Adding a rule for Databricks Personal Access Token detection (#187)

* Adding Databricks PAT rule * Adding Databricks PAT to default ruleset * Retrain tests for new rule * Update CHANGELOG * Tune Databricks rule for higher signal --------- Co-authored-by: Brad Larsen <bradford.larsen@praetorian.com>
praetorian-inc · May 17, 2024 · ba0fee6 · ba0fee6
1 parent b036422
commit ba0fee6
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -28,6 +28,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - New rules have been added:
 
   - AWS AppSync API Key ([#176](https://github.com/praetorian-inc/noseyparker/pull/176))
+  - Databricks Personal Access Token ([#187](https://github.com/praetorian-inc/noseyparker/pull/187) from @@tobiasgyoerfi)
   - Password Hash (Kerberos 5, etype 23, AS-REP) ([#176](https://github.com/praetorian-inc/noseyparker/pull/176))
 
 ### Changes

diff --git a/...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap b/...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap
@@ -2,4 +2,4 @@
 source: crates/noseyparker-cli/tests/rules/mod.rs
 expression: stdout
 ---
-141 rules and 3 rulesets: no issues detected
+142 rules and 3 rulesets: no issues detected
diff --git a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap
@@ -478,6 +478,26 @@ expression: stdout
         ]
       }
     },
+    {
+      "id": "np.databricks.1",
+      "structural_id": "652e0e0655c34bb2f8cb9252540f7305f0aaa006",
+      "name": "Databricks Personal Access Token",
+      "syntax": {
+        "name": "Databricks Personal Access Token",
+        "id": "np.databricks.1",
+        "pattern": "(?x)\n\\b\n(\n  dapi[a-f0-9]{32}\n  (?: -[0-9]+ )?      (?# optional -NUM suffix )\n)\n\\b\n",
+        "examples": [
+          "DATABRICKS_TOKEN: 'dapicd295a7be286969133e18a58e4afe7bd-3'",
+          "dapif21ee53d2b3648c2a1ed38953312a203"
+        ],
+        "negative_examples": [
+          "    dapiDataGetTopLongShortPositionRatio (params?: {}): Promise<implicitReturnType>;"
+        ],
+        "references": [
+          "https://docs.databricks.com/en/dev-tools/auth/pat.html"
+        ]
+      }
+    },
     {
       "id": "np.digitalocean.1",
       "structural_id": "f43e1590624961d1a9984818101cb6a91ca00081",
@@ -2822,7 +2842,7 @@ expression: stdout
     {
       "id": "default",
       "name": "Nosey Parker default rules",
-      "num_rules": 120
+      "num_rules": 121
     },
     {
       "id": "np.assets",

diff --git a/...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap b/...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap
@@ -27,6 +27,7 @@ expression: stdout
  np.blynk.7           Blynk Organization Client Secret (URL last) 
  np.codeclimate.1     CodeClimate Reporter ID 
  np.cratesio.1        crates.io API Key 
+ np.databricks.1      Databricks Personal Access Token 
  np.digitalocean.1    DigitalOcean Application Access Token 
  np.digitalocean.2    DigitalOcean Personal Access Token 
  np.digitalocean.3    DigitalOcean Refresh Token 
@@ -148,6 +149,6 @@ expression: stdout
 
  Ruleset ID   Ruleset Name                         Rules 
 ─────────────────────────────────────────────────────────
- default      Nosey Parker default rules             120 
+ default      Nosey Parker default rules             121 
  np.assets    Nosey Parker asset detection rules      15 
  np.hashes    Nosey Parker password hash rules         6
diff --git a/crates/noseyparker/data/default/builtin/rules/databricks.yml b/crates/noseyparker/data/default/builtin/rules/databricks.yml
@@ -0,0 +1,22 @@
+rules:
+
+- name: Databricks Personal Access Token
+  id: np.databricks.1
+  pattern: |
+    (?x)
+    \b
+    (
+      dapi[a-f0-9]{32}
+      (?: -[0-9]+ )?      (?# optional -NUM suffix )
+    )
+    \b
+
+  references:
+  - https://docs.databricks.com/en/dev-tools/auth/pat.html
+
+  examples:
+  - "DATABRICKS_TOKEN: 'dapicd295a7be286969133e18a58e4afe7bd-3'"
+  - "dapif21ee53d2b3648c2a1ed38953312a203"
+
+  negative_examples:
+  - "    dapiDataGetTopLongShortPositionRatio (params?: {}): Promise<implicitReturnType>;"
diff --git a/crates/noseyparker/data/default/builtin/rulesets/default.yml b/crates/noseyparker/data/default/builtin/rulesets/default.yml
@@ -34,6 +34,7 @@ rulesets:
   - np.blynk.7        # Blynk Organization Client Secret (URL last)
   - np.codeclimate.1  # CodeClimate
   - np.cratesio.1     # crates.io API Key
+  - np.databricks.1   # Databricks Personal Access Token
   - np.dtrack.1       # Dependency-Track API Key
   - np.digitalocean.1 # DigitalOcean Application Access Token
   - np.digitalocean.2 # DigitalOcean Personal Access Token