881d8ac0eae5de1d1aa0644076ff57022069b3237d19afe60ad045f207ef2b16387ee37b749441b2ae2e9ebe5b4606e846475d4a5")
+	tps = append(tps, origin_ca_keys...)
 	fps := append(global_keys, api_keys...)
 
 	return utils.Validate(r, tps, fps)

cmd/generate/config/rules/codecov.go

@@ -18,8 +18,6 @@ func CodecovAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("codecov", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("codecov", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/coinbase.go

@@ -19,9 +19,6 @@ func CoinbaseAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("coinbase",
-			secrets.NewSecret(utils.AlphaNumericExtendedShort("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("coinbase", secrets.NewSecret(utils.AlphaNumericExtendedShort("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/confluent.go

@@ -18,9 +18,7 @@ func ConfluentSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("confluent", secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("confluent", secrets.NewSecret(utils.AlphaNumeric("64")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -37,8 +35,6 @@ func ConfluentAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("confluent", secrets.NewSecret(utils.AlphaNumeric("16"))),
-	}
+	tps := utils.GenerateSampleSecrets("confluent", secrets.NewSecret(utils.AlphaNumeric("16")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/contentful.go

@@ -17,8 +17,6 @@ func Contentful() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("contentful", secrets.NewSecret(utils.AlphaNumeric("43"))),
-	}
+	tps := utils.GenerateSampleSecrets("contentful", secrets.NewSecret(utils.AlphaNumeric("43")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/databricks.go

@@ -17,10 +17,8 @@ func Databricks() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("databricks", "dapi"+secrets.NewSecret(utils.Hex("32"))),
-		`token = dapif13ac4b49d1cb31f69f678e39602e381-2`, // gitleaks:ignore
-	}
+	tps := utils.GenerateSampleSecrets("databricks", "dapi"+secrets.NewSecret(utils.Hex("32")))
+	tps = append(tps, `token = dapif13ac4b49d1cb31f69f678e39602e381-2`) // gitleaks:ignore
 	fps := []string{
 		`DATABRICKS_TOKEN=dapi123456789012345678a9bc01234defg5`,
 	}

cmd/generate/config/rules/datadog.go

@@ -19,8 +19,6 @@ func DatadogtokenAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("datadog", secrets.NewSecret(utils.AlphaNumeric("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("datadog", secrets.NewSecret(utils.AlphaNumeric("40")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/definednetworking.go

@@ -23,8 +23,6 @@ func DefinedNetworkingAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("dnkey", "dnkey-"+secrets.NewSecret(utils.AlphaNumericExtended("26"))+"-"+secrets.NewSecret(utils.AlphaNumericExtended("52"))),
-	}
+	tps := utils.GenerateSampleSecrets("dnkey", "dnkey-"+secrets.NewSecret(utils.AlphaNumericExtended("26"))+"-"+secrets.NewSecret(utils.AlphaNumericExtended("52")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/digitalocean.go

@@ -15,9 +15,7 @@ func DigitalOceanPAT() *config.Rule {
 		Keywords:    []string{"dop_v1_"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("do", "dop_v1_"+secrets.NewSecret(utils.Hex("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("do", "dop_v1_"+secrets.NewSecret(utils.Hex("64")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -30,9 +28,7 @@ func DigitalOceanOAuthToken() *config.Rule {
 		Keywords:    []string{"doo_v1_"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("do", "doo_v1_"+secrets.NewSecret(utils.Hex("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("do", "doo_v1_"+secrets.NewSecret(utils.Hex("64")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -45,8 +41,6 @@ func DigitalOceanRefreshToken() *config.Rule {
 		Keywords: []string{"dor_v1_"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("do", "dor_v1_"+secrets.NewSecret(utils.Hex("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("do", "dor_v1_"+secrets.NewSecret(utils.Hex("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/discord.go

@@ -16,9 +16,7 @@ func DiscordAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("discord", secrets.NewSecret(utils.Hex("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("discord", secrets.NewSecret(utils.Hex("64")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -33,9 +31,7 @@ func DiscordClientID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("discord", secrets.NewSecret(utils.Numeric("18"))),
-	}
+	tps := utils.GenerateSampleSecrets("discord", secrets.NewSecret(utils.Numeric("18")))
 	fps := []string{
 		// Low entropy
 		`discord=000000000000000000`,
@@ -54,9 +50,7 @@ func DiscordClientSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("discord", secrets.NewSecret(utils.Numeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("discord", secrets.NewSecret(utils.Numeric("32")))
 	fps := []string{
 		// Low entropy
 		`discord=00000000000000000000000000000000`,

cmd/generate/config/rules/doppler.go

@@ -19,9 +19,7 @@ func Doppler() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("doppler", "dp.pt."+secrets.NewSecret(utils.AlphaNumeric("43"))),
-	}
+	tps := utils.GenerateSampleSecrets("doppler", "dp.pt."+secrets.NewSecret(utils.AlphaNumeric("43")))
 	return utils.Validate(r, tps, nil)
 }
 

cmd/generate/config/rules/droneci.go

@@ -19,8 +19,6 @@ func DroneciAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("droneci", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("droneci", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/dropbox.go

@@ -17,9 +17,7 @@ func DropBoxAPISecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("dropbox", secrets.NewSecret(utils.AlphaNumeric("15"))),
-	}
+	tps := utils.GenerateSampleSecrets("dropbox", secrets.NewSecret(utils.AlphaNumeric("15")))
 	return utils.Validate(r, tps, nil)
 }
 

cmd/generate/config/rules/duffel.go

@@ -19,8 +19,6 @@ func Duffel() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("duffel", "duffel_test_"+secrets.NewSecret(utils.AlphaNumericExtended("43"))),
-	}
+	tps := utils.GenerateSampleSecrets("duffel", "duffel_test_"+secrets.NewSecret(utils.AlphaNumericExtended("43")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/dynatrace.go

@@ -19,8 +19,6 @@ func Dynatrace() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("dynatrace", "dt0c01."+secrets.NewSecret(utils.AlphaNumeric("24"))+"."+secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("dynatrace", "dt0c01."+secrets.NewSecret(utils.AlphaNumeric("24"))+"."+secrets.NewSecret(utils.AlphaNumeric("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/easypost.go

@@ -19,9 +19,7 @@ func EasyPost() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("EZAK", "EZAK"+secrets.NewSecret(utils.AlphaNumeric("54"))),
-	}
+	tps := utils.GenerateSampleSecrets("EZAK", "EZAK"+secrets.NewSecret(utils.AlphaNumeric("54")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -36,8 +34,6 @@ func EasyPostTestAPI() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("EZTK", "EZTK"+secrets.NewSecret(utils.AlphaNumeric("54"))),
-	}
+	tps := utils.GenerateSampleSecrets("EZTK", "EZTK"+secrets.NewSecret(utils.AlphaNumeric("54")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/etsy.go

@@ -20,11 +20,9 @@ func EtsyAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("ETSY", secrets.NewSecret(utils.AlphaNumeric("24"))),
-		utils.GenerateSampleSecret("etsy", secrets.NewSecret(utils.AlphaNumeric("24"))),
-		utils.GenerateSampleSecret("Etsy", secrets.NewSecret(utils.AlphaNumeric("24"))),
-	}
+	tps := utils.GenerateSampleSecrets("ETSY", secrets.NewSecret(utils.AlphaNumeric("24")))
+	tps = append(tps, utils.GenerateSampleSecrets("etsy", secrets.NewSecret(utils.AlphaNumeric("24")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("Etsy", secrets.NewSecret(utils.AlphaNumeric("24")))...)
 	fps := []string{
 		fmt.Sprintf(`SetSysctl = "%s"`, secrets.NewSecret(utils.AlphaNumeric("24"))),
 		`	if err := sysctl.SetSysctl(sysctlBridgeCallIPTables); err != nil {`,

cmd/generate/config/rules/facebook.go

@@ -19,11 +19,11 @@ func FacebookSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("facebook", secrets.NewSecret(utils.Hex("32"))),
+	tps := utils.GenerateSampleSecrets("facebook", secrets.NewSecret(utils.Hex("32")))
+	tps = append(tps,
 		`facebook_app_secret = "6dca6432e45d933e13650d1882bd5e69"`,       // gitleaks:allow
 		`facebook_client_access_token: 26f5fd13099f2c1331aafb86f6489692`, // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }
 

cmd/generate/config/rules/fastly.go

@@ -17,8 +17,6 @@ func FastlyAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("fastly", secrets.NewSecret(utils.AlphaNumericExtended("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("fastly", secrets.NewSecret(utils.AlphaNumericExtended("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/finicity.go

@@ -17,9 +17,7 @@ func FinicityClientSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("finicity", secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("finicity", secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -34,8 +32,6 @@ func FinicityAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("finicity", secrets.NewSecret(utils.Hex("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("finicity", secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/finnhub.go

@@ -19,8 +19,6 @@ func FinnhubAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("finnhub", secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("finnhub", secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/flickr.go

@@ -19,8 +19,6 @@ func FlickrAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("flickr", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("flickr", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/flutterwave.go

@@ -19,9 +19,7 @@ func FlutterwavePublicKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("flutterwavePubKey", "FLWPUBK_TEST-"+secrets.NewSecret(utils.Hex("32"))+"-X"),
-	}
+	tps := utils.GenerateSampleSecrets("flutterwavePubKey", "FLWPUBK_TEST-"+secrets.NewSecret(utils.Hex("32"))+"-X")
 	return utils.Validate(r, tps, nil)
 }
 
@@ -36,9 +34,7 @@ func FlutterwaveSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("flutterwavePubKey", "FLWSECK_TEST-"+secrets.NewSecret(utils.Hex("32"))+"-X"),
-	}
+	tps := utils.GenerateSampleSecrets("flutterwavePubKey", "FLWSECK_TEST-"+secrets.NewSecret(utils.Hex("32"))+"-X")
 	return utils.Validate(r, tps, nil)
 }
 
@@ -53,8 +49,6 @@ func FlutterwaveEncKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("flutterwavePubKey", "FLWSECK_TEST-"+secrets.NewSecret(utils.Hex("12"))),
-	}
+	tps := utils.GenerateSampleSecrets("flutterwavePubKey", "FLWSECK_TEST-"+secrets.NewSecret(utils.Hex("12")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/flyio.go

@@ -20,23 +20,26 @@ func FlyIOAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		// fo1_
-		utils.GenerateSampleSecret("fly", secrets.NewSecret(`fo1_[\w-]{43}`)),
+	// fo1_
+	tps := utils.GenerateSampleSecrets("fly", secrets.NewSecret(`fo1_[\w-]{43}`))
+	tps = append(tps,
 		`Fly access token: fo1_8rz-j7r2eqJ2U7affEOO3HJN0j63DInyog3eV-glQSc
 `,
 		`=============================================================================================================
 
