Fix default twitter rules (#614)

Regexps for default Twitter rules ("Twitter Secret Key" and "Twitter Client ID") have a small flaw that make the default configuration vulnerable to some false-positives. I believe these rules should detect the cases like (SOME_CLIENT_ID should be longer): ``` "twitter_client_id": "SOME_CLIENT_ID" ``` However, currently the twitter rules also detect the false positives for the cases like: ``` someObj := twitter.NewObjectWithALongName() config.Twitter.DomainAccessToken ``` I'm trying to address this issue the similar way it's done for facebook client ids and AWS secret keys, where the secret is expected to be quoted.
gitleaks · Sep 2, 2021 · aa91fd3 · aa91fd3
1 parent 67e3603
commit aa91fd3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/config/default.go b/config/default.go
@@ -33,12 +33,12 @@ title = "gitleaks config"
 
 [[rules]]
     description = "Twitter Secret Key"
-    regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}'''
+    regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
     tags = ["key", "Twitter"]
 
 [[rules]]
     description = "Twitter Client ID"
-    regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}'''
+    regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
     tags = ["client", "Twitter"]
 
 [[rules]]