Summary

Is there any way to reproduce the entropy property of gitleaks using only regular expressions?

Or is there a ruleset in secretlint that is equivalent to the generic-api-keys rule in gitleaks?

Background of the question

I am now trying to migrate from gitleaks to secretlint.

I was able to migrate the regular expression, but I am unable to reproduce the contents of the entropy property of gitleaks, so I get errors even in areas that are not secret.

Specifically, the contents of the generic-api-keys rule in gitleaks.toml were described in .secretlintrc.json according to the @secretlint-rule-pattern format.

gitleaks.toml:

[[rules]]
id = "generic-api-key"
description = "Generic API Key"
regex = '''(?i)((key|api[^Version]|token|secret|password|auth)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
entropy = 3.7
secretGroup = 4
keywords = [
    "key",
    "api",
    "token",
    "secret",
    "password",
    "auth",
]

to

.secretlintrc.json:

{
  "rules": [
    {
      "id": "@secretlint/secretlint-rule-pattern",
      "options": {
        "patterns": [
          {
            "name": "Generic API key",
            "pattern": "/((key|api[^Version]|token|secret|password|auth)[a-z0-9_ .,-]{0,25})(=|>|:=|||:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z_=-]{8,64})['\"]/i"
          }
        ]
      }
    }
  ]
}

No, curretly.
Entropy-mechanism will make false-positve and It conflict with secretlint's Philosophy.

I will not implement entropy into recommened preset or core.
It free to imlement entropy as plugin/rule.
@secretlint/secretlint-rule-pattern might have to support entopy-like mecanism.

📝 Previously I've implemented regexp patterns in webextension.
It will be false-positive, but it is just warning.
https://github.com/secretlint/webextension/blob/main/app/scripts/secretlint/rule.patterns.ts