Update stripe rule to not alert on publishable keys (#1320)

* Update stripe rule to not alert on publishable keys * run go gen --------- Co-authored-by: Erin Browning <ebrowning@makenotion.com> Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
gitleaks · Jan 31, 2024 · afe046b · afe046b
1 parent 8b8920d
commit afe046b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/cmd/generate/config/rules/stripe.go b/cmd/generate/config/rules/stripe.go
@@ -10,12 +10,10 @@ func StripeAccessToken() *config.Rule {
 	r := config.Rule{
 		Description: "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data.",
 		RuleID:      "stripe-access-token",
-		Regex:       generateUniqueTokenRegex(`(sk|pk)_(test|live)_[0-9a-z]{10,32}`, true),
+		Regex:       generateUniqueTokenRegex(`(sk)_(test|live)_[0-9a-z]{10,32}`, true),
 		Keywords: []string{
 			"sk_test",
-			"pk_test",
 			"sk_live",
-			"pk_live",
 		},
 	}
 

diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2688,9 +2688,9 @@ keywords = [
 [[rules]]
 id = "stripe-access-token"
 description = "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."
-regex = '''(?i)\b((sk|pk)_(test|live)_[0-9a-z]{10,32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+regex = '''(?i)\b((sk)_(test|live)_[0-9a-z]{10,32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 keywords = [
-    "sk_test","pk_test","sk_live","pk_live",
+    "sk_test","sk_live",
 ]
 
 [[rules]]