Add additional rule examples; reformat one rule

praetorian-inc · Oct 18, 2023 · 3a10d70 · 3a10d70
1 parent 79b9a9e
commit 3a10d70
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/crates/noseyparker/data/default/rules/aws.yml b/crates/noseyparker/data/default/rules/aws.yml
@@ -26,7 +26,17 @@ rules:
 - name: AWS Secret Access Key
   id: np.aws.2
 
-  pattern: '(?i)\baws_?(?:secret)?_?(?:access)?_?(?:key)?["'']?\s{0,30}(?::|=>|=)\s{0,30}["'']?([a-z0-9/+=]{40})\b'
+  pattern: |
+    (?x)(?i)
+    \b
+    aws_? (?:secret)? _? (?:access)? _? (?:key)?
+    ["'']?
+    \s{0,30}
+    (?::|=>|=)
+    \s{0,30}
+    ["'']?
+    ([a-z0-9/+=]{40})
+    \b
 
   references:
   - https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
@@ -39,10 +49,11 @@ rules:
   - 'aws_secret_access_key => aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
 
   negative_examples:
+  - 'export AWS_SECRET_ACCESS_KEY=ded7db27a4558e2ea9bbf0bf36ae0e8521618f366c'
   - '"aws_secret_access_key" =  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaend'
   - '"aws_secret_access_key" =  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaendbbbbbbb'
   - '"aws_sEcReT_key"  =  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaend'
-  # FIXME: modify the pattern to detect cases like this
+  # FIXME: modify the pattern to detect cases like the following
   - 'aws_secret_key: OOzkR1+hF+1ABCsIFDJMEUtqmtnZ1234567890'
   - '======================'
   - '//////////////////////'

diff --git a/crates/noseyparker/data/default/rules/facebook.yml b/crates/noseyparker/data/default/rules/facebook.yml
@@ -21,6 +21,10 @@ rules:
   - "    var fbApiKey = '0278fc1adf6dc1d82a156f306ce2c5cc';"
   - '     fbApiKey:            "171e84fd57f430fc59afa8fad3dbda2a",'
 
+  negative_examples:
+  # XXX would be nice if the following matched
+  - '\"fbconnectkey\";s:32:\"8f52d1586bd18a18e152289b00ed7d29\";'
+
 
 - name: Facebook Access Token
   id: np.facebook.2

diff --git a/crates/noseyparker/data/default/rules/twitter.yml b/crates/noseyparker/data/default/rules/twitter.yml
@@ -43,3 +43,11 @@ rules:
   - |
       # TWITTER_API_KEY = 'UZYoBAfBzNace3mBwPOGYw'
       # TWITTER_API_SECRET = 'ngHaeaRPKA5BDQNXace3LWA1PvTA1kBGDaAJmc517E'
+
+  # XXX It would be nice if this actually matched
+  negative_examples:
+  - |
+      Twitter(auth=OAuth('MjuHWoGbzYmJv3ZuHaBvSENfyevu00NQuBc40VM',
+                         'anJLBCOALCXl7aXeybmNA5oae9E03Cm23cKNMLaScuXwk',
+                         'kl3E14NQx84qxO1dy247V0b2W',
+                         '5VFVXVMq9bDJzFAKPfWOiYmJZin2F7YLhSfoyLBXf6Bc9ngX3g'))