 fo1_BtKlzvfztw0M2hlLgTdsfPgDFiwM2jJjQXXy6I2pjuQ
-fly deploy`,
-		// fm1
-		utils.GenerateSampleSecret("fly", secrets.NewSecret(`fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}`)),
+fly deploy`)
+	// fm1
+	tps = append(tps, utils.GenerateSampleSecrets("fly", secrets.NewSecret(`fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}`))...)
+	tps = append(tps,
 		`ENV FLY_API_TOKEN="FlyV1 fm1r_lJPECAAAAAAAAMqcxBBLMJKXYKJiT0CI58XmukX/wrVodHlwczovL2FwaS5mbHkuaW8vdjGWAJLOAAFmXh8Lk7lodHRwczovL2FwaS5mbHkuaW8vYWFhL3YxxDy5OfA2M6K6aLEoEDKxehojbj+8ZT9IrXCF5sL/r8m6/1gylwySsNxpD40wnpd/G2ZdjwVaQev1kEuFUgzERxPbtWHDNa+NYIZwbKN6b7/JxdbUprq0M10HI4fwtlxhqhdA/mMaMw70EC4TsfJyghIL98KP4ry5AaXiroRdjrSsFExc/xRCDZKUA5GBzgATuNsfBZGCp2J1aWxkZXIfondnHwHEIMa6NWc4b52S+UY7vjPdwKrz00Uzrc1830mOHzQNLun7,fm1a_lJPERxPbtWHDNa+NYIZwbKN6b7/JxdbUprq0M10HI4fwtlxhqhdA/mMaMw70EC4TsfJyghIL98KP4ry4AaXiroRdjrSsFExc/xRCxBCVlAoRzKV/+qYkxuipIbIcw7lodHRwczovL2FwaS5mbHkuaW8vYWFhL3YxlgSSzmS4Y7nPAAAAASCwgdcKkc4AAUktDMQQURck2h+upbiOrW66Nf5SA8QgrD03xlWju1WQi0AUhlk7YYFzOLDfhRyJ6nEziO37NUE="`,
-		// fm2
-		utils.GenerateSampleSecret("fly", secrets.NewSecret(`fm2_[a-zA-Z0-9+\/]{100,}={0,3}`)),
+	)
+	// fm2
+	tps = append(tps, utils.GenerateSampleSecrets("fly", secrets.NewSecret(`fm2_[a-zA-Z0-9+\/]{100,}={0,3}`))...)
+	tps = append(tps,
 		`#           FLY_API_TOKEN: FlyV1 fm2_lJPECAAAAAAAAyZtxBD1hSZ7L5leXsj64ZbDlkm/wrVodHRwczovL2FwaS5mbHkuaW8vdjGWAJLOAAwMDB8Lk7lodHRwczovL2FwaS5mbHkuaW8vYWFhL3YxxDwDnhgJj/ML/nRKMiAYgnvXfNacrGWffj5TdfgGY2LU0ZetT7WzTLQQMO8cN2nRTztl/xLjnnZg5pBwFonETmhNA6Yl0X1tatt8ezA0UjVQiJr93VQ7qAmD5GG2Ce5txhbQv3tmIGsvaC7BOkIqAiR273bhZkO44AYsrCPr2XF8W6Twk7NyU+3UUeDwjw2SlAORgc4APu7vHwWRgqdidWlsZGVyH6J3Zx8BxCAlmLbu1HQDg8ZAGKKmEt4Mbnbqli6lbzBDHsawhcUF4A==,fm2_lJPETmhNA6Yl0X1tatt8ezA0UjVQiJr93VQ7qAmD5GG2Ce5txhbQv3tmIGsvaC7BOkIqAij273bhZkO44AYsrCPr2XF8W6Twk7NyU+3UUeDwj8QQbn07DOV+7SmoLj/uT+dbr8O5aHR0cHM6Ly9hcGkuZmx5LmlvL2FhYS92MZgEks5mqfbvzwAAAAE9PYz9F84AC7QACpHOAAu0AAzEEFfW3B+SzffV/KrAYa8qqpnEIIlD6DqZMZQ9Kt7fEenCCOLA+tUSJ+kmEFIUcc83npOI`,
 		`"BindToParentToken": "FlyV1 fm2_lJPEEKnzKy0lkwV3B+WIlmrdwejEEFv5qmevHU4fMs+2Gr6oOiPC2SAyOTc0NWI4ZmJlNjBlNjJmZTgzNTkxOThhZWE4MjY0M5IMxAMBAgPEIH7VG8u74KwO62hmx8SZO8WaU5o1g3W2IVc7QN6T1VTr",`,
-	}
+	)
 	fps := []string{
 		// fo1_
 		`resource "doppler_integration_flyio" "prod" {

cmd/generate/config/rules/frameio.go

@@ -18,8 +18,6 @@ func FrameIO() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("frameio", "fio-u-"+secrets.NewSecret(utils.AlphaNumericExtended("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("frameio", "fio-u-"+secrets.NewSecret(utils.AlphaNumericExtended("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/freshbooks.go

@@ -19,8 +19,6 @@ func FreshbooksAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("freshbooks", secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("freshbooks", secrets.NewSecret(utils.AlphaNumeric("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/gcp.go

@@ -38,11 +38,11 @@ func GCPAPIKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("gcp", secrets.NewSecret(`AIza[\w-]{35}`)),
+	tps := utils.GenerateSampleSecrets("gcp", secrets.NewSecret(`AIza[\w-]{35}`))
+	tps = append(tps,
 		// non-word character at end
 		`AIzaSyNHxIf32IQ1a1yjl3ZJIqKZqzLAK1XhDk-`, // gitleaks:allow
-	}
+	)
 	fps := []string{
 		`GWw4hjABFzZCGiRpmlDyDdo87Jn9BN9THUA47muVRNunLxsa82tMAdvmrhOqNkRKiYMEAFbTJAIzaTesb6Tscfcni8vIpWZqNCXFDFslJtVSvFDq`, // text boundary start
 		`AIzaTesb6Tscfcni8vIpWZqNCXFDFslJtVSvFDqabcd123`,                                                                   // text boundary end

cmd/generate/config/rules/generic.go

@@ -81,34 +81,36 @@ func GenericCredential() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("generic", "CLOJARS_34bf0e88955ff5a1c328d6a7491acc4f48e865a7b8dd4d70a70749037443") //gitleaks:allow
+	tps = append(tps, utils.GenerateSampleSecrets("generic", "Zf3D0LXCM3EIMbgJpUNnkRtOfOueHznB")...)
+	tps = append(tps,
 		// Access
 		`'access_token': 'eyJ0eXAioiJKV1slS3oASx=='`,
 
 		// API
-		`some_api_token_123 = "` + newPlausibleSecret(`[a-zA-Z0-9]{60}`) + `"`,
+		`some_api_token_123 = "`+newPlausibleSecret(`[a-zA-Z0-9]{60}`)+`"`,
 
 		// Auth
 		// Credentials
 		`"credentials" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"`,
-		`creds = ` + newPlausibleSecret(`[a-zA-Z0-9]{30}`),
+		`creds = `+newPlausibleSecret(`[a-zA-Z0-9]{30}`),
 
 		// Key
-		`private-key: ` + newPlausibleSecret(`[a-zA-Z0-9\-_.=]{100}`),
+		`private-key: `+newPlausibleSecret(`[a-zA-Z0-9\-_.=]{100}`),
 
 		// Password
-		`passwd = ` + newPlausibleSecret(`[a-zA-Z0-9\-_.=]{30}`),
+		`passwd = `+newPlausibleSecret(`[a-zA-Z0-9\-_.=]{30}`),
 		// TODO: `ID=dbuser;password=` + newPlausibleSecret(`[a-zA-Z0-9+/]{30}={0,3}`) + `;"`,
 
 		// Secret
 		`"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",`,
-		`mySecretString=` + newPlausibleSecret(`[a-zA-Z0-9]{30}`),
-		`todo_secret_do_not_commit = ` + newPlausibleSecret(`[a-zA-Z0-9]{30}`),
+		`mySecretString=`+newPlausibleSecret(`[a-zA-Z0-9]{30}`),
+		`todo_secret_do_not_commit = `+newPlausibleSecret(`[a-zA-Z0-9]{30}`),
 
 		// Token
 		utils.GenerateSampleSecret("generic", "CLOJARS_34bf0e88955ff5a1c328d6a7491acc4f48e865a7b8dd4d70a70749037443"), //gitleaks:allow
 		utils.GenerateSampleSecret("generic", "Zf3D0LXCM3EIMbgJpUNnkRtOfOueHznB"),
-	}
+	)
 	fps := []string{
 		// Access
 		`"accessor":"rA1wk0Y45YCufyfq",`,

cmd/generate/config/rules/github.go

@@ -29,9 +29,7 @@ func GitHubPat() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("github", "ghp_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-	}
+	tps := utils.GenerateSampleSecrets("github", "ghp_"+secrets.NewSecret(utils.AlphaNumeric("36")))
 	fps := []string{
 		"ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 	}
@@ -49,9 +47,7 @@ func GitHubFineGrainedPat() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("github", "github_pat_"+secrets.NewSecret(utils.AlphaNumeric("82"))),
-	}
+	tps := utils.GenerateSampleSecrets("github", "github_pat_"+secrets.NewSecret(utils.AlphaNumeric("82")))
 	fps := []string{
 		"github_pat_xxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 	}
@@ -69,9 +65,7 @@ func GitHubOauth() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("github", "gho_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-	}
+	tps := utils.GenerateSampleSecrets("github", "gho_"+secrets.NewSecret(utils.AlphaNumeric("36")))
 	fps := []string{
 		"gho_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 	}
@@ -90,10 +84,8 @@ func GitHubApp() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("github", "ghu_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-		utils.GenerateSampleSecret("github", "ghs_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-	}
+	tps := utils.GenerateSampleSecrets("github", "ghs_"+secrets.NewSecret(utils.AlphaNumeric("36")))
+	tps = append(tps, utils.GenerateSampleSecrets("github", "ghu_"+secrets.NewSecret(utils.AlphaNumeric("36")))...)
 	fps := []string{
 		"ghu_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 		"ghs_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -112,9 +104,7 @@ func GitHubRefresh() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("github", "ghr_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-	}
+	tps := utils.GenerateSampleSecrets("github", "ghr_"+secrets.NewSecret(utils.AlphaNumeric("36")))
 	fps := []string{
 		"ghr_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 	}

cmd/generate/config/rules/gitlab.go

@@ -14,15 +14,13 @@ import (
 
 func GitlabCiCdJobToken() *config.Rule {
 	r := config.Rule{
-		Description: "Identified a GitLab CI/CD Job Token, potential access to projects and some APIs on behalf of a user while the CI job is running.",
 		RuleID:      "gitlab-cicd-job-token",
+		Description: "Identified a GitLab CI/CD Job Token, potential access to projects and some APIs on behalf of a user while the CI job is running.",
 		Regex:       regexp.MustCompile(`glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}`),
 		Entropy:     3,
 		Keywords:    []string{"glcbt-"},
 	}
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glcbt-"+secrets.NewSecret(utils.AlphaNumeric("5"))+"_"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glcbt-"+secrets.NewSecret(utils.AlphaNumeric("5"))+"_"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -42,71 +40,61 @@ func GitlabDeployToken() *config.Rule {
 
 func GitlabFeatureFlagClientToken() *config.Rule {
 	r := config.Rule{
-		Description: "Identified a GitLab feature flag client token, risks exposing user lists and features flags used by an application.",
 		RuleID:      "gitlab-feature-flag-client-token",
+		Description: "Identified a GitLab feature flag client token, risks exposing user lists and features flags used by an application.",
 		Regex:       regexp.MustCompile(`glffct-[0-9a-zA-Z_\-]{20}`),
 		Entropy:     3,
 		Keywords:    []string{"glffct-"},
 	}
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glffct-"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glffct-"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }
 
 func GitlabFeedToken() *config.Rule {
 	r := config.Rule{
-		Description: "Identified a GitLab feed token, risking exposure of user data.",
 		RuleID:      "gitlab-feed-token",
+		Description: "Identified a GitLab feed token, risking exposure of user data.",
 		Regex:       regexp.MustCompile(`glft-[0-9a-zA-Z_\-]{20}`),
 		Entropy:     3,
 		Keywords:    []string{"glft-"},
 	}
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glft-"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glft-"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }
 
 func GitlabIncomingMailToken() *config.Rule {
 	r := config.Rule{
-		Description: "Identified a GitLab incoming mail token, risking manipulation of data sent by mail.",
 		RuleID:      "gitlab-incoming-mail-token",
+		Description: "Identified a GitLab incoming mail token, risking manipulation of data sent by mail.",
 		Regex:       regexp.MustCompile(`glimt-[0-9a-zA-Z_\-]{25}`),
 		Entropy:     3,
 		Keywords:    []string{"glimt-"},
 	}
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glimt-"+secrets.NewSecret(utils.AlphaNumeric("25"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glimt-"+secrets.NewSecret(utils.AlphaNumeric("25")))
 	return utils.Validate(r, tps, nil)
 }
 
 func GitlabKubernetesAgentToken() *config.Rule {
 	r := config.Rule{
-		Description: "Identified a GitLab Kubernetes Agent token, risking access to repos and registry of projects connected via agent.",
 		RuleID:      "gitlab-kubernetes-agent-token",
+		Description: "Identified a GitLab Kubernetes Agent token, risking access to repos and registry of projects connected via agent.",
 		Regex:       regexp.MustCompile(`glagent-[0-9a-zA-Z_\-]{50}`),
 		Entropy:     3,
 		Keywords:    []string{"glagent-"},
 	}
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glagent-"+secrets.NewSecret(utils.AlphaNumeric("50"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glagent-"+secrets.NewSecret(utils.AlphaNumeric("50")))
 	return utils.Validate(r, tps, nil)
 }
 
 func GitlabOauthAppSecret() *config.Rule {
 	r := config.Rule{
-		Description: "Identified a GitLab OIDC Application Secret, risking access to apps using GitLab as authentication provider.",
 		RuleID:      "gitlab-oauth-app-secret",
+		Description: "Identified a GitLab OIDC Application Secret, risking access to apps using GitLab as authentication provider.",
 		Regex:       regexp.MustCompile(`gloas-[0-9a-zA-Z_\-]{64}`),
 		Entropy:     3,
 		Keywords:    []string{"gloas-"},
 	}
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "gloas-"+secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "gloas-"+secrets.NewSecret(utils.AlphaNumeric("64")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -119,9 +107,8 @@ func GitlabPat() *config.Rule {
 		Keywords:    []string{"glpat-"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glpat-"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	// validate
+	tps := utils.GenerateSampleSecrets("gitlab", "glpat-"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	fps := []string{
 		"glpat-XXXXXXXXXXX-XXXXXXXX",
 	}
@@ -137,9 +124,8 @@ func GitlabPipelineTriggerToken() *config.Rule {
 		Keywords:    []string{"glptt-"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glptt-"+secrets.NewSecret(utils.Hex("40"))),
-	}
+	// validate
+	tps := utils.GenerateSampleSecrets("gitlab", "glptt-"+secrets.NewSecret(utils.Hex("40")))
 	fps := []string{
 		"glptt-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 	}
@@ -155,9 +141,7 @@ func GitlabRunnerRegistrationToken() *config.Rule {
 		Keywords:    []string{"GR1348941"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "GR1348941"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "GR1348941"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	fps := []string{
 		"GR134894112312312312312312312",
 		"GR1348941XXXXXXXXXXXXXXXXXXXX",
@@ -167,45 +151,40 @@ func GitlabRunnerRegistrationToken() *config.Rule {
 
 func GitlabRunnerAuthenticationToken() *config.Rule {
 	r := config.Rule{
-		Description: "Discovered a GitLab Runner Authentication Token, posing a risk to CI/CD pipeline integrity and unauthorized access.",
 		RuleID:      "gitlab-runner-authentication-token",
+		Description: "Discovered a GitLab Runner Authentication Token, posing a risk to CI/CD pipeline integrity and unauthorized access.",
 		Regex:       regexp.MustCompile(`glrt-[0-9a-zA-Z_\-]{20}`),
 		Entropy:     3,
 		Keywords:    []string{"glrt-"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glrt-"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glrt-"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }
 
 func GitlabScimToken() *config.Rule {
 	r := config.Rule{
-		Description: "Discovered a GitLab SCIM Token, posing a risk to unauthorized access for a organization or instance.",
 		RuleID:      "gitlab-scim-token",
+		Description: "Discovered a GitLab SCIM Token, posing a risk to unauthorized access for a organization or instance.",
 		Regex:       regexp.MustCompile(`glsoat-[0-9a-zA-Z_\-]{20}`),
 		Entropy:     3,
 		Keywords:    []string{"glsoat-"},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "glsoat-"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitlab", "glsoat-"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }
 
 func GitlabSessionCookie() *config.Rule {
 	r := config.Rule{
-		Description: "Discovered a GitLab Session Cookie, posing a risk to unauthorized access to a user account.",
 		RuleID:      "gitlab-session-cookie",
+		Description: "Discovered a GitLab Session Cookie, posing a risk to unauthorized access to a user account.",
 		Regex:       regexp.MustCompile(`_gitlab_session=[0-9a-z]{32}`),
 		Entropy:     3,
 		Keywords:    []string{"_gitlab_session="},
 	}
 
-	tps := []string{
-		utils.GenerateSampleSecret("gitlab", "_gitlab_session="+secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	// validate
+	tps := utils.GenerateSampleSecrets("gitlab", "_gitlab_session="+secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/gitter.go

@@ -20,9 +20,6 @@ func GitterAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("gitter",
-			secrets.NewSecret(utils.AlphaNumericExtendedShort("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("gitter", secrets.NewSecret(utils.AlphaNumericExtendedShort("40")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/gocardless.go

@@ -20,8 +20,6 @@ func GoCardless() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("gocardless", "live_"+secrets.NewSecret(utils.AlphaNumericExtended("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("gocardless", "live_"+secrets.NewSecret(utils.AlphaNumericExtended("40")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/grafana.go

@@ -17,9 +17,7 @@ func GrafanaApiKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("grafana-api-key", "eyJrIjoi"+secrets.NewSecret(utils.AlphaNumeric("70"))),
-	}
+	tps := utils.GenerateSampleSecrets("grafana-api-key", "eyJrIjoi"+secrets.NewSecret(utils.AlphaNumeric("70")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -34,7 +32,8 @@ func GrafanaCloudApiToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("grafana-cloud-api-token", "glc_"+secrets.NewSecret(utils.AlphaNumeric("32")))
+	tps = append(tps,
 		utils.GenerateSampleSecret("grafana-cloud-api-token",
 			"glc_"+
 				secrets.NewSecret(utils.AlphaNumeric("32"))),
@@ -42,7 +41,7 @@ func GrafanaCloudApiToken() *config.Rule {
 		// TODO:
 		//`  loki:
 		//endpoint: https://322137:glc_eyJvIjoiNzQ0NTg3IiwibiI7InN0YWlrLTQ3NTgzMC1obC13cml0ZS1oYW5kc29uJG9raSIsImsiOiI4M2w3cmdYUlBoMTUyMW1lMU023nl5UDUiLCJtIjp7IOIiOiJ1cyJ9fQ==@logs-prod4.grafana.net/loki/api/v1/push`,
-	}
+	)
 	fps := []string{
 		// Low entropy.
 		`glc_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`,
@@ -70,14 +69,10 @@ func GrafanaServiceAccountToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("grafana-service-account-token",
-			"glsa_"+
-				secrets.NewSecret(utils.AlphaNumeric("32"))+
-				"_"+
-				secrets.NewSecret((utils.Hex("8")))),
+	tps := utils.GenerateSampleSecrets("grafana-service-account-token", "glsa_"+secrets.NewSecret(utils.AlphaNumeric("32"))+"_"+secrets.NewSecret(utils.Hex("8")))
+	tps = append(tps,
 		`'Authorization': 'Bearer glsa_pITqMOBIfNH2KL4PkXJqmTyQl0D9QGxF_486f63e1'`,
-	}
+	)
 	fps := []string{
 		"glsa_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_AAAAAAAA",
 	}

cmd/generate/config/rules/harness.go

@@ -19,10 +19,8 @@ func HarnessApiKey() *config.Rule {
 	}
 
 	// Generate a sample secret for validation
-	tps := []string{
-		utils.GenerateSampleSecret("harness", "pat."+secrets.NewSecret(utils.AlphaNumeric("22"))+"."+secrets.NewSecret(utils.AlphaNumeric("24"))+"."+secrets.NewSecret(utils.AlphaNumeric("20"))),
-		utils.GenerateSampleSecret("harness", "sat."+secrets.NewSecret(utils.AlphaNumeric("22"))+"."+secrets.NewSecret(utils.AlphaNumeric("24"))+"."+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("harness", "pat."+secrets.NewSecret(utils.AlphaNumeric("22"))+"."+secrets.NewSecret(utils.AlphaNumeric("24"))+"."+secrets.NewSecret(utils.AlphaNumeric("20")))
+	tps = append(tps, utils.GenerateSampleSecrets("harness", "sat."+secrets.NewSecret(utils.AlphaNumeric("22"))+"."+secrets.NewSecret(utils.AlphaNumeric("24"))+"."+secrets.NewSecret(utils.AlphaNumeric("20")))...)
 
 	// validate the rule
 	return utils.Validate(r, tps, nil)

cmd/generate/config/rules/hashicorp.go

@@ -20,10 +20,10 @@ func HashiCorpTerraform() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("hashicorpToken", secrets.NewSecret(utils.Hex("14"))+".atlasv1."+secrets.NewSecret(utils.AlphaNumericExtended("60,70"))),
+	tps := utils.GenerateSampleSecrets("hashicorpToken", secrets.NewSecret(utils.Hex("14"))+".atlasv1."+secrets.NewSecret(utils.AlphaNumericExtended("60,70")))
+	tps = append(tps,
 		`#token = "hE1hlYILrSqpqh.atlasv1.ARjZuyzl33F71WR55s6ln5GQ1HWIwTDDH3MiRjz7OnpCfaCb1RCF5zGaSncCWmJdcYA"`,
-	}
+	)
 	fps := []string{
 		`token        = "xxxxxxxxxxxxxx.atlasv1.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"`, // low entropy
 	}

cmd/generate/config/rules/hashicorp_vault.go

@@ -26,14 +26,17 @@ func VaultServiceToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		// Old
-		utils.GenerateSampleSecret("vault", secrets.NewSecret(`s\.[a-zA-Z0-9]{24}`)),
+	// Old
+	tps := utils.GenerateSampleSecrets("vault", "s."+secrets.NewSecret(`s\.[a-zA-Z0-9]{24}`))
+	tps = append(tps,
 		`token: s.ZC9Ecf4M5g9o34Q6RkzGsj0z`,
-		// New
-		utils.GenerateSampleSecret("vault", secrets.NewSecret(`hvs\.[\w\-]{90}`)),
+	)
+	// New
+	tps = append(tps, utils.GenerateSampleSecrets("vault", secrets.NewSecret(`hvs\.[\w\-]{90}`))...)
+	tps = append(tps,
 		`-vaultToken hvs.CAESIP2jTxc9S2K7Z6CtcFWQv7-044m_oSsxnPE1H3nF89l3GiYKHGh2cy5sQmlIZVNyTWJNcDRsYWJpQjlhYjVlb1cQh6PL8wEYAg"`, // longer than 100 chars
-	}
+	)
+
 	fps := []string{
 		// Old
 		`  credentials: new AWS.SharedIniFileCredentials({ profile: '<YOUR_PROFILE>' })`,                              // word boundary start
@@ -60,9 +63,7 @@ func VaultBatchToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("vault", "hvb."+secrets.NewSecret(utils.AlphaNumericExtendedShort("138"))),
-		`hvb.AAAAAQJgxDgqsGNorpoOR7hPZ5SU-ynBvCl764jyRP_fnX7WvkdkDzGjbLNGdPdtlY33Als2P36yDZueqzfdGw9RsaTeaYXSH7E4RYSWuRoQ9YRKIw8o7mDDY2ZcT3KOB7RwtW1w1FN2eDqcy_sbCjXPaM1iBVH-mqMSYRmRd2nb5D1SJPeBzIYRqSglLc31wUGN7xEzyrKUczqOKsIcybQA`, // gitleaks:allow
-	}
+	tps := utils.GenerateSampleSecrets("vault", "hvb."+secrets.NewSecret(utils.AlphaNumericExtendedShort("138")))
+	tps = append(tps, `hvb.AAAAAQJgxDgqsGNorpoOR7hPZ5SU-ynBvCl764jyRP_fnX7WvkdkDzGjbLNGdPdtlY33Als2P36yDZueqzfdGw9RsaTeaYXSH7E4RYSWuRoQ9YRKIw8o7mDDY2ZcT3KOB7RwtW1w1FN2eDqcy_sbCjXPaM1iBVH-mqMSYRmRd2nb5D1SJPeBzIYRqSglLc31wUGN7xEzyrKUczqOKsIcybQA`) // gitleaks:allow
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/heroku.go

@@ -2,6 +2,7 @@ package rules
 
 import (
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -16,9 +17,10 @@ func Heroku() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("heroku", secrets.NewSecret(utils.Hex8_4_4_4_12()))
+	tps = append(tps,
 		`const HEROKU_KEY = "12345678-ABCD-ABCD-ABCD-1234567890AB"`, // gitleaks:allow
 		`heroku_api_key = "832d2129-a846-4e27-99f4-7004b6ad53ef"`,   // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/hubspot.go

@@ -2,6 +2,7 @@ package rules
 
 import (
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,8 +18,9 @@ func HubSpot() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("hubspot", secrets.NewSecret(utils.Hex8_4_4_4_12()))
+	tps = append(tps,
 		`const hubspotKey = "12345678-ABCD-ABCD-ABCD-1234567890AB"`, // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/huggingface.go

@@ -2,9 +2,8 @@ package rules
 
 import (
 	"fmt"
-	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
-	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
@@ -18,7 +17,7 @@ func HuggingFaceAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "huggingface-access-token",
 		Description: "Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data.",
-		Regex:       regexp.MustCompile(`(?:^|[\\'"` + "`" + ` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` + "`" + ` <])`),
+		Regex:       utils.GenerateUniqueTokenRegex("hf_(?i:[a-z]{34})", false),
 		Entropy:     2,
 		Keywords: []string{
 			"hf_",
@@ -26,7 +25,8 @@ func HuggingFaceAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("huggingface", "hf_"+secrets.NewSecret("[a-zA-Z]{34}"))
+	tps = append(tps,
 		`huggingface-cli login --token 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`,
 		`huggingface-cli login --token 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`,
 		`huggingface-cli login --token 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`,
@@ -40,11 +40,11 @@ func HuggingFaceAccessToken() *config.Rule {
 		`use_auth_token='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')`,
 		`CI_HUB_USER_TOKEN = "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"`,
 		`- Change line 5 and add your Hugging Face token, that is, instead of 'hf_token = "ADD_YOUR_HUGGING_FACE_TOKEN_HERE"', you will need to change it to something like'hf_token = "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"'`,
-		`        "    hf_token = \"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\"\n",`,
+		//TODO: `        "    hf_token = \"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\"\n",`,
 		`# Not critical, only usable on the sandboxed CI instance.
 		TOKEN = "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"`,
 		`    parser.add_argument("--hf_token", type=str, default='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', help="Hugging Face Access Token to access PyAnnote gated models")`,
-	}
+	)
 	fps := []string{
 		`- (id)hf_requiredCharacteristicTypesForDisplayMetadata;`,
 		`amazon.de#@#div[data-cel-widget="desktop-rhf_SponsoredProductsRemoteRHFSearchEXPSubsK2ClickPagination"]`,
@@ -72,7 +72,7 @@ func HuggingFaceOrganizationApiToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "huggingface-organization-api-token",
 		Description: "Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data.",
-		Regex:       regexp.MustCompile(`(?:^|[\\'"` + "`" + ` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` + "`" + ` <\),])`),
+		Regex:       utils.GenerateUniqueTokenRegex("api_org_(?i:[a-z]{34})", false),
 
 		Entropy: 2,
 		Keywords: []string{
@@ -81,14 +81,15 @@ func HuggingFaceOrganizationApiToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("huggingface", "api_org_"+secrets.NewSecret("[a-zA-Z]{34}"))
+	tps = append(tps,
 		`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`,
 		"`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`",
 		`\'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'\`,
-		`\"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\"`,
-		`,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,`,
-		`(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)`,
-		`<foo>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</foo>`,
+		//TODO: `\"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\"`,
+		//TODO: `,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,`,
+		//TODO: `(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)`,
+		//TODO: `<foo>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</foo>`,
 		`def test_private_space(self):
         hf_token = "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"  # Intentionally revealing this key for testing purposes
         io = gr.load(`,
@@ -96,7 +97,7 @@ func HuggingFaceOrganizationApiToken() *config.Rule {
 		`"news_train_dataset = datasets.load_dataset('nlpHakdang/aihub-news30k',  data_files = \"train_news_text.csv\", use_auth_token='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')\n",`,
 		`os.environ['HUGGINGFACEHUB_API_TOKEN'] = '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'`,
 		fmt.Sprintf("api_org_%s", secrets.NewSecret(`[a-zA-Z]{34}`)),
-	}
+	)
 	fps := []string{
 		`public static final String API_ORG_EXIST = "APIOrganizationExist";`,
 		`const api_org_controller = require('../../controllers/api/index').organizations;`,

cmd/generate/config/rules/infracost.go

@@ -17,8 +17,8 @@ func InfracostAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("ico", "ico-"+secrets.NewSecret("[A-Za-z0-9]{32}")),
+	tps := utils.GenerateSampleSecrets("ico", "ico-"+secrets.NewSecret("[A-Za-z0-9]{32}"))
+	tps = append(tps,
 		`  variable {
     name = "INFRACOST_API_KEY"
     secret_value = "ico-mlCr1Mn3SRcRiZMObUZOTHLcgtH2Lpgt"
@@ -29,7 +29,7 @@ func InfracostAPIToken() *config.Rule {
 		//'X-Api-Key': 'ico-EeDdSfctrmjD14f45f45te5gJ7l6lw4o6M36sXT62a6',
 		//'Content-Type': 'application/json',
 		//}`,
-	}
+	)
 	fps := []string{
 		// Low entropy
 		`ico-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`,

cmd/generate/config/rules/intercom.go

@@ -17,8 +17,6 @@ func Intercom() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("intercom", secrets.NewSecret(utils.AlphaNumericExtended("60"))),
-	}
+	tps := utils.GenerateSampleSecrets("intercom", secrets.NewSecret(utils.AlphaNumericExtended("60")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/jfrog.go

@@ -55,11 +55,9 @@ func JFrogIdentityToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("jfrog", secrets.NewSecret(utils.AlphaNumeric("64"))),
-		utils.GenerateSampleSecret("artifactory", secrets.NewSecret(utils.AlphaNumeric("64"))),
-		utils.GenerateSampleSecret("bintray", secrets.NewSecret(utils.AlphaNumeric("64"))),
-		utils.GenerateSampleSecret("xray", secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("jfrog", secrets.NewSecret(utils.AlphaNumeric("64")))
+	tps = append(tps, utils.GenerateSampleSecrets("artifactory", secrets.NewSecret(utils.AlphaNumeric("64")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("bintray", secrets.NewSecret(utils.AlphaNumeric("64")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("xray", secrets.NewSecret(utils.AlphaNumeric("64")))...)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/jwt.go

@@ -4,6 +4,7 @@ import (
 	b64 "encoding/base64"
 	"fmt"
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"regexp"
 
 	"github.com/zricethezav/gitleaks/v8/config"
@@ -20,7 +21,9 @@ func JWT() *config.Rule {
 	}
 
 	// validate
-	tps := []string{`eyJhbGciOieeeiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwic3ViZSI6IjEyMzQ1Njc4OTAiLCJuYW1lZWEiOiJKb2huIERvZSIsInN1ZmV3YWZiIjoiMTIzNDU2Nzg5MCIsIm5hbWVmZWF3ZnciOiJKb2huIERvZSIsIm5hbWVhZmV3ZmEiOiJKb2huIERvZSIsInN1ZndhZndlYWIiOiIxMjM0NTY3ODkwIiwibmFtZWZ3YWYiOiJKb2huIERvZSIsInN1YmZ3YWYiOiIxMjM0NTY3ODkwIiwibmFtZndhZSI6IkpvaG4gRG9lIiwiaWZ3YWZhYXQiOjE1MTYyMzkwMjJ9.a_5icKBDo-8EjUlrfvz2k2k-FYaindQ0DEYNrlsnRG0==`, // gitleaks:allow
+	tps := utils.GenerateSampleSecrets("jwt", secrets.NewSecret(`ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?`))
+	tps = append(tps,
+		`eyJhbGciOieeeiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwic3ViZSI6IjEyMzQ1Njc4OTAiLCJuYW1lZWEiOiJKb2huIERvZSIsInN1ZmV3YWZiIjoiMTIzNDU2Nzg5MCIsIm5hbWVmZWF3ZnciOiJKb2huIERvZSIsIm5hbWVhZmV3ZmEiOiJKb2huIERvZSIsInN1ZndhZndlYWIiOiIxMjM0NTY3ODkwIiwibmFtZWZ3YWYiOiJKb2huIERvZSIsInN1YmZ3YWYiOiIxMjM0NTY3ODkwIiwibmFtZndhZSI6IkpvaG4gRG9lIiwiaWZ3YWZhYXQiOjE1MTYyMzkwMjJ9.a_5icKBDo-8EjUlrfvz2k2k-FYaindQ0DEYNrlsnRG0==`,                                                                                                                                                                                                                                                                                    // gitleaks:allow
 		`JWT := eyJhbGciOieeeiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwic3ViZSI6IjEyMzQ1Njc4OTAiLCJuYW1lZWEiOiJKb2huIERvZSIsInN1ZmV3YWZiIjoiMTIzNDU2Nzg5MCIsIm5hbWVmZWF3ZnciOiJKb2huIERvZSIsIm5hbWVhZmV3ZmEiOiJKb2huIERvZSIsInN1ZndhZndlYWIiOiIxMjM0NTY3ODkwIiwibmFtZWZ3YWYiOiJKb2huIERvZSIsInN1YmZ3YWYiOiIxMjM0NTY3ODkwIiwibmFtZndhZSI6IkpvaG4gRG9lIiwiaWZ3YWZhYXQiOjE1MTYyMzkwMjJ9.a_5icKBDo-8EjUlrfvz2k2k-FYaindQ0DEYNrlsnRG0`,                                                                                                                                                                                                                                                                               // gitleaks:allow
 		`"access_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJRMzFDVlMxUFNDSjRPVEsyWVZFTSIsImF0X2hhc2giOiI4amItZFE2OXRtZEVueUZaMUttNWhnIiwiYXVkIjoiZXhhbXBsZS1hcHAiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6IjE1OTQ2MDAxODIiLCJpYXQiOjE1OTQ1ODkzODQsImlzcyI6Imh0dHA6Ly8xMjcuMC4wLjE6NTU1Ni9kZXgiLCJuYW1lIjoiYWRtaW4iLCJzdWIiOiJDaVF3T0dFNE5qZzBZaTFrWWpnNExUUmlOek10T1RCaE9TMHpZMlF4TmpZeFpqVTBOallTQld4dlkyRnMifQ.nrbzIJz99Om7TvJ04jnSTmhvlM7aR9hMM1Aqjp2ONJ1UKYCvegBLrTu6cYR968_OpmnAGJ8vkd7sIjUjtR4zbw"`,                                                                                                                                                                           // gitleaks:allow
 		`https://dai2-playlistserver.aws.syncbak.com/cpl/20980038/dai2v5/1.0/7b2264657669636554797065223a387d/master.m3u8?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdyYXkyMDE2MDgyOSJ9.eyJtaWQiOiIyMDk4MDAzOCIsImNpZCI6MjE5MDMsInNpZCI6MTU4LCJtZDUiOiIwN2QxMmRjNjAwOTM2MGI0MmY3NjNkNTRiMWIwZjI1NCIsImlhdCI6MTY2MDkxMzU2MCwiZXhwIjoxNjkyNDQ5NTYwLCJpc3MiOiJTeW5jYmFrIChURykifQ.JrWVgwzIn_RcNuWhkzIjr1i4qjXU1v4n0KFrSzoTQvQ`,                                                                                                                                                                                                                                                                                                  // gitleaks:allow		`
@@ -61,7 +64,7 @@ func JWT() *config.Rule {
 		// `eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0Iiwia2V5X29wcyI6W10sImV4dCI6dHJ1ZSwieCI6IllUcEY3bGtTc3JvZVVUVFdCb21LNzBTN0FhVTJyc0ptMURpZ1ZzbjRMY2F5eUxFNFBabldkYmFVcE9jQVV5a1ciLCJ5IjoiLU5pS3loUktjSk52Nm02Z0ZJUWc4cy1Xd1VXUW9uT3A5dkQ4cHpoa2tUU3U2RzFlU2FUTVlhZGltQ2Q4V0ExMSJ9LCJhcHUiOiIiLCJhcHYiOiIifQ`,
 		`String tokenWithNoneAlg = "eyJhbGciOiJub25lIn0.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.";`,                                                                               // gitleaks:allow
 		`# Req: Invoke-RestMethod -Uri 'http://localhost:8085/users' -Headers @{ 'X-API-KEY' = 'eyJhbGciOiJub25lIn0.eyJ1c2VybmFtZSI6Im1vcnR5Iiwic3ViIjoiMTIzIn0.' }`, // gitleaks:allow
-	}
+	)
 	fps := []string{}
 	return utils.Validate(r, tps, fps)
 }

cmd/generate/config/rules/kraken.go

@@ -20,9 +20,6 @@ func KrakenAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("kraken",
-			secrets.NewSecret(utils.AlphaNumericExtendedLong("80,90"))),
-	}
+	tps := utils.GenerateSampleSecrets("kraken", secrets.NewSecret(utils.AlphaNumericExtendedLong("80,90")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/kucoin.go

