feat: catch secret in XML child

cmd/generate/config/rules/generic.go

@@ -44,12 +44,25 @@ func GenericCredential() *config.Rule {
 		generateSampleSecret("generic", "Zf3D0LXCM3EIMbgJpUNnkRtOfOueHznB"),
 		`"client_id" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"`,
 		`"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde",`,
+		`"password: 'edf8f16608465858a6c9e3cccb97d3c2'"`,
+		"<password>edf8f16608465858a6c9e3cccb97d3c2</password>",
+		`<element password="edf8f16608465858a6c9e3cccb97d3c2" />`,
+		"M_DB_PASSWORD= edf8f16608465858a6c9e3cccb97d3c2",
 	}
 	fps := []string{
 		`client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.client-vpn-endpoint.id`,
 		`password combination.
 
-R5: Regulatory--21`,
+		R5: Regulatory--21`,
+
+		`"client_id" : "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"`,
+		`"client_secret" : "4v7b9n2k5h",`, // entropy: 3.32
+		`"password: 'comp123!'"`,
+		"<password>MyComp9876</password>", // entropy: 3.32
+		`<element password="Comp4567@@" />`,
+		"M_DB_PASSWORD= aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+		"GITHUB_TOKEN: ${GITHUB_TOKEN}",
+		"password = 'your_password_here'",
 	}
 	return validate(r, tps, fps)
 }

cmd/generate/config/rules/rule.go

@@ -27,7 +27,7 @@ const (
 	// \x60 = `
 	secretPrefixUnique = `\b(`
 	secretPrefix       = `(?:'|\"|\s|=|\x60){0,5}(`
-	secretSuffix       = `)(?:['|\"|\n|\r|\s|\x60|;]|$)`
+	secretSuffix       = `)(?:['|\"|\n|\r|\s|\x60|;|<]|$)`
 )
 
 func generateSemiGenericRegex(identifiers []string, secretRegex string, isCaseInsensitive bool) *regexp.Regexp {