Add rule for fine-grained GitHub PAT (#1026)

cmd/generate/config/main.go

@@ -73,6 +73,7 @@ func main() {
 	// configRules = append(configRules, rules.GCPServiceAccount())
 	configRules = append(configRules, rules.GCPAPIKey())
 	configRules = append(configRules, rules.GitHubPat())
+	configRules = append(configRules, rules.GitHubFineGrainedPat())
 	configRules = append(configRules, rules.GitHubOauth())
 	configRules = append(configRules, rules.GitHubApp())
 	configRules = append(configRules, rules.GitHubRefresh())

cmd/generate/config/rules/github.go

@@ -23,6 +23,22 @@ func GitHubPat() *config.Rule {
 	return validate(r, tps, nil)
 }
 
+func GitHubFineGrainedPat() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "GitHub Fine-Grained Personal Access Token",
+		RuleID:      "github-fine-grained-pat",
+		Regex:       regexp.MustCompile(`github_pat_[0-9a-zA-Z_]{82}`),
+		Keywords:    []string{"github_pat_"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("github", "github_pat_"+secrets.NewSecret(alphaNumeric("82"))),
+	}
+	return validate(r, tps, nil)
+}
+
 func GitHubOauth() *config.Rule {
 	// define rule
 	r := config.Rule{

config/gitleaks.toml

@@ -1976,6 +1976,14 @@ keywords = [
     "ghu_","ghs_",
 ]
 
+[[rules]]
+description = "GitHub Fine-Grained Personal Access Token"
+id = "github-fine-grained-pat"
+regex = '''github_pat_[0-9a-zA-Z_]{82}'''
+keywords = [
+    "github_pat_",
+]
+
 [[rules]]
 description = "GitHub OAuth Access Token"
 id = "github-oauth"