Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Dropbox Access Token rule #108

Merged
merged 2 commits into from
Dec 19, 2023
Merged

Conversation

gemesa
Copy link
Contributor

@gemesa gemesa commented Dec 18, 2023

No description provided.

Copy link
Collaborator

@bradlarsen bradlarsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good. A couple things:

  • In this new rule, there is a funny interaction between the payload character class and the word boundary anchor at the end.
  • I did some investigation, and I believe the payload length can actually be more flexible than always 140 characters, and occurrences in the wild seem to range from 130 (maybe 135, actually) to 151 characters.

Thank you again @gemesa!

crates/noseyparker/data/default/builtin/rules/dropbox.yml Outdated Show resolved Hide resolved
crates/noseyparker/data/default/builtin/rules/dropbox.yml Outdated Show resolved Hide resolved
crates/noseyparker/data/default/builtin/rules/dropbox.yml Outdated Show resolved Hide resolved
@bradlarsen bradlarsen added enhancement New feature or request detection Related to rules or detection of sensitive information labels Dec 19, 2023
@gemesa
Copy link
Contributor Author

gemesa commented Dec 19, 2023

This looks really good. A couple things:

* In this new rule, there is a funny interaction between the payload character class and the word boundary anchor at the end.

* I did some investigation, and I believe the payload length can actually be more flexible than always 140 characters, and occurrences in the wild seem to range from 130 (maybe 135, actually) to 151 characters.

Thank you again @gemesa!

Good findings, I have applied your suggestions. What I usually do is generate a few API tokens myself and observe the patterns. For me they have always been 140 characters long and I did not do any further investigation. I will also keep in mind the edge case where the tokens end with -.

@bradlarsen
Copy link
Collaborator

What I usually do is generate a few API tokens myself and observe the patterns. For me they have always been 140 characters long and I did not do any further investigation.

Yes, that's a very reasonable approach! Doing so should lead to high-precision rules.

@bradlarsen bradlarsen merged commit 254cf88 into praetorian-inc:main Dec 19, 2023
@gemesa gemesa deleted the dropbox-rule branch December 19, 2023 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
detection Related to rules or detection of sensitive information enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants