From da4e448d0c6cea664d7e83ef60fc4f7aed4d683b Mon Sep 17 00:00:00 2001
From: Andras Gemes <gemesandras22@gmail.com>
Date: Tue, 19 Dec 2023 18:53:14 +0100
Subject: [PATCH] Fix review findings in Dropbox Access Token rule

Co-authored-by: Brad Larsen <brad@bradfordlarsen.com>
---
 crates/noseyparker/data/default/builtin/rules/dropbox.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/crates/noseyparker/data/default/builtin/rules/dropbox.yml b/crates/noseyparker/data/default/builtin/rules/dropbox.yml
index d4ad0af5c..0d120ba1c 100644
--- a/crates/noseyparker/data/default/builtin/rules/dropbox.yml
+++ b/crates/noseyparker/data/default/builtin/rules/dropbox.yml
@@ -6,12 +6,14 @@ rules:
   pattern: |
     (?x)
     \b
-    (sl\.[a-zA-Z0-9_-]{140})
-    \b
+    (sl\.[a-zA-Z0-9_-]{130,152})
+    (?: $ | [^a-zA-Z0-9_-] )
 
   examples:
   - 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"'
-
+  # this one comes from dropbox example documentation; ends with a `-`
+  - '  "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",'
+  
   references:
   - https://developers.dropbox.com/oauth-guide
   - https://www.dropbox.com/developers/