From 7dc9ba40a793520eefb44e26325d866cbab30a21 Mon Sep 17 00:00:00 2001
From: Becojo <Becojo@users.noreply.github.com>
Date: Wed, 14 Jun 2023 10:02:37 -0400
Subject: [PATCH] Add detection for OpenAI API keys (#1148)

* Add detection for OpenAI API keys

* Remove `sk-` keyword
---
 cmd/generate/config/main.go         |  1 +
 cmd/generate/config/rules/openai.go | 25 +++++++++++++++++++++++++
 config/gitleaks.toml                |  9 +++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 cmd/generate/config/rules/openai.go

diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
index ae32e6d34..aa3aceb1e 100644
--- a/cmd/generate/config/main.go
+++ b/cmd/generate/config/main.go
@@ -116,6 +116,7 @@ func main() {
 	configRules = append(configRules, rules.NPM())
 	configRules = append(configRules, rules.NytimesAccessToken())
 	configRules = append(configRules, rules.OktaAccessToken())
+	configRules = append(configRules, rules.OpenAI())
 	configRules = append(configRules, rules.PlaidAccessID())
 	configRules = append(configRules, rules.PlaidSecretKey())
 	configRules = append(configRules, rules.PlaidAccessToken())
diff --git a/cmd/generate/config/rules/openai.go b/cmd/generate/config/rules/openai.go
new file mode 100644
index 000000000..464e67747
--- /dev/null
+++ b/cmd/generate/config/rules/openai.go
@@ -0,0 +1,25 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func OpenAI() *config.Rule {
+	// define rule
+	r := config.Rule{
+		RuleID:      "openai-api-key",
+		Description: "OpenAI API Key",
+		Regex:       generateUniqueTokenRegex(`sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20}`),
+		SecretGroup: 1,
+		Keywords: []string{
+			"T3BlbkFJ",
+		},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("openaiApiKey", "sk-"+secrets.NewSecret(alphaNumeric("20"))+"T3BlbkFJ"+secrets.NewSecret(alphaNumeric("20"))),
+	}
+	return validate(r, tps, nil)
+}
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
index f3de6e96f..427f76c2b 100644
--- a/config/gitleaks.toml
+++ b/config/gitleaks.toml
@@ -2371,6 +2371,15 @@ keywords = [
     "okta",
 ]
 
+[[rules]]
+description = "OpenAI API Key"
+id = "openai-api-key"
+regex = '''(?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "sk-","t3blbkfj",
+]
+
 [[rules]]
 description = "Plaid API Token"
 id = "plaid-api-token"