remove secretgroup from default config (#1288)

* remove secretgroup from default config

* update test data and AWS

* leave secretgroup

CONTRIBUTING.md

@@ -35,7 +35,7 @@ If you want to add a new rule to the [default Gitleaks configuration](https://gi
            RuleID:      "beamer-api-token",
 
            // Regex capture group for the actual secret
-           SecretGroup: 1,
+
 
 
            // Regex used for detecting secrets. See regex section below for more details

cmd/generate/config/rules/adafruit.go

@@ -11,7 +11,6 @@ func AdafruitAPIKey() *config.Rule {
 		Description: "Adafruit API Key",
 		RuleID:      "adafruit-api-key",
 		Regex:       generateSemiGenericRegex([]string{"adafruit"}, alphaNumericExtendedShort("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"adafruit"},
 	}
 

cmd/generate/config/rules/adobe.go

@@ -11,7 +11,6 @@ func AdobeClientID() *config.Rule {
 		Description: "Adobe Client ID (OAuth Web)",
 		RuleID:      "adobe-client-id",
 		Regex:       generateSemiGenericRegex([]string{"adobe"}, hex("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"adobe"},
 	}
 

cmd/generate/config/rules/airtable.go

@@ -11,7 +11,6 @@ func Airtable() *config.Rule {
 		Description: "Airtable API Key",
 		RuleID:      "airtable-api-key",
 		Regex:       generateSemiGenericRegex([]string{"airtable"}, alphaNumeric("17"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"airtable"},
 	}
 

cmd/generate/config/rules/alibaba.go

@@ -29,8 +29,8 @@ func AlibabaSecretKey() *config.Rule {
 		RuleID:      "alibaba-secret-key",
 		Regex: generateSemiGenericRegex([]string{"alibaba"},
 			alphaNumeric("30"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"alibaba"},
+
+		Keywords: []string{"alibaba"},
 	}
 
 	// validate

cmd/generate/config/rules/asana.go

@@ -11,7 +11,6 @@ func AsanaClientID() *config.Rule {
 		Description: "Asana Client ID",
 		RuleID:      "asana-client-id",
 		Regex:       generateSemiGenericRegex([]string{"asana"}, numeric("16"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"asana"},
 	}
 
@@ -28,8 +27,8 @@ func AsanaClientSecret() *config.Rule {
 		Description: "Asana Client Secret",
 		RuleID:      "asana-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"asana"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"asana"},
+
+		Keywords: []string{"asana"},
 	}
 
 	// validate

cmd/generate/config/rules/atlassian.go

@@ -12,8 +12,7 @@ func Atlassian() *config.Rule {
 		RuleID:      "atlassian-api-token",
 		Regex: generateSemiGenericRegex([]string{
 			"atlassian", "confluence", "jira"}, alphaNumeric("24"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"atlassian", "confluence", "jira"},
+		Keywords: []string{"atlassian", "confluence", "jira"},
 	}
 
 	// validate

cmd/generate/config/rules/authress.go

@@ -13,7 +13,6 @@ func Authress() *config.Rule {
 	r := config.Rule{
 		Description: "Authress Service Client Access Key",
 		RuleID:      "authress-service-client-access-key",
-		SecretGroup: 1,
 		Regex:       generateUniqueTokenRegex(`(?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120}`, true),
 		Keywords:    []string{"sc_", "ext_", "scauth_", "authress_"},
 	}

cmd/generate/config/rules/aws.go

@@ -12,7 +12,7 @@ func AWS() *config.Rule {
 		Description: "AWS",
 		RuleID:      "aws-access-token",
 		Regex: regexp.MustCompile(
-			"(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
+			"(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
 		Keywords: []string{
 			"AKIA",
 			"AGPA",

cmd/generate/config/rules/beamer.go

@@ -10,7 +10,6 @@ func Beamer() *config.Rule {
 	r := config.Rule{
 		Description: "Beamer API token",
 		RuleID:      "beamer-api-token",
-		SecretGroup: 1,
 		Regex: generateSemiGenericRegex([]string{"beamer"},
 			`b_[a-z0-9=_\-]{44}`, true),
 		Keywords: []string{"beamer"},

cmd/generate/config/rules/bitbucket.go

@@ -11,7 +11,6 @@ func BitBucketClientID() *config.Rule {
 		Description: "Bitbucket Client ID",
 		RuleID:      "bitbucket-client-id",
 		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"bitbucket"},
 	}
 
@@ -28,8 +27,8 @@ func BitBucketClientSecret() *config.Rule {
 		Description: "Bitbucket Client Secret",
 		RuleID:      "bitbucket-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumericExtended("64"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"bitbucket"},
+
+		Keywords: []string{"bitbucket"},
 	}
 
