updated script for rules-update on running updateAllscript

.gitleaks.toml

@@ -16,15 +16,14 @@ paths = [
 
 [[rules]]
 id = "ethereum-private-key"
-description = "Detected Ethereum/EVM private key (64 hex chars)"
-regex = '''(?:0x)?[a-fA-F0-9]{64}'''
-entropy = 4.0
+description = "Ethereum private key (exact 64 hex chars, standalone)"
+regex = '''(^|[^a-fA-F0-9])(0x)?[a-fA-F0-9]{64}([^a-fA-F0-9]|$)'''
 tags = ["crypto", "evm", "ethereum", "private-key"]
 
 [[rules]]
 id = "bitcoin-wif-private-key"
 description = "Detected Bitcoin WIF private key"
-regex = '''[5KL][1-9A-HJ-NP-Za-km-z]{50,51}'''
+regex = '''\b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b'''
 entropy = 3.5
 tags = ["crypto", "bitcoin", "private-key"]
 
@@ -38,7 +37,7 @@ tags = ["crypto", "solana", "private-key"]
 [[rules]]
 id = "tezos-private-key"
 description = "Detected Tezos private key"
-regex = '''(edsk|spsk|p2sk)[1-9A-HJ-NP-Za-km-z]{50,100}'''
+regex = '''\b(edsk[1-9A-HJ-NP-Za-km-z]{50}|edsk[1-9A-HJ-NP-Za-km-z]{94}|spsk[1-9A-HJ-NP-Za-km-z]{50}|p2sk[1-9A-HJ-NP-Za-km-z]{50})\b'''
 entropy = 3.5
 keywords = ["edsk", "spsk", "p2sk"]
 tags = ["crypto", "tezos", "private-key"]

update-all-repos.ps1

@@ -32,9 +32,47 @@ if (-not (Test-Path (Join-Path $TEMPLATE_HOOKS "pre-commit"))) {
     exit 1
 }
 
+# Function to sync global gitleaks config from repository
+function Sync-GlobalConfig {
+    $scriptDir = Split-Path -Parent $PSCommandPath
+    $sourceConfig = Join-Path $scriptDir ".gitleaks.toml"
+    $configDir = Join-Path $env:USERPROFILE ".config\gitleaks"
+    $targetConfig = Join-Path $configDir "gitleaks.toml"
+
+    # Check if source config exists
+    if (-not (Test-Path $sourceConfig)) {
+        Write-Warn "Source config not found: $sourceConfig"
+        Write-Host "  Skipping config sync" -ForegroundColor Gray
+        return $false
+    }
+
+    # Create config directory if it doesn't exist
+    try {
+        New-Item -ItemType Directory -Path $configDir -Force -ErrorAction Stop | Out-Null
+    } catch {
+        Write-Fail "Failed to create config directory: $configDir"
+        return $false
+    }
+
+    # Copy the config file
+    try {
+        Copy-Item -Path $sourceConfig -Destination $targetConfig -Force -ErrorAction Stop
+        Write-Ok "Synced global config: $targetConfig"
+        return $true
+    } catch {
+        Write-Fail "Failed to sync config to: $targetConfig"
+        return $false
+    }
+}
+
 $preCommitSrc = Join-Path $TEMPLATE_HOOKS "pre-commit"
 $commitMsgSrc = Join-Path $TEMPLATE_HOOKS "commit-msg"
 
+# Sync global gitleaks config from repository
+Write-Step "Syncing global gitleaks configuration..."
+Sync-GlobalConfig | Out-Null
+Write-Host ""
+
 # No path given = scan all local fixed drives (C:\, D:\, E:\, etc.)
 if ($TargetPaths.Count -eq 0) {
     # Use .Name (e.g. "C:") to avoid null .Root on some Windows setups

update-all-repos.sh

@@ -70,6 +70,43 @@ if [ ! -d "$TEMPLATE_DIR/hooks" ]; then
     exit 1
 fi
 
+# Function to sync global gitleaks config from repository
+function sync_global_config {
+  # Determine the script directory (where .gitleaks.toml should be)
+  local script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+  local source_config="$script_dir/.gitleaks.toml"
+
+  # Determine the target config directory (handle sudo case)
+  local config_dir="$HOME/.config/gitleaks"
+  if [ -n "$SUDO_USER" ]; then
+    config_dir=$(eval echo ~$SUDO_USER)/.config/gitleaks
+  fi
+  local target_config="$config_dir/gitleaks.toml"
+
+  # Check if source config exists
+  if [ ! -f "$source_config" ]; then
+    echo -e "${WARNING}⚠${NORMAL}  Warning: Source config not found: $source_config"
+    echo -e "${HIGHLIGHT}→${NORMAL} Skipping config sync"
+    return 1
+  fi
+
+  # Create config directory if it doesn't exist
+  mkdir -p "$config_dir" 2>/dev/null || {
+    echo -e "${ERROR}✗${NORMAL} Failed to create config directory: $config_dir"
+    return 1
+  }
+
+  # Copy the config file
+  if cp "$source_config" "$target_config" 2>/dev/null; then
+    echo -e "${SUCCESS}✓${NORMAL} Synced global config: $target_config"
+    return 0
+  else
+    echo -e "${ERROR}✗${NORMAL} Failed to sync config to: $target_config"
+    return 1
+  fi
+}
+
+
 # Function to check if gitleaks is already in a file
 function has_gitleaks {
   local file="$1"
@@ -473,6 +510,11 @@ if [ "$EUID" -eq 0 ]; then
   echo ""
 fi
 
+# Sync global gitleaks config from repository
+echo -e "${HIGHLIGHT}Syncing global gitleaks configuration...${NORMAL}"
+sync_global_config
+echo ""
+
 if [ "$#" -eq 0 ]; then
   # No arguments provided - use smart defaults
   echo -e "${HIGHLIGHT}No directory specified - using smart detection${NORMAL}\n"