Add Dropbox Access Token rule (#108)

Co-authored-by: Brad Larsen <brad@bradfordlarsen.com>
praetorian-inc · Dec 19, 2023 · 254cf88 · 254cf88
1 parent 48a04f7
commit 254cf88
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - New rules have been added:
 
   - Docker Hub Personal Access Token
+  - Dropbox Access Token
   - WireGuard Private Key
   - WireGuard Preshared Key
 

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ Nosey Parker is a command-line tool that finds secrets and sensitive information
 
 **Key features:**
 - It supports scanning files, directories, and the entire history of Git repositories
-- It uses regular expression matching with a set of 117 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
+- It uses regular expression matching with a set of 118 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
 - It groups matches together that share the same secret, further emphasizing signal over noise
 - It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 2 minutes on an older MacBook Pro
 

diff --git a/...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap b/...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap
@@ -2,5 +2,5 @@
 source: crates/noseyparker-cli/tests/rules/mod.rs
 expression: stdout
 ---
-117 rules and 3 rulesets: no issues detected
+118 rules and 3 rulesets: no issues detected
 
diff --git a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap
@@ -76,6 +76,10 @@ expression: stdout
       "id": "np.dockerhub.1",
       "name": "Docker Hub Personal Access Token"
     },
+    {
+      "id": "np.dropbox.1",
+      "name": "Dropbox Access Token"
+    },
     {
       "id": "np.dtrack.1",
       "name": "Dependency-Track API Key"
@@ -477,7 +481,7 @@ expression: stdout
     {
       "id": "default",
       "name": "Nosey Parker default rules",
-      "num_rules": 97
+      "num_rules": 98
     },
     {
       "id": "np.assets",

diff --git a/...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap b/...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap
@@ -23,6 +23,7 @@ expression: stdout
  np.digitalocean.2   DigitalOcean Personal Access Token 
  np.digitalocean.3   DigitalOcean Refresh Token 
  np.dockerhub.1      Docker Hub Personal Access Token 
+ np.dropbox.1        Dropbox Access Token 
  np.dtrack.1         Dependency-Track API Key 
  np.dynatrace.1      Dynatrace Token 
  np.facebook.1       Facebook Secret Key 
@@ -125,7 +126,7 @@ expression: stdout
 
  Ruleset ID   Ruleset Name                         Rules 
 ─────────────────────────────────────────────────────────
- default      Nosey Parker default rules              97 
+ default      Nosey Parker default rules              98 
  np.assets    Nosey Parker asset detection rules      15 
  np.hashes    Nosey Parker password hash rules         5 
 
diff --git a/crates/noseyparker/data/default/builtin/rules/dropbox.yml b/crates/noseyparker/data/default/builtin/rules/dropbox.yml
@@ -0,0 +1,20 @@
+rules:
+
+- name: Dropbox Access Token
+  id: np.dropbox.1
+
+  pattern: |
+    (?x)
+    \b
+    (sl\.[a-zA-Z0-9_-]{130,152})
+    (?: $ | [^a-zA-Z0-9_-] )
+
+  examples:
+  - 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"'
+  # this one comes from dropbox example documentation; ends with a `-`
+  - '  "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",'
+
+  references:
+  - https://developers.dropbox.com/oauth-guide
+  - https://www.dropbox.com/developers/
+  - https://www.dropbox.com/developers/documentation/http/documentation
diff --git a/crates/noseyparker/data/default/builtin/rulesets/default.yml b/crates/noseyparker/data/default/builtin/rulesets/default.yml
@@ -30,6 +30,7 @@ rulesets:
   - np.digitalocean.2 # DigitalOcean Personal Access Token
   - np.digitalocean.3 # DigitalOcean Refresh Token
   - np.dockerhub.1    # Docker Hub Personal Access Token
+  - np.dropbox.1      # Dropbox Access Token
   - np.dynatrace.1    # Dynatrace Token
   - np.facebook.1     # Facebook Secret Key
   - np.facebook.2     # Facebook Access Token