 	// validate

cmd/generate/config/rules/bittrex.go

@@ -11,7 +11,6 @@ func BittrexAccessKey() *config.Rule {
 		Description: "Bittrex Access Key",
 		RuleID:      "bittrex-access-key",
 		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"bittrex"},
 	}
 
@@ -28,8 +27,8 @@ func BittrexSecretKey() *config.Rule {
 		Description: "Bittrex Secret Key",
 		RuleID:      "bittrex-secret-key",
 		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"bittrex"},
+
+		Keywords: []string{"bittrex"},
 	}
 
 	// validate

cmd/generate/config/rules/codecov.go

@@ -11,7 +11,6 @@ func CodecovAccessToken() *config.Rule {
 		RuleID:      "codecov-access-token",
 		Description: "Codecov Access Token",
 		Regex:       generateSemiGenericRegex([]string{"codecov"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"codecov",
 		},

cmd/generate/config/rules/coinbase.go

@@ -12,7 +12,6 @@ func CoinbaseAccessToken() *config.Rule {
 		Description: "Coinbase Access Token",
 		Regex: generateSemiGenericRegex([]string{"coinbase"},
 			alphaNumericExtendedShort("64"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"coinbase",
 		},

cmd/generate/config/rules/confluent.go

@@ -11,7 +11,6 @@ func ConfluentSecretKey() *config.Rule {
 		RuleID:      "confluent-secret-key",
 		Description: "Confluent Secret Key",
 		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("64"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"confluent",
 		},
@@ -30,7 +29,7 @@ func ConfluentAccessToken() *config.Rule {
 		RuleID:      "confluent-access-token",
 		Description: "Confluent Access Token",
 		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("16"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"confluent",
 		},

cmd/generate/config/rules/contentful.go

@@ -12,8 +12,7 @@ func Contentful() *config.Rule {
 		RuleID:      "contentful-delivery-api-token",
 		Regex: generateSemiGenericRegex([]string{"contentful"},
 			alphaNumericExtended("43"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"contentful"},
+		Keywords: []string{"contentful"},
 	}
 
 	// validate

cmd/generate/config/rules/datadog.go

@@ -12,7 +12,6 @@ func DatadogtokenAccessToken() *config.Rule {
 		Description: "Datadog Access Token",
 		Regex: generateSemiGenericRegex([]string{"datadog"},
 			alphaNumeric("40"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"datadog",
 		},

cmd/generate/config/rules/definednetworking.go

@@ -14,9 +14,6 @@ func DefinedNetworkingAPIToken() *config.Rule {
 		// Unique ID for the rule
 		RuleID: "defined-networking-api-token",
 
-		// Regex capture group for the actual secret
-		SecretGroup: 1,
-
 		// Regex used for detecting secrets. See regex section below for more details
 		Regex: generateSemiGenericRegex([]string{"dnkey"}, `dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52}`, true),
 

cmd/generate/config/rules/digitalocean.go

@@ -9,7 +9,6 @@ func DigitalOceanPAT() *config.Rule {
 	r := config.Rule{
 		Description: "DigitalOcean Personal Access Token",
 		RuleID:      "digitalocean-pat",
-		SecretGroup: 1,
 		Regex:       generateUniqueTokenRegex(`dop_v1_[a-f0-9]{64}`, true),
 		Keywords:    []string{"dop_v1_"},
 	}
@@ -24,9 +23,9 @@ func DigitalOceanOAuthToken() *config.Rule {
 	r := config.Rule{
 		Description: "DigitalOcean OAuth Access Token",
 		RuleID:      "digitalocean-access-token",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`, true),
-		Keywords:    []string{"doo_v1_"},
+
+		Regex:    generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`, true),
+		Keywords: []string{"doo_v1_"},
 	}
 
 	tps := []string{
@@ -39,9 +38,9 @@ func DigitalOceanRefreshToken() *config.Rule {
 	r := config.Rule{
 		Description: "DigitalOcean OAuth Refresh Token",
 		RuleID:      "digitalocean-refresh-token",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`, true),
-		Keywords:    []string{"dor_v1_"},
+
+		Regex:    generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`, true),
+		Keywords: []string{"dor_v1_"},
 	}
 
 	tps := []string{

cmd/generate/config/rules/discord.go

@@ -11,7 +11,6 @@ func DiscordAPIToken() *config.Rule {
 		Description: "Discord API key",
 		RuleID:      "discord-api-token",
 		Regex:       generateSemiGenericRegex([]string{"discord"}, hex("64"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
@@ -28,7 +27,6 @@ func DiscordClientID() *config.Rule {
 		Description: "Discord client ID",
 		RuleID:      "discord-client-id",
 		Regex:       generateSemiGenericRegex([]string{"discord"}, numeric("18"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
@@ -45,7 +43,6 @@ func DiscordClientSecret() *config.Rule {
 		Description: "Discord client secret",
 		RuleID:      "discord-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"discord"}, alphaNumericExtended("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 