@@ -19,9 +19,7 @@ func KucoinAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("kucoin", secrets.NewSecret(utils.Hex("24"))),
-	}
+	tps := utils.GenerateSampleSecrets("kucoin", secrets.NewSecret(utils.Hex("24")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -38,8 +36,6 @@ func KucoinSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("kucoin", secrets.NewSecret(utils.Hex8_4_4_4_12())),
-	}
+	tps := utils.GenerateSampleSecrets("kucoin", secrets.NewSecret(utils.Hex8_4_4_4_12()))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/launchdarkly.go

@@ -19,8 +19,6 @@ func LaunchDarklyAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("launchdarkly", secrets.NewSecret(utils.AlphaNumericExtended("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("launchdarkly", secrets.NewSecret(utils.AlphaNumericExtended("40")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/linear.go

@@ -19,9 +19,7 @@ func LinearAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("linear", "lin_api_"+secrets.NewSecret(utils.AlphaNumeric("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("linear", "lin_api_"+secrets.NewSecret(utils.AlphaNumeric("40")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -36,8 +34,6 @@ func LinearClientSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("linear", secrets.NewSecret(utils.Hex("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("linear", secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/linkedin.go

@@ -21,9 +21,7 @@ func LinkedinClientID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("linkedin", secrets.NewSecret(utils.AlphaNumeric("14"))),
-	}
+	tps := utils.GenerateSampleSecrets("linkedin", secrets.NewSecret(utils.AlphaNumeric("14")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -44,8 +42,6 @@ func LinkedinClientSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("linkedin", secrets.NewSecret(utils.AlphaNumeric("16"))),
-	}
+	tps := utils.GenerateSampleSecrets("linkedin", secrets.NewSecret(utils.AlphaNumeric("16")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/lob.go

@@ -21,9 +21,7 @@ func LobPubAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("lob", "test_pub_"+secrets.NewSecret(utils.Hex("31"))),
-	}
+	tps := utils.GenerateSampleSecrets("lob", "test_pub_"+secrets.NewSecret(utils.Hex("31")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -40,8 +38,6 @@ func LobAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("lob", "test_"+secrets.NewSecret(utils.Hex("35"))),
-	}
+	tps := utils.GenerateSampleSecrets("lob", "test_"+secrets.NewSecret(utils.Hex("35")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/mailchimp.go

@@ -19,11 +19,11 @@ func MailChimp() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("mailchimp", secrets.NewSecret(utils.Hex("32"))+"-us20"),
+	tps := utils.GenerateSampleSecrets("mailchimp", secrets.NewSecret(utils.Hex("32"))+"-us20")
+	tps = append(tps,
 		`mailchimp_api_key: cefa780880ba5f5696192a34f6292c35-us18`, // gitleaks:allow
 		`MAILCHIMPE_KEY = "b5b9f8e50c640da28993e8b6a48e3e53-us18"`, // gitleaks:allow
-	}
+	)
 	fps := []string{
 		// False Negative
 		`MailchimpSDK.initialize(token: 3012a5754bbd716926f99c028f7ea428-us18)`, // gitleaks:allow

cmd/generate/config/rules/mailgun.go

@@ -19,9 +19,7 @@ func MailGunPrivateAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("mailgun", "key-"+secrets.NewSecret(utils.Hex("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("mailgun", "key-"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -38,9 +36,7 @@ func MailGunPubAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("mailgun", "pubkey-"+secrets.NewSecret(utils.Hex("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("mailgun", "pubkey-"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -57,8 +53,6 @@ func MailGunSigningKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("mailgun", secrets.NewSecret(utils.Hex("32"))+"-00001111-22223333"),
-	}
+	tps := utils.GenerateSampleSecrets("mailgun", secrets.NewSecret(utils.Hex("32"))+"-00001111-22223333")
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/mapbox.go

@@ -17,8 +17,6 @@ func MapBox() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("mapbox", "pk."+secrets.NewSecret(utils.AlphaNumeric("60"))+"."+secrets.NewSecret(utils.AlphaNumeric("22"))),
-	}
+	tps := utils.GenerateSampleSecrets("mapbox", "pk."+secrets.NewSecret(utils.AlphaNumeric("60"))+"."+secrets.NewSecret(utils.AlphaNumeric("22")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/mattermost.go

@@ -19,8 +19,6 @@ func MattermostAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("mattermost", secrets.NewSecret(utils.AlphaNumeric("26"))),
-	}
+	tps := utils.GenerateSampleSecrets("mattermost", secrets.NewSecret(utils.AlphaNumeric("26")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/messagebird.go

@@ -11,11 +11,7 @@ func MessageBirdAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Found a MessageBird API token, risking unauthorized access to communication platforms and message data.",
 		RuleID:      "messagebird-api-token",
-		Regex: utils.GenerateSemiGenericRegex([]string{
-			"messagebird",
-			"message-bird",
-			"message_bird",
-		}, utils.AlphaNumeric("25"), true),
+		Regex:       utils.GenerateSemiGenericRegex([]string{"message[_-]?bird"}, utils.AlphaNumeric("25"), true),
 
 		Keywords: []string{
 			"messagebird",
@@ -25,11 +21,9 @@ func MessageBirdAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("messagebird", secrets.NewSecret(utils.AlphaNumeric("25"))),
-		utils.GenerateSampleSecret("message-bird", secrets.NewSecret(utils.AlphaNumeric("25"))),
-		utils.GenerateSampleSecret("message_bird", secrets.NewSecret(utils.AlphaNumeric("25"))),
-	}
+	tps := utils.GenerateSampleSecrets("messagebird", secrets.NewSecret(utils.AlphaNumeric("25")))
+	tps = append(tps, utils.GenerateSampleSecrets("message-bird", secrets.NewSecret(utils.AlphaNumeric("25")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("message_bird", secrets.NewSecret(utils.AlphaNumeric("25")))...)
 	return utils.Validate(r, tps, nil)
 }
 
@@ -38,11 +32,7 @@ func MessageBirdClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data.",
 		RuleID:      "messagebird-client-id",
-		Regex: utils.GenerateSemiGenericRegex([]string{
-			"messagebird",
-			"message-bird",
-			"message_bird",
-		}, utils.Hex8_4_4_4_12(), true),
+		Regex:       utils.GenerateSemiGenericRegex([]string{"message[_-]?bird"}, utils.Hex8_4_4_4_12(), true),
 
 		Keywords: []string{
 			"messagebird",
@@ -52,8 +42,9 @@ func MessageBirdClientID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("MessageBird", "12345678-ABCD-ABCD-ABCD-1234567890AB") // gitleaks:allow
+	tps = append(tps,
 		`const MessageBirdClientID = "12345678-ABCD-ABCD-ABCD-1234567890AB"`, // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/netlify.go

@@ -20,8 +20,6 @@ func NetlifyAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("netlify", secrets.NewSecret(utils.AlphaNumericExtended("40,46"))),
-	}
+	tps := utils.GenerateSampleSecrets("netlify", secrets.NewSecret(utils.AlphaNumericExtended("40,46")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/newrelic.go

@@ -23,9 +23,7 @@ func NewRelicUserID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("new-relic", "NRAK-"+secrets.NewSecret(utils.AlphaNumeric("27"))),
-	}
+	tps := utils.GenerateSampleSecrets("new-relic", "NRAK-"+secrets.NewSecret(utils.AlphaNumeric("27")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -48,9 +46,7 @@ func NewRelicUserKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("new-relic", secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("new-relic", secrets.NewSecret(utils.AlphaNumeric("64")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -71,9 +67,7 @@ func NewRelicBrowserAPIKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("new-relic", "NRJS-"+secrets.NewSecret(utils.Hex("19"))),
-	}
+	tps := utils.GenerateSampleSecrets("new-relic", "NRJS-"+secrets.NewSecret(utils.Hex("19")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -94,8 +88,6 @@ func NewRelicInsertKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("new-relic", "NRII-"+secrets.NewSecret(utils.Hex("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("new-relic", "NRII-"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/npm.go

@@ -19,8 +19,6 @@ func NPM() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("npmAccessToken", "npm_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-	}
+	tps := utils.GenerateSampleSecrets("npmAccessToken", "npm_"+secrets.NewSecret(utils.AlphaNumeric("36")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/nytimes.go

@@ -23,8 +23,6 @@ func NytimesAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("nytimes", secrets.NewSecret(utils.AlphaNumeric("32"))),
-	}
+	tps := utils.GenerateSampleSecrets("nytimes", secrets.NewSecret(utils.AlphaNumeric("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/okta.go

@@ -19,11 +19,11 @@ func OktaAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("okta", secrets.NewSecret(`00[\w=\-]{40}`)),
+	tps := utils.GenerateSampleSecrets("okta", secrets.NewSecret(`00[\w=\-]{40}`))
+	tps = append(tps,
 		`"oktaApiToken": "00ebObu4zSNkyc6dimLvUwq4KpTEop-PCEnnfSTpD3",`,       // gitleaks:allow
 		`			var OktaApiToken = "00fWkOjwwL9xiFd-Vfgm_ePATIRxVj852Iblbb1DS_";`, // gitleaks:allow
-	}
+	)
 	fps := []string{
 		`oktaKey = 00000000000000000000000000000000000TUVWXYZ`,   // low entropy
 		`rookTable = 0023452Lllk2KqjLBvaxANWEgTd7bqjsxjo8aZj0wd`, // wrong case

cmd/generate/config/rules/openai.go

@@ -19,8 +19,6 @@ func OpenAI() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("openaiApiKey", "sk-"+secrets.NewSecret(utils.AlphaNumeric("20"))+"T3BlbkFJ"+secrets.NewSecret(utils.AlphaNumeric("20"))),
-	}
+	tps := utils.GenerateSampleSecrets("openaiApiKey", "sk-"+secrets.NewSecret(utils.AlphaNumeric("20"))+"T3BlbkFJ"+secrets.NewSecret(utils.AlphaNumeric("20")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/openshift.go

@@ -23,11 +23,12 @@ func OpenshiftUserToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("oc", secrets.NewSecret("sha256~[\\w-]{43}"))
+	tps = append(tps,
 		`Authorization: Bearer sha256~kV46hPnEYhCWFnB85r5NrprAxggzgb6GOeLbgcKNsH0`, // https://github.com/openshift/console/blob/edae2305e01c2e0e8c33727af720ef960088eee3/dynamic-demo-plugin/README.md?plain=1#L114
 		`oc login --token=sha256~ZBMKw9VAayhdnyANaHvjJeXDiGwA7Fsr5gtLKj3-eh- `,     // https://github.com/IBM/tekton-tutorial-openshift/blob/2a97d22ba282accad50821bca069210ea89de706/docs/lab1/0_setup.md?plain=1#L85
-		"sha256~" + secrets.NewSecret(`[\w-]{43}`),
-	}
+		"sha256~"+secrets.NewSecret(`[\w-]{43}`),
+	)
 	fps := []string{
 		`--set kraken.kubeconfig.token.token="sha256~XXXXXXXXXX_PUT_YOUR_TOKEN_HERE_XXXXXXXXXXXX" \`, // https://github.com/krkn-chaos/krkn/blob/f3933f0e6239824eb9b5c46ff0e5d503b8465d6a/docs/index.md?plain=1#L307
 		`oc login --token=sha256~_xxxxxx_xxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxx-X \

cmd/generate/config/rules/plaid.go

@@ -22,9 +22,7 @@ func PlaidAccessID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("plaid", secrets.NewSecret(`[a-zA-Z0-9]{24}`)),
-	}
+	tps := utils.GenerateSampleSecrets("plaid", secrets.NewSecret(`[a-zA-Z0-9]{24}`))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -42,9 +40,7 @@ func PlaidSecretKey() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("plaid", secrets.NewSecret(utils.AlphaNumeric("30"))),
-	}
+	tps := utils.GenerateSampleSecrets("plaid", secrets.NewSecret(utils.AlphaNumeric("30")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -62,8 +58,6 @@ func PlaidAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("plaid", secrets.NewSecret(fmt.Sprintf("access-(?:sandbox|development|production)-%s", utils.Hex8_4_4_4_12()))),
-	}
+	tps := utils.GenerateSampleSecrets("plaid", secrets.NewSecret(fmt.Sprintf("access-(?:sandbox|development|production)-%s", utils.Hex8_4_4_4_12())))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/planetscale.go

@@ -19,11 +19,9 @@ func PlanetScalePassword() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(utils.AlphaNumericExtended("32"))),
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(utils.AlphaNumericExtended("43"))),
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(utils.AlphaNumericExtended("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("planetScale", "pscale_pw_"+secrets.NewSecret(utils.AlphaNumericExtended("32")))
+	tps = append(tps, utils.GenerateSampleSecrets("planetScale", "pscale_pw_"+secrets.NewSecret(utils.AlphaNumericExtended("43")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("planetScale", "pscale_pw_"+secrets.NewSecret(utils.AlphaNumericExtended("64")))...)
 	return utils.Validate(r, tps, nil)
 }
 
@@ -40,11 +38,9 @@ func PlanetScaleAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(utils.AlphaNumericExtended("32"))),
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(utils.AlphaNumericExtended("43"))),
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(utils.AlphaNumericExtended("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("planetScale", "pscale_tkn_"+secrets.NewSecret(utils.AlphaNumericExtended("32")))
+	tps = append(tps, utils.GenerateSampleSecrets("planetScale", "pscale_tkn_"+secrets.NewSecret(utils.AlphaNumericExtended("43")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("planetScale", "pscale_tkn_"+secrets.NewSecret(utils.AlphaNumericExtended("64")))...)
 	return utils.Validate(r, tps, nil)
 }
 
@@ -61,10 +57,8 @@ func PlanetScaleOAuthToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_oauth_"+secrets.NewSecret(utils.AlphaNumericExtended("32"))),
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_oauth_"+secrets.NewSecret(utils.AlphaNumericExtended("43"))),
-		utils.GenerateSampleSecret("planetScalePassword", "pscale_oauth_"+secrets.NewSecret(utils.AlphaNumericExtended("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("planetScale", "pscale_oauth_"+secrets.NewSecret(utils.AlphaNumericExtended("32")))
+	tps = append(tps, utils.GenerateSampleSecrets("planetScale", "pscale_oauth_"+secrets.NewSecret(utils.AlphaNumericExtended("43")))...)
+	tps = append(tps, utils.GenerateSampleSecrets("planetScale", "pscale_oauth_"+secrets.NewSecret(utils.AlphaNumericExtended("64")))...)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/postman.go

@@ -19,8 +19,6 @@ func PostManAPI() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("postmanAPItoken", "PMAK-"+secrets.NewSecret(utils.Hex("24"))+"-"+secrets.NewSecret(utils.Hex("34"))),
-	}
+	tps := utils.GenerateSampleSecrets("postmanAPItoken", "PMAK-"+secrets.NewSecret(utils.Hex("24"))+"-"+secrets.NewSecret(utils.Hex("34")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/prefect.go

@@ -19,9 +19,7 @@ func Prefect() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("api-token", "pnu_"+secrets.NewSecret(utils.AlphaNumeric("36"))),
-	}
+	tps := utils.GenerateSampleSecrets("api-token", "pnu_"+secrets.NewSecret(utils.AlphaNumeric("36")))
 	fps := []string{
 		`PREFECT_API_KEY = "pnu_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"`,
 	}

cmd/generate/config/rules/pulumi.go

@@ -19,9 +19,7 @@ func PulumiAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("pulumi-api-token", "pul-"+secrets.NewSecret(utils.Hex("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("pulumi-api-token", "pul-"+secrets.NewSecret(utils.Hex("40")))
 	fps := []string{
 		`                        <img src="./assets/vipul-f0eb1acf0da84c06a50c5b2c59932001997786b176dec02bd16128ee9ea83628.png" alt="" class="w-16 h-16 rounded-full">`,
 	}

cmd/generate/config/rules/pypi.go

@@ -21,7 +21,6 @@ func PyPiUploadToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"pypiToken := \"pypi-AgEIcHlwaS5vcmc" + secrets.NewSecret(utils.Hex("32")) +
-		secrets.NewSecret(utils.Hex("32")) + "\""}
+	tps := utils.GenerateSampleSecrets("pypi", "pypi-AgEIcHlwaS5vcmc"+secrets.NewSecret(utils.Hex("32"))+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/rapidapi.go

@@ -20,9 +20,6 @@ func RapidAPIAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("rapidapi",
-			secrets.NewSecret(utils.AlphaNumericExtendedShort("50"))),
-	}
+	tps := utils.GenerateSampleSecrets("rapidapi", secrets.NewSecret(utils.AlphaNumericExtendedShort("50")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/readme.go

@@ -19,9 +19,8 @@ func ReadMe() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("api-token", "rdme_"+secrets.NewSecret(utils.AlphaNumeric("70"))),
-	}
+	tps := utils.GenerateSampleSecrets("api-token", "rdme_"+secrets.NewSecret(utils.AlphaNumeric("70")))
+
 	fps := []string{
 		`const API_KEY = 'rdme_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';`,
 	}

cmd/generate/config/rules/rubygems.go

@@ -19,8 +19,6 @@ func RubyGemsAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("rubygemsAPIToken", "rubygems_"+secrets.NewSecret(utils.Hex("48"))),
-	}
+	tps := utils.GenerateSampleSecrets("rubygemsAPIToken", "rubygems_"+secrets.NewSecret(utils.Hex("48")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/scalingo.go

@@ -17,9 +17,9 @@ func ScalingoAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("scalingo", "tk-us-"+secrets.NewSecret(utils.AlphaNumericExtendedShort("48"))),
+	tps := utils.GenerateSampleSecrets("scalingo", "tk-us-"+secrets.NewSecret(utils.AlphaNumericExtendedShort("48")))
+	tps = append(tps,
 		`scalingo_api_token = "tk-us-loys7ib9yrxcys_ta2sq85mjar6lgcsspkd9x61s7h5epf_-"`, // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/sendbird.go

@@ -19,9 +19,7 @@ func SendbirdAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("sendbird", secrets.NewSecret(utils.Hex("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("sendbird", secrets.NewSecret(utils.Hex("40")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -38,8 +36,6 @@ func SendbirdAccessID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("sendbird", secrets.NewSecret(utils.Hex8_4_4_4_12())),
-	}
+	tps := utils.GenerateSampleSecrets("sendbird", secrets.NewSecret(utils.Hex8_4_4_4_12()))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/sendgrid.go

@@ -19,8 +19,6 @@ func SendGridAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("sengridAPIToken", "SG."+secrets.NewSecret(utils.AlphaNumericExtended("66"))),
-	}
+	tps := utils.GenerateSampleSecrets("sengridAPIToken", "SG."+secrets.NewSecret(utils.AlphaNumericExtended("66")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/sendinblue.go

@@ -19,8 +19,6 @@ func SendInBlueAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("sendinblue", "xkeysib-"+secrets.NewSecret(utils.Hex("64"))+"-"+secrets.NewSecret(utils.AlphaNumeric("16"))),
-	}
+	tps := utils.GenerateSampleSecrets("sendinblue", "xkeysib-"+secrets.NewSecret(utils.Hex("64"))+"-"+secrets.NewSecret(utils.AlphaNumeric("16")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/sentry.go

@@ -19,8 +19,6 @@ func SentryAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("sentry", secrets.NewSecret(utils.Hex("64"))),
-	}
+	tps := utils.GenerateSampleSecrets("sentry", secrets.NewSecret(utils.Hex("64")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/shippo.go

@@ -19,9 +19,7 @@ func ShippoAPIToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("shippo", "shippo_live_"+secrets.NewSecret(utils.Hex("40"))),
-		utils.GenerateSampleSecret("shippo", "shippo_test_"+secrets.NewSecret(utils.Hex("40"))),
-	}
+	tps := utils.GenerateSampleSecrets("shippo", "shippo_live_"+secrets.NewSecret(utils.Hex("40")))
+	tps = append(tps, utils.GenerateSampleSecrets("shippo", "shippo_test_"+secrets.NewSecret(utils.Hex("40")))...)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/shopify.go

@@ -19,7 +19,7 @@ func ShopifySharedSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifySecret := \"shpss_" + secrets.NewSecret(utils.Hex("32")) + "\""}
+	tps := utils.GenerateSampleSecrets("shopify", "shpss_"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -34,7 +34,7 @@ func ShopifyAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifyToken := \"shpat_" + secrets.NewSecret(utils.Hex("32")) + "\""}
+	tps := utils.GenerateSampleSecrets("shopify", "shpat_"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -49,7 +49,7 @@ func ShopifyCustomAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifyToken := \"shpca_" + secrets.NewSecret(utils.Hex("32")) + "\""}
+	tps := utils.GenerateSampleSecrets("shopify", "shpca_"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }
 
@@ -64,6 +64,6 @@ func ShopifyPrivateAppAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifyToken := \"shppa_" + secrets.NewSecret(utils.Hex("32")) + "\""}
+	tps := utils.GenerateSampleSecrets("shopify", "shppa_"+secrets.NewSecret(utils.Hex("32")))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/sidekiq.go

@@ -2,6 +2,7 @@ package rules
 
 import (
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"regexp"
 
 	"github.com/zricethezav/gitleaks/v8/config"
@@ -19,7 +20,9 @@ func SidekiqSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("BUNDLE_ENTERPRISE__CONTRIBSYS__COM", secrets.NewSecret("[a-f0-9]{8}:[a-f0-9]{8}"))
+	tps = append(tps, utils.GenerateSampleSecrets("BUNDLE_GEMS__CONTRIBSYS__COM", secrets.NewSecret("[a-f0-9]{8}:[a-f0-9]{8}"))...)
+	tps = append(tps,
 		"BUNDLE_ENTERPRISE__CONTRIBSYS__COM: cafebabe:deadbeef",
 		"export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef",
 		"export BUNDLE_ENTERPRISE__CONTRIBSYS__COM = cafebabe:deadbeef",
@@ -28,7 +31,7 @@ func SidekiqSecret() *config.Rule {
 		"export BUNDLE_GEMS__CONTRIBSYS__COM = \"cafebabe:deadbeef\"",
 		"export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef;",
 		"export BUNDLE_ENTERPRISE__CONTRIBSYS__COM=cafebabe:deadbeef && echo 'hello world'",
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }
 

cmd/generate/config/rules/slack.go

@@ -23,14 +23,15 @@ func SlackBotToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("bot", "xoxb-781236542736-2364535789652-GkwFDQoHqzXDVsC6GzqYUypD")
+	tps = append(tps,
 		// https://github.com/metabase/metabase/blob/74cfb332140680425c7d37d347854160cc997ea8/frontend/src/metabase/admin/settings/slack/components/SlackForm/SlackForm.tsx#L47
 		`"bot_token1": "xoxb-781236542736-2364535789652-GkwFDQoHqzXDVsC6GzqYUypD"`, // gitleaks:allow
 		// https://github.com/jonz-secops/TokenTester/blob/978e9f3eabc7e9978769cfbba10735afa3bf627e/slack#LL44C27-L44C86
 		`"bot_token2": "xoxb-263594206564-2343594206574-FGqddMF8t08v8N7Oq4i57vs1MBS"`, // gitleaks:allow
 		`"bot_token3": "xoxb-4614724432022-5152386766518-O5WzjWGLG0wcCm2WPrjEmnys"`,   // gitleaks:allow
-		`"bot_token4": ` + fmt.Sprintf(`"xoxb-%s-%s-%s"`, secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.Numeric("12")), secrets.NewSecret(utils.AlphaNumeric("24"))),
-	}
+		`"bot_token4": `+fmt.Sprintf(`"xoxb-%s-%s-%s"`, secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.Numeric("12")), secrets.NewSecret(utils.AlphaNumeric("24"))),
+	)
 	fps := []string{
 		"xoxb-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxxxx",
 		"xoxb-xxx",
@@ -53,7 +54,8 @@ func SlackUserToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("user", "xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef")
+	tps = append(tps,
 		// https://github.com/jonz-secops/TokenTester/blob/978e9f3eabc7e9978769cfbba10735afa3bf627e/slack#L25
 		`"user_token1": "xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef"`, // gitleaks:allow
 		// https://github.com/praetorian-inc/noseyparker/blob/16e0e5768fd14ea54f6c9a058566184d88343bb4/crates/noseyparker/data/default/rules/slack.yml#L29
@@ -63,10 +65,10 @@ func SlackUserToken() *config.Rule {
 		// https://github.com/evanyeung/terminal-slack/blob/b068f77808de72424d08b525d6cbf814849acd08/readme.md?plain=1#L66
 		`"user_token4": "xoxp-254112160503-252950188691-252375361712-6cbf56aada30951a9d310a5f23d032a0"`,    // gitleaks:allow
 		`"user_token5": "xoxp-4614724432022-4621207627011-5182682871568-1ddad9823e8528ad0f4944dfa3c6fc6c"`, // gitleaks:allow
-		`"user_token6": ` + fmt.Sprintf(`"xoxp-%s-%s-%s-%s"`, secrets.NewSecret(utils.Numeric("12")), secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.AlphaNumeric("32"))),
+		`"user_token6": `+fmt.Sprintf(`"xoxp-%s-%s-%s-%s"`, secrets.NewSecret(utils.Numeric("12")), secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.AlphaNumeric("32"))),
 		// It's unclear what the `xoxe-` token means in this context, however, the format is similar to a user token.
 		`"url_private": "https:\/\/files.slack.com\/files-pri\/T04MCQMEXQ9-F04MAA1PKE3\/image.png?t=xoxe-4726837507825-4848681849303-4856614048758-e0b1f3d4cb371f92260edb0d9444d206"`,
-	}
+	)
 	fps := []string{
 		`https://docs.google.com/document/d/1W7KCxOxP-1Fy5EyF2lbJGE2WuKmu5v0suYqoHas1jRM`,
 		`"token1": "xoxp-1234567890"`, // gitleaks:allow
@@ -91,13 +93,14 @@ func SlackAppLevelToken() *config.Rule {
 		Keywords: []string{"xapp"},
 	}
 
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("slack", "xapp-1-A052FGTS2DL-5171572773297-610b6a11f4b7eb819e87b767d80e6575a3634791acb9a9ead051da879eb5b55e")
+	tps = append(tps,
 		// https://github.com/jonz-secops/TokenTester/blob/978e9f3eabc7e9978769cfbba10735afa3bf627e/slack#L17
 		`"token1": "xapp-1-A052FGTS2DL-5171572773297-610b6a11f4b7eb819e87b767d80e6575a3634791acb9a9ead051da879eb5b55e"`, // gitleaks:allow
 		`"token2": "xapp-1-IEMF8IMY1OQ-4037076220459-85c370b433e366de369c4ef5abdf41253519266982439a75af74a3d68d543fb6"`, // gitleaks:allow
 		`"token3": "xapp-1-BM3V7LC51DA-1441525068281-86641a2582cd0903402ab523e5bcc53b8253098c31591e529b55b41974d2e82f"`, // gitleaks:allow
-		`"token4": ` + fmt.Sprintf(`"xapp-1-A%s-%s-%s"`, secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+		`"token4": `+fmt.Sprintf(`"xapp-1-A%s-%s-%s"`, secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Numeric("13")), secrets.NewSecret(utils.AlphaNumeric("64"))),
+	)
 	return utils.Validate(r, tps, nil)
 }
 
@@ -112,13 +115,14 @@ func SlackConfigurationToken() *config.Rule {
 		Keywords:    []string{"xoxe.xoxb-", "xoxe.xoxp-"},
 	}
 
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("access", "xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjNDEwYmQxMjQ")
+	tps = append(tps,
 		`"access_token1": "xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjNDEwYmQxMjQ"`, // gitleaks:allow
 		`"access_token2": "xoxe.xoxp-1-Mi0yLTMxNzcwMjQ0MTcxMy0zNjU5NDY0Njg4MTctNTE1ODE1MjY5MTcxNC01MTU4MDI0MTgyOTc5LWRmY2YwY2U4ODhhNzY5ZGU5MTAyNDU4MDJjMGQ0ZDliMTZhMjNkMmEyYzliNjkzMDRlN2VjZTI4MWNiMzRkNGQ"`, // gitleaks:allow
-		`"access_token3": "xoxe.xoxp-1-` + secrets.NewSecret(utils.AlphaNumeric("163")) + `"`,
+		`"access_token3": "xoxe.xoxp-1-`+secrets.NewSecret(utils.AlphaNumeric("163"))+`"`,
 		`"access_token4": "xoxe.xoxb-1-Mi0yLTMxNzcwMjQ0MTcxMy0zNjU5NDY0Njg4MTctNTE1ODE1MjY5MTcxNC01MTU4MDI0MTgyOTc5LWRmY2YwY2U4ODhhNzY5ZGU5MTAyNDU4MDJjMGQ0ZDliMTZhMjNkMmEyYzliNjkzMDRlN2VjZTI4MWNiMzRkNGQ"`,
-		`"access_token5": "xoxe.xoxb-1-` + secrets.NewSecret(utils.AlphaNumeric("165")) + `"`,
-	}
+		`"access_token5": "xoxe.xoxb-1-`+secrets.NewSecret(utils.AlphaNumeric("165"))+`"`,
+	)
 	fps := []string{
 		"xoxe.xoxp-1-SlackAppConfigurationAccessTokenHere",
 		"xoxe.xoxp-1-RANDOMSTRINGHERE",
@@ -138,11 +142,12 @@ func SlackConfigurationRefreshToken() *config.Rule {
 		Keywords:    []string{"xoxe-"},
 	}
 
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("refresh", "xoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg2YWM1OGM4Mg")
+	tps = append(tps,
 		`"refresh_token1": "xoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg2YWM1OGM4Mg"`, // gitleaks:allow
 		`"refresh_token2": "xoxe-1-My0xLTM0MTQwNDE0MDE3Ni01MTgyMDc1NDk2MDgwLTU0MjQ1NjIwNzgxODEtNGJkYTZhYTUxY2M1ODk3ZTNkN2YzMTgxMDI1ZDQzNzgwNWY4NWQ0ODdhZGIzM2ViOGI0MTM0MjdlNGVmYzQ4Ng"`, // gitleaks:allow
-		`"refresh_token3": "xoxe-1-` + secrets.NewSecret(utils.AlphaNumeric("146")) + `"`,
-	}
+		`"refresh_token3": "xoxe-1-`+secrets.NewSecret(utils.AlphaNumeric("146"))+`"`,
+	)
 	fps := []string{"xoxe-1-xxx", "XOxE-RROAmw, Home and Garden, 5:24, 20120323"}
 	return utils.Validate(r, tps, fps)
 }
@@ -160,7 +165,8 @@ func SlackLegacyBotToken() *config.Rule {
 		},
 	}
 
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("slack", "xoxb-263594206564-FGqddMF8t08v8N7Oq4i57vs1")
+	tps = append(tps,
 		// https://github.com/jonz-secops/TokenTester/blob/978e9f3eabc7e9978769cfbba10735afa3bf627e/slack#LL42C38-L42C80
 		`"bot_token1": "xoxb-263594206564-FGqddMF8t08v8N7Oq4i57vs1"`, // gitleaks:allow
 		// https://heejune.me/2018/08/01/crashdump-analysis-automation-using-slackbot-python-cdb-from-windows/
@@ -176,11 +182,11 @@ func SlackLegacyBotToken() *config.Rule {
 		// https://github.com/logicmoo/logicmoo_workspace/blob/2e1794f596121c9949deb3bfbd30d5b027a51d3d/packs_sys/slack_prolog/prolog/slack_client_old.pl#L28
 		`"bot_token7": "xoxb-130154379991-ogFL0OFP3w6AwdJuK7wLojpK"`, // gitleaks:allow
 		// https://github.com/sbarski/serverless-chatbot/blob/7d556897486f3fd53795907b7e33252e5cc6b3a3/Lesson%203/serverless.yml#L38
-		`"bot_token8": "xoxb-159279836768-FOst5DLfEzmQgkz7cte5qiI"`,                                                                         // gitleaks:allow
-		`"bot_token9": "xoxb-50014434-slacktokenx29U9X1bQ"`,                                                                                 // gitleaks:allow
-		`"bot_token10": ` + fmt.Sprintf(`"xoxb-%s-%s`, secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.AlphaNumeric("24"))), // gitleaks:allow
-		`"bot_token11": ` + fmt.Sprintf(`"xoxb-%s-%s`, secrets.NewSecret(utils.Numeric("12")), secrets.NewSecret(utils.AlphaNumeric("23"))), // gitleaks:allow
-	}
+		`"bot_token8": "xoxb-159279836768-FOst5DLfEzmQgkz7cte5qiI"`,                                                                       // gitleaks:allow
+		`"bot_token9": "xoxb-50014434-slacktokenx29U9X1bQ"`,                                                                               // gitleaks:allow
+		`"bot_token10": `+fmt.Sprintf(`"xoxb-%s-%s`, secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.AlphaNumeric("24"))), // gitleaks:allow
+		`"bot_token11": `+fmt.Sprintf(`"xoxb-%s-%s`, secrets.NewSecret(utils.Numeric("12")), secrets.NewSecret(utils.AlphaNumeric("23"))), // gitleaks:allow
+	)
 	fps := []string{
 		"xoxb-xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx", // gitleaks:allow
 		"xoxb-Slack_BOT_TOKEN",
@@ -204,13 +210,14 @@ func SlackLegacyWorkspaceToken() *config.Rule {
 		},
 	}
 
