feat: add Airtable Personnal Access Token detection (gitleaks#1952)

Author: sgaist

cmd/generate/config/main.go

@@ -31,7 +31,8 @@ func main() {
 		rules.AdobeClientID(),
 		rules.AdobeClientSecret(),
 		rules.AgeSecretKey(),
-		rules.Airtable(),
+		rules.AirtableApiKey(),
+		rules.AirtablePersonalAccessToken(),
 		rules.AlgoliaApiKey(),
 		rules.AlibabaAccessKey(),
 		rules.AlibabaSecretKey(),

cmd/generate/config/rules/airtable.go

@@ -1,12 +1,14 @@
 package rules
 
 import (
+	"regexp"
+
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
-func Airtable() *config.Rule {
+func AirtableApiKey() *config.Rule {
 	// define rule
 	r := config.Rule{
 		Description: "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration.",
@@ -19,3 +21,17 @@ func Airtable() *config.Rule {
 	tps := utils.GenerateSampleSecrets("airtable", secrets.NewSecret(utils.AlphaNumeric("17")))
 	return utils.Validate(r, tps, nil)
 }
+
+func AirtablePersonalAccessToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Uncovered a possible Airtable Personal AccessToken, potentially compromising database access and leading to data leakage or alteration.",
+		RuleID:      "airtable-personnal-access-token",
+		Regex:       regexp.MustCompile(`\b(pat[[:alnum:]]{14}\.[a-f0-9]{64})\b`),
+		Keywords:    []string{"airtable"},
+	}
+
+	// validate
+	tps := utils.GenerateSampleSecrets("airtable", "pat"+secrets.NewSecret(utils.AlphaNumeric("14")+"\\."+utils.Hex("64")))
+	return utils.Validate(r, tps, nil)
+}

config/gitleaks.toml

@@ -114,6 +114,12 @@ description = "Uncovered a possible Airtable API Key, potentially compromising d
 regex = '''(?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{17})(?:[\x60'"\s;]|\\[nr]|$)'''
 keywords = ["airtable"]
 
+[[rules]]
+id = "airtable-personnal-access-token"
+description = "Uncovered a possible Airtable Personal AccessToken, potentially compromising database access and leading to data leakage or alteration."
+regex = '''\b(pat[[:alnum:]]{14}\.[a-f0-9]{64})\b'''
+keywords = ["airtable"]
+
 [[rules]]
 id = "algolia-api-key"
 description = "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms."