gitleaks/cmd/generate/config/main.go

package main

import (
	"os"
	"text/template"

	"github.com/rs/zerolog/log"

	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/rules"
	"github.com/zricethezav/gitleaks/v8/config"
)

const (
	templatePath = "rules/config.tmpl"
)

func main() {
	var configRules []*config.Rule
	configRules = append(configRules, rules.AdafruitAPIKey())
	configRules = append(configRules, rules.AdobeClientID())
	configRules = append(configRules, rules.AdobeClientSecret())
	configRules = append(configRules, rules.AgeSecretKey())
	configRules = append(configRules, rules.Airtable())
	configRules = append(configRules, rules.AlgoliaApiKey())
	configRules = append(configRules, rules.AlibabaAccessKey())
	configRules = append(configRules, rules.AlibabaSecretKey())
	configRules = append(configRules, rules.AsanaClientID())
	configRules = append(configRules, rules.AsanaClientSecret())
	configRules = append(configRules, rules.Atlassian())
	configRules = append(configRules, rules.AWS())
	configRules = append(configRules, rules.BitBucketClientID())
	configRules = append(configRules, rules.BitBucketClientSecret())
	configRules = append(configRules, rules.BittrexAccessKey())
	configRules = append(configRules, rules.BittrexSecretKey())
	configRules = append(configRules, rules.Beamer())
	configRules = append(configRules, rules.CodecovAccessToken())
	configRules = append(configRules, rules.CoinbaseAccessToken())
	configRules = append(configRules, rules.Clojars())
	configRules = append(configRules, rules.ConfluentAccessToken())
	configRules = append(configRules, rules.ConfluentSecretKey())
	configRules = append(configRules, rules.Contentful())
	configRules = append(configRules, rules.Databricks())
	configRules = append(configRules, rules.DatadogtokenAccessToken())
	configRules = append(configRules, rules.DigitalOceanPAT())
	configRules = append(configRules, rules.DigitalOceanOAuthToken())
	configRules = append(configRules, rules.DigitalOceanRefreshToken())
	configRules = append(configRules, rules.DiscordAPIToken())
	configRules = append(configRules, rules.DiscordClientID())
	configRules = append(configRules, rules.DiscordClientSecret())
	configRules = append(configRules, rules.Doppler())
	configRules = append(configRules, rules.DropBoxAPISecret())
	configRules = append(configRules, rules.DropBoxLongLivedAPIToken())
	configRules = append(configRules, rules.DropBoxShortLivedAPIToken())
	configRules = append(configRules, rules.DroneciAccessToken())
	configRules = append(configRules, rules.Duffel())
	configRules = append(configRules, rules.Dynatrace())
	configRules = append(configRules, rules.EasyPost())
	configRules = append(configRules, rules.EasyPostTestAPI())
	configRules = append(configRules, rules.EtsyAccessToken())
	configRules = append(configRules, rules.Facebook())
	configRules = append(configRules, rules.FastlyAPIToken())
	configRules = append(configRules, rules.FinicityClientSecret())
	configRules = append(configRules, rules.FinicityAPIToken())
	configRules = append(configRules, rules.FlickrAccessToken())
	configRules = append(configRules, rules.FinnhubAccessToken())
	configRules = append(configRules, rules.FlutterwavePublicKey())
	configRules = append(configRules, rules.FlutterwaveSecretKey())
	configRules = append(configRules, rules.FlutterwaveEncKey())
	configRules = append(configRules, rules.FrameIO())
	configRules = append(configRules, rules.FreshbooksAccessToken())
	configRules = append(configRules, rules.GoCardless())
	// TODO figure out what makes sense for GCP
	// configRules = append(configRules, rules.GCPServiceAccount())
	configRules = append(configRules, rules.GCPAPIKey())
	configRules = append(configRules, rules.GitHubPat())
	configRules = append(configRules, rules.GitHubFineGrainedPat())
	configRules = append(configRules, rules.GitHubOauth())
	configRules = append(configRules, rules.GitHubApp())
	configRules = append(configRules, rules.GitHubRefresh())
	configRules = append(configRules, rules.Gitlab())
	configRules = append(configRules, rules.GitterAccessToken())
	configRules = append(configRules, rules.GrafanaApiKey())
	configRules = append(configRules, rules.GrafanaCloudApiToken())
	configRules = append(configRules, rules.GrafanaServiceAccountToken())
	configRules = append(configRules, rules.Hashicorp())
	configRules = append(configRules, rules.Heroku())
	configRules = append(configRules, rules.HubSpot())
	configRules = append(configRules, rules.Intercom())
	configRules = append(configRules, rules.JWT())
	configRules = append(configRules, rules.KrakenAccessToken())
	configRules = append(configRules, rules.KucoinAccessToken())
	configRules = append(configRules, rules.KucoinSecretKey())
	configRules = append(configRules, rules.LaunchDarklyAccessToken())
	configRules = append(configRules, rules.LinearAPIToken())
	configRules = append(configRules, rules.LinearClientSecret())
	configRules = append(configRules, rules.LinkedinClientID())