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("slack", "xoxa-2-511111111-31111111111-3111111111111-e039d02840a0b9379c")
+	tps = append(tps,
 		`"access_token": "xoxa-2-511111111-31111111111-3111111111111-e039d02840a0b9379c"`, // gitleaks:allow
-		`"access_token1": ` + fmt.Sprintf(`"xoxa-%s-%s`, secrets.NewSecret(utils.Numeric("1")), secrets.NewSecret(utils.AlphaNumeric("12"))),
-		`"access_token2": ` + fmt.Sprintf(`"xoxa-%s`, secrets.NewSecret(utils.AlphaNumeric("12"))),
-		`"refresh_token1": ` + fmt.Sprintf(`"xoxr-%s-%s`, secrets.NewSecret(utils.Numeric("1")), secrets.NewSecret(utils.AlphaNumeric("12"))),
-		`"refresh_token2": ` + fmt.Sprintf(`"xoxr-%s`, secrets.NewSecret(utils.AlphaNumeric("12"))),
-	}
+		`"access_token1": `+fmt.Sprintf(`"xoxa-%s-%s`, secrets.NewSecret(utils.Numeric("1")), secrets.NewSecret(utils.AlphaNumeric("12"))),
+		`"access_token2": `+fmt.Sprintf(`"xoxa-%s`, secrets.NewSecret(utils.AlphaNumeric("12"))),
+		`"refresh_token1": `+fmt.Sprintf(`"xoxr-%s-%s`, secrets.NewSecret(utils.Numeric("1")), secrets.NewSecret(utils.AlphaNumeric("12"))),
+		`"refresh_token2": `+fmt.Sprintf(`"xoxr-%s`, secrets.NewSecret(utils.AlphaNumeric("12"))),
+	)
 	fps := []string{
 		// "xoxa-faketoken",
 		// "xoxa-access-token-string",
@@ -236,7 +243,8 @@ func SlackLegacyToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("slack", "xoxs-416843729158-132049654-5609968301-e708ba56e1")
+	tps = append(tps,
 		// https://github.com/GGStudy-DDUp/https-github.com-aldaor-HackerOneReports/blob/637e9261b63a7292a3a7ddf4bf13729c224d84df/PrivilegeEscalation/47940.txt#L23
 		`"access_token1": "xoxs-3206092076-3204538285-3743137121-836b042620"`, // gitleaks:allow
 		// https://github.com/jonz-secops/TokenTester/blob/978e9f3eabc7e9978769cfbba10735afa3bf627e/slack#L28
@@ -247,9 +255,9 @@ func SlackLegacyToken() *config.Rule {
 		`"access_token4": "xoxs-4829527689-4829527691-4814341714-d0346ec616"`, // gitleaks:allow
 		// https://github.com/ericvanderwal/general-playmaker/blob/34bd8e82e2d7b16ca9cc825d0c9d383b8378b550/Logic/setrandomseedtype.cs#LL783C15-L783C69
 		`"access_token5": "xoxs-155191149137-155868813314-338998331396-9f6d235915"`, // gitleaks:allow
-		`"access_token6": "xoxs-` + fmt.Sprintf("%s-%s-%s-%s", secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Hex("10"))) + `"`,
+		`"access_token6": "xoxs-`+fmt.Sprintf("%s-%s-%s-%s", secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Numeric("10")), secrets.NewSecret(utils.Hex("10")))+`"`,
 		`"access_token7": "xoxo-523423-234243-234233-e039d02840a0b9379c"`, // gitleaks:allow
-	}
+	)
 	fps := []string{
 		"https://indieweb.org/images/3/35/2018-250-xoxo-indieweb-1.jpg",
 		"https://lh3.googleusercontent.com/-tWXjX3LUD6w/Ua4La_N5E2I/AAAAAAAAACg/qcm19xbEYa4/s640/EXO-XOXO-teaser-exo-k-34521098-720-516.jpg",

cmd/generate/config/rules/snyk.go

@@ -6,26 +6,18 @@ import (
 )
 
 func Snyk() *config.Rule {
-
-	keywords := []string{
-		"snyk_token",
-		"snyk_key",
-		"snyk_api_token",
-		"snyk_api_key",
-		"snyk_oauth_token",
-	}
-
 	// define rule
 	r := config.Rule{
 		Description: "Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security.",
 		RuleID:      "snyk-api-token",
 
-		Regex:    utils.GenerateSemiGenericRegex(keywords, utils.Hex8_4_4_4_12(), true),
-		Keywords: keywords,
+		Regex:    utils.GenerateSemiGenericRegex([]string{"snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token)"}, utils.Hex8_4_4_4_12(), true),
+		Keywords: []string{"snyk"},
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("snyk", "12345678-ABCD-ABCD-ABCD-1234567890AB")
+	tps = append(tps,
 		`const SNYK_TOKEN = "12345678-ABCD-ABCD-ABCD-1234567890AB"`, // gitleaks:allow
 		`const SNYK_KEY = "12345678-ABCD-ABCD-ABCD-1234567890AB"`,   // gitleaks:allow
 		`SNYK_TOKEN := "12345678-ABCD-ABCD-ABCD-1234567890AB"`,      // gitleaks:allow
@@ -35,6 +27,6 @@ func Snyk() *config.Rule {
 		`SNYK_API_KEY ?= "12345678-ABCD-ABCD-ABCD-1234567890AB"`,    // gitleaks:allow
 		`SNYK_API_TOKEN = "12345678-ABCD-ABCD-ABCD-1234567890AB"`,   // gitleaks:allow
 		`SNYK_OAUTH_TOKEN = "12345678-ABCD-ABCD-ABCD-1234567890AB"`, // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/square.go

@@ -17,11 +17,11 @@ func SquareAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("square", secrets.NewSecret(`(?:EAAA|sq0atp-)[\w-]{22,60}`)),
+	tps := utils.GenerateSampleSecrets("square", secrets.NewSecret(`(?:EAAA|sq0atp-)[\w-]{22,60}`))
+	tps = append(tps,
 		"ARG token=sq0atp-812erere3wewew45678901",                                    // gitleaks:allow
 		"ARG token=EAAAlsBxkkVgvmr7FasTFbM6VUGZ31EJ4jZKTJZySgElBDJ_wyafHuBFquFexY7E", // gitleaks:allow",
-	}
+	)
 	fps := []string{
 		`aws-cli@sha256:eaaa7b11777babe28e6133a8b19ff71cea687e0d7f05158dee95a71f76ce3d00`,
 	}
@@ -39,9 +39,9 @@ func SquareSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("square", secrets.NewSecret(`sq0csp-[\w-]{43}`)),
+	tps := utils.GenerateSampleSecrets("square", secrets.NewSecret(`sq0csp-[0-9A-Za-z\\-_]{43}`))
+	tps = append(tps,
 		`value: "sq0csp-0p9h7g6f4s3s3s3-4a3ardgwa6ADRDJDDKUFYDYDYDY"`, // gitleaks:allow
-	}
+	)
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/squarespace.go

@@ -19,8 +19,6 @@ func SquareSpaceAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("squarespace", secrets.NewSecret(utils.Hex8_4_4_4_12())),
-	}
+	tps := utils.GenerateSampleSecrets("squarespace", secrets.NewSecret(utils.Hex8_4_4_4_12()))
 	return utils.Validate(r, tps, nil)
 }

cmd/generate/config/rules/stripe.go

@@ -24,11 +24,12 @@ func StripeAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		"stripeToken := \"sk_test_" + secrets.NewSecret(utils.AlphaNumeric("30")) + "\"",
+	tps := utils.GenerateSampleSecrets("stripe", "sk_test_"+secrets.NewSecret(utils.AlphaNumeric("30")))
+	tps = append(tps, utils.GenerateSampleSecrets("stripe", "sk_prod_"+secrets.NewSecret(utils.AlphaNumeric("99")))...)
+	tps = append(tps,
 		"sk_test_51OuEMLAlTWGaDypq4P5cuDHbuKeG4tAGPYHJpEXQ7zE8mKK3jkhTFPvCxnSSK5zB5EQZrJsYdsatNmAHGgb0vSKD00GTMSWRHs", // gitleaks:allow
 		"rk_prod_51OuEMLAlTWGaDypquDn9aZigaJOsa9NR1w1BxZXs9JlYsVVkv5XDu6aLmAxwt5Tgun5WcSwQMKzQyqV16c9iD4sx00BRijuoon", // gitleaks:allow
-	}
+	)
 	fps := []string{"nonMatchingToken := \"task_test_" + secrets.NewSecret(utils.AlphaNumeric("30")) + "\""}
 	return utils.Validate(r, tps, fps)
 }

cmd/generate/config/rules/sumologic.go

@@ -20,13 +20,13 @@ func SumoLogicAccessID() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("sumo", secrets.NewSecret(`su[a-zA-Z0-9]{12}`))
+	tps = append(tps,
 		`sumologic.accessId = "su9OL59biWiJu7"`,      // gitleaks:allow
 		`sumologic_access_id = "sug5XpdpaoxtOH"`,     // gitleaks:allow
 		`export SUMOLOGIC_ACCESSID="suDbJw97o9WVo0"`, // gitleaks:allow
 		`SUMO_ACCESS_ID = "suGyI5imvADdvU"`,          // gitleaks:allow
-		utils.GenerateSampleSecret("sumo", secrets.NewSecret(`su[a-zA-Z0-9]{12}`)),
-	}
+	)
 	fps := []string{
 		`- (NSNumber *)sumOfProperty:(NSString *)property;`,
 		`- (NSInteger)sumOfValuesInRange:(NSRange)range;`,
@@ -55,13 +55,13 @@ func SumoLogicAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
+	tps := utils.GenerateSampleSecrets("sumo", secrets.NewSecret(utils.AlphaNumeric("64")))
+	tps = append(tps,
 		`export SUMOLOGIC_ACCESSKEY="3HSa1hQfz6BYzlxf7Yb1WKG3Hyovm56LMFChV2y9LgkRipsXCujcLb5ej3oQUJlx"`, // gitleaks:allow
 		`SUMO_ACCESS_KEY: gxq3rJQkS6qovOg9UY2Q70iH1jFZx0WBrrsiAYv4XHodogAwTKyLzvFK4neRN8Dk`,             // gitleaks:allow
 		`SUMOLOGIC_ACCESSKEY: 9RITWb3I3kAnSyUolcVJq4gwM17JRnQK8ugRaixFfxkdSl8ys17ZtEL3LotESKB7`,         // gitleaks:allow
 		`sumo_access_key = "3Kof2VffNQ0QgYIhXUPJosVlCaQKm2hfpWE6F1fT9YGY74blQBIPsrkCcf1TwKE5"`,          // gitleaks:allow
-		utils.GenerateSampleSecret("sumo", secrets.NewSecret(utils.AlphaNumeric("64"))),
-	}
+	)
 	fps := []string{
 		`#   SUMO_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`, // gitleaks:allow
 		"-e SUMO_ACCESS_KEY=`etcdctl get /sumologic_secret`",

cmd/generate/config/rules/telegram.go

@@ -2,8 +2,6 @@ package rules
 
 import (
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
-	"regexp"
-
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
@@ -14,7 +12,7 @@ func TelegramBotToken() *config.Rule {
 		Description: "Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram.",
 		RuleID:      "telegram-bot-api-token",
 
-		Regex: regexp.MustCompile(`(?i:telegr(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)`),
+		Regex: utils.GenerateSemiGenericRegex([]string{"telegr"}, "[0-9]{5,16}:(?-i:A)[a-z0-9_\\-]{34}", true),
 		Keywords: []string{
 			"telegr",
 		},
@@ -27,24 +25,24 @@ func TelegramBotToken() *config.Rule {
 		maxToken   = secrets.NewSecret(utils.Numeric("16") + ":A" + utils.AlphaNumericExtendedShort("34"))
 		// xsdWithToken = secrets.NewSecret(`<xsd:element name="AgencyIdentificationCode" type="` + Numeric("5") + `:A` + AlphaNumericExtendedShort("34") + `"/>`)
 	)
-	tps := []string{
-		// variable assignment
-		utils.GenerateSampleSecret("telegram", validToken),
+	// variable assignment
+	tps := utils.GenerateSampleSecrets("telegram", validToken)
+	// Token with min bot_id
+	tps = append(tps, utils.GenerateSampleSecrets("telegram", minToken)...)
+	// Token with max bot_id
+	tps = append(tps, utils.GenerateSampleSecrets("telegram", maxToken)...)
+	tps = append(tps,
 		// URL containing token TODO add another url based rule
 		// GenerateSampleSecret("url", "https://api.telegram.org/bot"+validToken+"/sendMessage"),
 		// object constructor
-		`const bot = new Telegraf("` + validToken + `")`,
+		//TODO: `const bot = new Telegraf("`+validToken+`")`,
 		// .env
-		`TELEGRAM_API_TOKEN = ` + validToken,
+		`TELEGRAM_API_TOKEN = `+validToken,
 		// YAML
-		`telegram bot: ` + validToken,
-		// Token with min bot_id
-		utils.GenerateSampleSecret("telegram", minToken),
-		// Token with max bot_id
-		utils.GenerateSampleSecret("telegram", maxToken),
+		`telegram bot: `+validToken,
 		// Valid token in XSD document TODO separate rule for this
-		// GenerateSampleSecret("telegram", xsdWithToken),
-	}
+		// generateSampleSecret("telegram", xsdWithToken),
+	)
 
 	var (
 		tooSmallToken                = secrets.NewSecret(utils.Numeric("4") + ":A" + utils.AlphaNumericExtendedShort("34"))

cmd/generate/config/rules/travisci.go

@@ -19,8 +19,6 @@ func TravisCIAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{
-		utils.GenerateSampleSecret("travis", secrets.NewSecret(utils.AlphaNumeric("22"))),
-	}
+	tps := utils.GenerateSampleSecrets("travis", secrets.NewSecret(utils.AlphaNumeric("22")))
 	return utils.Validate(r, tps, nil)
 }