Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature(rule): Added new rule for detecting sourcegraph access token #252

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+51 −3
Open

feature(rule): Added new rule for detecting sourcegraph access token #252

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0a7e604
added sourcegraph access token detection rule
shivasurya Feb 4, 2025
d9159f9
fixed name in comments
shivasurya Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...oseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
source: crates/noseyparker-cli/tests/rules/mod.rs
expression: stdout
---
171 rules and 3 rulesets: no issues detected
172 rules and 3 rulesets: no issues detected
27 changes: 26 additions & 1 deletion crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3853,6 +3853,31 @@ expression: stdout
]
}
},
{
"id": "np.sourcegraph.1",
"structural_id": "37afa71f65cf37c1b3cf1aa4e7aa472ed567c81b",
"name": "Sourcegraph Access Token",
"syntax": {
"name": "Sourcegraph Access Token",
"id": "np.sourcegraph.1",
"pattern": "\\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40})\\b",
"description": null,
"examples": [
" sourcegraph access token sgp_fd1b4edb60bf82b8_a70aabf5f685734b19792789feeb73c6393cd02e<br/>",
" access token sgp_b70acbf2f685734c19791789fdeb73c6393dd02a",
" access token sgp_local_b70acbf2f685734c19791789fdeb73c6393dd02a",
"var applicationId = 'x-sourcegraph-token';\nvar accessToken = 'sgp_fd1b4edb60bf82b8_a70aabf5f685734b19792789feeb73c6393cd02e';\n"
],
"negative_examples": [],
"references": [
"https://sourcegraph.com/docs/api/graphql"
],
"categories": [
"api",
"secret"
]
}
},
{
"id": "np.square.1",
"structural_id": "3f8708418bfa64b2123fac51d9e640838af45cbf",
Expand Down Expand Up @@ -4291,7 +4316,7 @@ expression: stdout
{
"id": "default",
"name": "Nosey Parker default rules",
"num_rules": 150
"num_rules": 151
},
{
"id": "np.assets",
Expand Down
3 changes: 2 additions & 1 deletion ...s/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ expression: stdout
np.slack.5 Slack App Token api, secret
np.slack.6 Slack Legacy Bot Token api, secret
np.sonarqube.1 SonarQube Token api, fuzzy, secret
np.sourcegraph.1 Sourcegraph Access Token api, secret
np.square.1 Square Access Token api, secret
np.square.2 Square OAuth Secret api, secret
np.stackhawk.1 StackHawk API Key api, secret
Expand All @@ -178,6 +179,6 @@ expression: stdout

Ruleset ID Ruleset Name Rules
─────────────────────────────────────────────────────────
default Nosey Parker default rules 150
default Nosey Parker default rules 151
np.assets Nosey Parker asset detection rules 15
np.hashes Nosey Parker password hash rules 6
21 changes: 21 additions & 0 deletions crates/noseyparker/data/default/builtin/rules/sourcegraph.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
rules:

- name: Sourcegraph Access Token
id: np.sourcegraph.1

pattern: '\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40})\b'

categories:
- api
- secret

references:
- https://sourcegraph.com/docs/api/graphql

examples:
- ' sourcegraph access token sgp_fd1b4edb60bf82b8_a70aabf5f685734b19792789feeb73c6393cd02e<br/>'
- ' access token sgp_b70acbf2f685734c19791789fdeb73c6393dd02a'
- " access token sgp_local_b70acbf2f685734c19791789fdeb73c6393dd02a"
- |
var applicationId = 'x-sourcegraph-token';
var accessToken = 'sgp_fd1b4edb60bf82b8_a70aabf5f685734b19792789feeb73c6393cd02e';
1 change: 1 addition & 0 deletions crates/noseyparker/data/default/builtin/rulesets/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ rulesets:
- np.slack.5 # Slack App Token
- np.slack.6 # Slack Legacy Bot Token
- np.sonarqube.1 # SonarQube Token
- np.sourcegraph.1 # Sourcegraph Access Token
- np.square.1 # Square Access Token
- np.square.2 # Square OAuth Secret
- np.stackhawk.1 # StackHawk API Key
Expand Down