	configRules = append(configRules, rules.LinkedinClientSecret())
	configRules = append(configRules, rules.LobAPIToken())
	configRules = append(configRules, rules.LobPubAPIToken())
	configRules = append(configRules, rules.MailChimp())
	configRules = append(configRules, rules.MailGunPubAPIToken())
	configRules = append(configRules, rules.MailGunPrivateAPIToken())
	configRules = append(configRules, rules.MailGunSigningKey())
	configRules = append(configRules, rules.MapBox())
	configRules = append(configRules, rules.MattermostAccessToken())
	configRules = append(configRules, rules.MessageBirdAPIToken())
	configRules = append(configRules, rules.MessageBirdClientID())
	configRules = append(configRules, rules.NetlifyAccessToken())
	configRules = append(configRules, rules.NewRelicUserID())
	configRules = append(configRules, rules.NewRelicUserKey())
	configRules = append(configRules, rules.NewRelicBrowserAPIKey())
	configRules = append(configRules, rules.NPM())
	configRules = append(configRules, rules.NytimesAccessToken())
	configRules = append(configRules, rules.OktaAccessToken())
	configRules = append(configRules, rules.PlaidAccessID())
	configRules = append(configRules, rules.PlaidSecretKey())
	configRules = append(configRules, rules.PlaidAccessToken())
	configRules = append(configRules, rules.PlanetScalePassword())
	configRules = append(configRules, rules.PlanetScaleAPIToken())
	configRules = append(configRules, rules.PlanetScaleOAuthToken())
	configRules = append(configRules, rules.PostManAPI())
	configRules = append(configRules, rules.Prefect())
	configRules = append(configRules, rules.PrivateKey())
	configRules = append(configRules, rules.PulumiAPIToken())
	configRules = append(configRules, rules.PyPiUploadToken())
	configRules = append(configRules, rules.RapidAPIAccessToken())
	configRules = append(configRules, rules.ReadMe())
	configRules = append(configRules, rules.RubyGemsAPIToken())
	configRules = append(configRules, rules.SendbirdAccessID())
	configRules = append(configRules, rules.SendbirdAccessToken())
	configRules = append(configRules, rules.SendGridAPIToken())
	configRules = append(configRules, rules.SendInBlueAPIToken())
	configRules = append(configRules, rules.SentryAccessToken())
	configRules = append(configRules, rules.ShippoAPIToken())
	configRules = append(configRules, rules.ShopifyAccessToken())
	configRules = append(configRules, rules.ShopifyCustomAccessToken())
	configRules = append(configRules, rules.ShopifyPrivateAppAccessToken())
	configRules = append(configRules, rules.ShopifySharedSecret())
	configRules = append(configRules, rules.SidekiqSecret())
	configRules = append(configRules, rules.SidekiqSensitiveUrl())
	configRules = append(configRules, rules.SlackAccessToken())
	configRules = append(configRules, rules.SlackWebHook())
	configRules = append(configRules, rules.StripeAccessToken())
	configRules = append(configRules, rules.SquareAccessToken())
	configRules = append(configRules, rules.SquareSpaceAccessToken())
	configRules = append(configRules, rules.SumoLogicAccessID())
	configRules = append(configRules, rules.SumoLogicAccessToken())
	configRules = append(configRules, rules.TeamsWebhook())
	configRules = append(configRules, rules.TelegramBotToken())
	configRules = append(configRules, rules.TravisCIAccessToken())
	configRules = append(configRules, rules.Twilio())
	configRules = append(configRules, rules.TwitchAPIToken())
	configRules = append(configRules, rules.TwitterAPIKey())
	configRules = append(configRules, rules.TwitterAPISecret())
	configRules = append(configRules, rules.TwitterAccessToken())
	configRules = append(configRules, rules.TwitterAccessSecret())
	configRules = append(configRules, rules.TwitterBearerToken())
	configRules = append(configRules, rules.Typeform())
	configRules = append(configRules, rules.VaultBatchToken())
	configRules = append(configRules, rules.VaultServiceToken())
	configRules = append(configRules, rules.YandexAPIKey())
	configRules = append(configRules, rules.YandexAWSAccessToken())
	configRules = append(configRules, rules.YandexAccessToken())
	configRules = append(configRules, rules.ZendeskSecretKey())
	configRules = append(configRules, rules.GenericCredential())

	// ensure rules have unique ids
	ruleLookUp := make(map[string]config.Rule)
	for _, rule := range configRules {
		// check if rule is in ruleLookUp
		if _, ok := ruleLookUp[rule.RuleID]; ok {
			log.Fatal().Msgf("rule id %s is not unique", rule.RuleID)
		}
		// TODO: eventually change all the signatures to get ride of this
		// nasty dereferencing.
		ruleLookUp[rule.RuleID] = *rule
	}

	tmpl, err := template.ParseFiles(templatePath)
	if err != nil {
		log.Fatal().Err(err).Msg("Failed to parse template")
	}

	f, err := os.Create("../../../config/gitleaks.toml")
	if err != nil {
		log.Fatal().Err(err).Msg("Failed to create rules.toml")
	}

	if err = tmpl.Execute(f, config.Config{Rules: ruleLookUp}); err != nil {
		log.Fatal().Err(err).Msg("could not execute template")
	}

}