From 254cf885154e40aa055e983b7e622a04434d2498 Mon Sep 17 00:00:00 2001 From: Andras Gemes Date: Tue, 19 Dec 2023 20:30:28 +0100 Subject: [PATCH] Add Dropbox Access Token rule (#108) Co-authored-by: Brad Larsen --- CHANGELOG.md | 1 + README.md | 2 +- ...parker__rules__rules_check_builtins-2.snap | 2 +- ...noseyparker__rules__rules_list_json-2.snap | 6 +++++- ...seyparker__rules__rules_list_noargs-2.snap | 3 ++- .../data/default/builtin/rules/dropbox.yml | 20 +++++++++++++++++++ .../data/default/builtin/rulesets/default.yml | 1 + 7 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 crates/noseyparker/data/default/builtin/rules/dropbox.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 06bc7f53f..83d2abb5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - New rules have been added: - Docker Hub Personal Access Token + - Dropbox Access Token - WireGuard Private Key - WireGuard Preshared Key diff --git a/README.md b/README.md index a1b296be6..a0dd626f8 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Nosey Parker is a command-line tool that finds secrets and sensitive information **Key features:** - It supports scanning files, directories, and the entire history of Git repositories -- It uses regular expression matching with a set of 117 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements +- It uses regular expression matching with a set of 118 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements - It groups matches together that share the same secret, further emphasizing signal over noise - It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 2 minutes on an older MacBook Pro diff --git a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap index 843241a5c..1b5ac4481 100644 --- a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap +++ b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap @@ -2,5 +2,5 @@ source: crates/noseyparker-cli/tests/rules/mod.rs expression: stdout --- -117 rules and 3 rulesets: no issues detected +118 rules and 3 rulesets: no issues detected diff --git a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap index 4351e80c1..09390ef4a 100644 --- a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap +++ b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap @@ -76,6 +76,10 @@ expression: stdout "id": "np.dockerhub.1", "name": "Docker Hub Personal Access Token" }, + { + "id": "np.dropbox.1", + "name": "Dropbox Access Token" + }, { "id": "np.dtrack.1", "name": "Dependency-Track API Key" @@ -477,7 +481,7 @@ expression: stdout { "id": "default", "name": "Nosey Parker default rules", - "num_rules": 97 + "num_rules": 98 }, { "id": "np.assets", diff --git a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap index 096335c9e..9a1bd0cd6 100644 --- a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap +++ b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap @@ -23,6 +23,7 @@ expression: stdout np.digitalocean.2 DigitalOcean Personal Access Token np.digitalocean.3 DigitalOcean Refresh Token np.dockerhub.1 Docker Hub Personal Access Token + np.dropbox.1 Dropbox Access Token np.dtrack.1 Dependency-Track API Key np.dynatrace.1 Dynatrace Token np.facebook.1 Facebook Secret Key @@ -125,7 +126,7 @@ expression: stdout Ruleset ID Ruleset Name Rules ───────────────────────────────────────────────────────── - default Nosey Parker default rules 97 + default Nosey Parker default rules 98 np.assets Nosey Parker asset detection rules 15 np.hashes Nosey Parker password hash rules 5 diff --git a/crates/noseyparker/data/default/builtin/rules/dropbox.yml b/crates/noseyparker/data/default/builtin/rules/dropbox.yml new file mode 100644 index 000000000..0d120ba1c --- /dev/null +++ b/crates/noseyparker/data/default/builtin/rules/dropbox.yml @@ -0,0 +1,20 @@ +rules: + +- name: Dropbox Access Token + id: np.dropbox.1 + + pattern: | + (?x) + \b + (sl\.[a-zA-Z0-9_-]{130,152}) + (?: $ | [^a-zA-Z0-9_-] ) + + examples: + - 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"' + # this one comes from dropbox example documentation; ends with a `-` + - ' "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",' + + references: + - https://developers.dropbox.com/oauth-guide + - https://www.dropbox.com/developers/ + - https://www.dropbox.com/developers/documentation/http/documentation diff --git a/crates/noseyparker/data/default/builtin/rulesets/default.yml b/crates/noseyparker/data/default/builtin/rulesets/default.yml index b287a4838..2bde94533 100644 --- a/crates/noseyparker/data/default/builtin/rulesets/default.yml +++ b/crates/noseyparker/data/default/builtin/rulesets/default.yml @@ -30,6 +30,7 @@ rulesets: - np.digitalocean.2 # DigitalOcean Personal Access Token - np.digitalocean.3 # DigitalOcean Refresh Token - np.dockerhub.1 # Docker Hub Personal Access Token + - np.dropbox.1 # Dropbox Access Token - np.dynatrace.1 # Dynatrace Token - np.facebook.1 # Facebook Secret Key - np.facebook.2 # Facebook Access Token