Add particle.io rules (#113)

praetorian-inc · Jan 7, 2024 · f62b357 · f62b357
1 parent 699b162
commit f62b357
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
   - Doppler SCIM Token ([#111](https://github.com/praetorian-inc/noseyparker/pull/111))
   - Doppler Audit Token ([#111](https://github.com/praetorian-inc/noseyparker/pull/111))
   - Dropbox Access Token ([#106](https://github.com/praetorian-inc/noseyparker/pull/106))
+  - particle.io Access Token (URL first) ([#112](https://github.com/praetorian-inc/noseyparker/pull/113))
+  - particle.io Access Token (URL last) ([#112](https://github.com/praetorian-inc/noseyparker/pull/113))
   - ThingsBoard Access Token ([#112](https://github.com/praetorian-inc/noseyparker/pull/112))
   - ThingsBoard Provision Device Key ([#112](https://github.com/praetorian-inc/noseyparker/pull/112))
   - ThingsBoard Provision Device Secret ([#112](https://github.com/praetorian-inc/noseyparker/pull/112))

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ Nosey Parker is a command-line tool that finds secrets and sensitive information
 
 **Key features:**
 - It supports scanning files, directories, and the entire history of Git repositories
-- It uses regular expression matching with a set of 129 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
+- It uses regular expression matching with a set of 131 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
 - It groups matches together that share the same secret, further emphasizing signal over noise
 - It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 2 minutes on an older MacBook Pro
 

diff --git a/...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap b/...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap
@@ -2,5 +2,5 @@
 source: crates/noseyparker-cli/tests/rules/mod.rs
 expression: stdout
 ---
-129 rules and 3 rulesets: no issues detected
+131 rules and 3 rulesets: no issues detected
 
diff --git a/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap b/crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap
@@ -340,6 +340,14 @@ expression: stdout
       "id": "np.openai.1",
       "name": "OpenAI API Key"
     },
+    {
+      "id": "np.particleio.1",
+      "name": "particle.io Access Token (URL first)"
+    },
+    {
+      "id": "np.particleio.2",
+      "name": "particle.io Access Token (URL last)"
+    },
     {
       "id": "np.pem.1",
       "name": "PEM-Encoded Private Key"
@@ -525,7 +533,7 @@ expression: stdout
     {
       "id": "default",
       "name": "Nosey Parker default rules",
-      "num_rules": 109
+      "num_rules": 111
     },
     {
       "id": "np.assets",

diff --git a/...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap b/...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap
@@ -89,6 +89,8 @@ expression: stdout
  np.odbc.1           Credentials in ODBC Connection String 
  np.okta.1           Okta API Token 
  np.openai.1         OpenAI API Key 
+ np.particleio.1     particle.io Access Token (URL first) 
+ np.particleio.2     particle.io Access Token (URL last) 
  np.pem.1            PEM-Encoded Private Key 
  np.postman.1        Postman API Key 
  np.psexec.1         Credentials in PsExec 
@@ -137,7 +139,7 @@ expression: stdout
 
  Ruleset ID   Ruleset Name                         Rules 
 ─────────────────────────────────────────────────────────
- default      Nosey Parker default rules             109 
+ default      Nosey Parker default rules             111 
  np.assets    Nosey Parker asset detection rules      15 
  np.hashes    Nosey Parker password hash rules         5 
 
diff --git a/crates/noseyparker/data/default/builtin/rules/particle.io.yml b/crates/noseyparker/data/default/builtin/rules/particle.io.yml
@@ -0,0 +1,51 @@
+rules:
+
+- name: particle.io Access Token (URL first)
+  id: np.particleio.1
+
+  pattern: |
+    (?x)
+    https://api\.particle\.io/v1/[a-zA-Z0-9_\-\s/"\\?]*
+    (?:access_token=|Authorization:\s*Bearer\s*)
+    \b
+    ([a-zA-Z0-9]{40})
+    \b
+
+  examples:
+  - |
+      curl https://api.particle.io/v1/devices \
+      -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55"
+  - |
+      curl https://api.particle.io/v1/devices \
+      -d access_token=38bb7b318cc6898c80317decb34525844bc9db55
+  - 'curl https://api.particle.io/v1/devices -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55"'
+  - 'curl https://api.particle.io/v1/devices -d access_token=38bb7b318cc6898c80317decb34525844bc9db55'
+  - 'curl "https://api.particle.io/v1/devices/events?access_token=38bb7b318cc6898c80317decb34525844bc9db55"'
+  - 'curl "https://api.particle.io/v1/access_tokens/current?access_token=38bb7b318cc6898c80317decb34525844bc9db55"'
+
+  references:
+  - https://docs.particle.io/reference/cloud-apis/api/
+
+- name: particle.io Access Token (URL last)
+  id: np.particleio.2
+
+  pattern: |
+    (?x)
+    (?:access_token=|Authorization:\s*Bearer\s*)
+    \b
+    ([a-zA-Z0-9]{40})
+    \b
+    [\s"\\]*https://api\.particle\.io/v1
+
+  examples:
+  - |
+      curl -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55" \
+      https://api.particle.io/v1/devices
+  - |
+      curl -d access_token=38bb7b318cc6898c80317decb34525844bc9db55 \
+      https://api.particle.io/v1/devices
+  - 'curl -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55" https://api.particle.io/v1/devices'
+  - 'curl -d access_token=38bb7b318cc6898c80317decb34525844bc9db55 https://api.particle.io/v1/devices'
+
+  references:
+  - https://docs.particle.io/reference/cloud-apis/api/
diff --git a/crates/noseyparker/data/default/builtin/rulesets/default.yml b/crates/noseyparker/data/default/builtin/rulesets/default.yml
@@ -89,6 +89,8 @@ rulesets:
   - np.odbc.1         # Credentials in ODBC Connection String
   - np.okta.1         # Okta API Token
   - np.openai.1       # OpenAI API Key
+  - np.particleio.1   # particle.io Access Token (URL first)
+  - np.particleio.2   # particle.io Access Token (URL last)
   - np.pem.1          # PEM-Encoded Private Key
   - np.postman.1      # Postman API Key
   - np.psexec.1       # Credentials in PsExec