Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TrueNAS API Key rule #110

Merged
merged 2 commits into from
Dec 20, 2023
Merged

Add TrueNAS API Key rule #110

merged 2 commits into from
Dec 20, 2023

Conversation

gemesa
Copy link
Contributor

@gemesa gemesa commented Dec 20, 2023

No description provided.

bradlarsen
bradlarsen requested changes Dec 20, 2023
View reviewed changes
Copy link
Collaborator

@bradlarsen bradlarsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for this new rule!

Is there some way to make this rule more precise? The TrueNAS API Key format unfortunately doesn't have a distinctive prefix or suffix that can be easily matched, and so it ends up producing false positives.

I do see what look like real instances of TrueNAS API Keys using GitHub code search. But in my own local test across 2TiB of source code, I get 390 TrueNAS API Key findings with the rule as written, but they are all false positives.

If this can be made more precise, I'll take it in the default ruleset. Otherwise, we could consider creating a new ruleset, np.experimental perhaps, that includes it.

crates/noseyparker/data/default/builtin/rules/truenas.yml Show resolved Hide resolved
crates/noseyparker/data/default/builtin/rules/truenas.yml Outdated Show resolved Hide resolved
@bradlarsen
Copy link
Collaborator

Note, this TrueNAS API Key is not something that other secret scanners (Truffle Hog, GitLeaks, GitHub Advanced Security, GitGuardian) seem to have rules for. Thank you for your original research @gemesa!

@bradlarsen
Copy link
Collaborator

Try /truenas AND /\b(\d+-[a-zA-Z0-9]{64})\b// in GitHub search to see some examples. Without the additional search term, the regex is too expensive for GitHub to give results for (again, caused by lack of a distinctive prefix in the token format).

@gemesa
Copy link
Contributor Author

gemesa commented Dec 20, 2023
edited
Loading

TrueNAS has 2 APIs: WebSocket and REST API. I tested both and created 2 separate rules, what do you think?

bradlarsen
bradlarsen approved these changes Dec 20, 2023
View reviewed changes
Copy link
Collaborator

@bradlarsen bradlarsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you.

@bradlarsen bradlarsen merged commit 039549f into praetorian-inc:main Dec 20, 2023
8 checks passed
@gemesa gemesa deleted the truenas-rule branch December 20, 2023 21:00
@bradlarsen bradlarsen added enhancement New feature or request detection Related to rules or detection of sensitive information labels Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bradlarsen bradlarsen bradlarsen approved these changes

Assignees
No one assigned
Labels
detection Related to rules or detection of sensitive information enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gemesa @bradlarsen