cmd/generate/config/rules/droneci.go

@@ -11,7 +11,7 @@ func DroneciAccessToken() *config.Rule {
 		RuleID:      "droneci-access-token",
 		Description: "Droneci Access Token",
 		Regex:       generateSemiGenericRegex([]string{"droneci"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"droneci",
 		},

cmd/generate/config/rules/dropbox.go

@@ -11,8 +11,8 @@ func DropBoxAPISecret() *config.Rule {
 		Description: "Dropbox API secret",
 		RuleID:      "dropbox-api-token",
 		Regex:       generateSemiGenericRegex([]string{"dropbox"}, alphaNumeric("15"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"dropbox"},
+
+		Keywords: []string{"dropbox"},
 	}
 
 	// validate

cmd/generate/config/rules/etsy.go

@@ -11,7 +11,7 @@ func EtsyAccessToken() *config.Rule {
 		RuleID:      "etsy-access-token",
 		Description: "Etsy Access Token",
 		Regex:       generateSemiGenericRegex([]string{"etsy"}, alphaNumeric("24"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"etsy",
 		},

cmd/generate/config/rules/facebook.go

@@ -11,8 +11,8 @@ func Facebook() *config.Rule {
 		Description: "Facebook Access Token",
 		RuleID:      "facebook",
 		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"facebook"},
+
+		Keywords: []string{"facebook"},
 	}
 
 	// validate

cmd/generate/config/rules/fastly.go

@@ -11,8 +11,8 @@ func FastlyAPIToken() *config.Rule {
 		Description: "Fastly API key",
 		RuleID:      "fastly-api-token",
 		Regex:       generateSemiGenericRegex([]string{"fastly"}, alphaNumericExtended("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"fastly"},
+
+		Keywords: []string{"fastly"},
 	}
 
 	// validate

cmd/generate/config/rules/finicity.go

@@ -11,8 +11,8 @@ func FinicityClientSecret() *config.Rule {
 		Description: "Finicity Client Secret",
 		RuleID:      "finicity-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"finicity"}, alphaNumeric("20"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"finicity"},
+
+		Keywords: []string{"finicity"},
 	}
 
 	// validate
@@ -28,8 +28,8 @@ func FinicityAPIToken() *config.Rule {
 		Description: "Finicity API token",
 		RuleID:      "finicity-api-token",
 		Regex:       generateSemiGenericRegex([]string{"finicity"}, hex("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"finicity"},
+
+		Keywords: []string{"finicity"},
 	}
 
 	// validate

cmd/generate/config/rules/finnhub.go

@@ -11,7 +11,7 @@ func FinnhubAccessToken() *config.Rule {
 		RuleID:      "finnhub-access-token",
 		Description: "Finnhub Access Token",
 		Regex:       generateSemiGenericRegex([]string{"finnhub"}, alphaNumeric("20"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"finnhub",
 		},

cmd/generate/config/rules/flickr.go

@@ -11,7 +11,7 @@ func FlickrAccessToken() *config.Rule {
 		RuleID:      "flickr-access-token",
 		Description: "Flickr Access Token",
 		Regex:       generateSemiGenericRegex([]string{"flickr"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"flickr",
 		},

cmd/generate/config/rules/freshbooks.go

@@ -11,7 +11,7 @@ func FreshbooksAccessToken() *config.Rule {
 		RuleID:      "freshbooks-access-token",
 		Description: "Freshbooks Access Token",
 		Regex:       generateSemiGenericRegex([]string{"freshbooks"}, alphaNumeric("64"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"freshbooks",
 		},

cmd/generate/config/rules/gcp.go

@@ -30,7 +30,7 @@ func GCPAPIKey() *config.Rule {
 		RuleID:      "gcp-api-key",
 		Description: "GCP API key",
 		Regex:       generateUniqueTokenRegex(`AIza[0-9A-Za-z\\-_]{35}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"AIza",
 		},

cmd/generate/config/rules/generic.go

@@ -20,7 +20,6 @@ func GenericCredential() *config.Rule {
 			"auth",
 			"access",
 		}, `[0-9a-z\-_.=]{10,150}`, true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"key",
 			"api",

cmd/generate/config/rules/gitter.go

@@ -12,7 +12,7 @@ func GitterAccessToken() *config.Rule {
 		Description: "Gitter Access Token",
 		Regex: generateSemiGenericRegex([]string{"gitter"},
 			alphaNumericExtendedShort("40"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"gitter",
 		},

cmd/generate/config/rules/gocardless.go

@@ -11,7 +11,7 @@ func GoCardless() *config.Rule {
 		RuleID:      "gocardless-api-token",
 		Description: "GoCardless API token",
 		Regex:       generateSemiGenericRegex([]string{"gocardless"}, `live_(?i)[a-z0-9\-_=]{40}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"live_",
 			"gocardless",