├── .dockerignore ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ ├── ci.yml │ ├── docker-image.yml │ ├── release-artifacts.yml │ └── rust-checks.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .rustfmt.toml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── Cargo.lock ├── Cargo.toml ├── Dockerfile ├── Dockerfile.alpine ├── LICENSE ├── README.md ├── SECURITY.md ├── crates ├── bstring-serde │ ├── Cargo.toml │ └── src │ │ └── lib.rs ├── content-guesser │ ├── Cargo.toml │ └── src │ │ ├── error.rs │ │ ├── guesser.rs │ │ ├── input.rs │ │ ├── lib.rs │ │ └── output.rs ├── input-enumerator │ ├── Cargo.toml │ └── src │ │ ├── blob_appearance.rs │ │ ├── bstring_table.rs │ │ ├── git_commit_metadata.rs │ │ ├── git_metadata_graph.rs │ │ ├── git_repo_enumerator.rs │ │ └── lib.rs ├── noseyparker-cli │ ├── Cargo.toml │ ├── build.rs │ ├── src │ │ ├── args.rs │ │ ├── cmd_annotations.rs │ │ ├── cmd_datastore.rs │ │ ├── cmd_generate.rs │ │ ├── cmd_generate │ │ │ ├── cmd_generate_json_schema.rs │ │ │ ├── cmd_generate_manpages.rs │ │ │ └── cmd_generate_shell_completions.rs │ │ ├── cmd_github.rs │ │ ├── cmd_report.rs │ │ ├── cmd_report │ │ │ ├── human_format.rs │ │ │ ├── sarif_format.rs │ │ │ └── styles.rs │ │ ├── cmd_rules.rs │ │ ├── cmd_rules │ │ │ ├── cmd_rules_check.rs │ │ │ └── cmd_rules_list.rs │ │ ├── cmd_scan.rs │ │ ├── cmd_summarize.rs │ │ ├── main.rs │ │ ├── mimalloc.rs │ │ ├── reportable.rs │ │ ├── rule_loader.rs │ │ └── util.rs │ └── tests │ │ ├── common │ │ └── mod.rs │ │ ├── datastore │ │ ├── mod.rs │ │ └── snapshots │ │ │ ├── test_noseyparker__datastore__export_empty-2.snap │ │ │ ├── test_noseyparker__datastore__export_empty-3.snap │ │ │ ├── test_noseyparker__datastore__export_empty.snap │ │ │ ├── test_noseyparker__datastore__init-2.snap │ │ │ ├── test_noseyparker__datastore__init-3.snap │ │ │ └── test_noseyparker__datastore__init.snap │ │ ├── generate │ │ ├── mod.rs │ │ └── snapshots │ │ │ └── test_noseyparker__generate__generate_json_schema.snap │ │ ├── github │ │ ├── mod.rs │ │ └── snapshots │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url1-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url1-3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url1.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url2-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url2-3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url3-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url3-3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url4-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url4-3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_all_organizations_no_api_url4.snap │ │ │ ├── test_noseyparker__github__github_repos_list_noargs-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_noargs-3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_noargs.snap │ │ │ ├── test_noseyparker__github__github_repos_list_org_badtoken-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_org_badtoken-3.snap │ │ │ ├── test_noseyparker__github__github_repos_list_org_badtoken.snap │ │ │ ├── test_noseyparker__github__github_repos_list_user_badtoken-2.snap │ │ │ ├── test_noseyparker__github__github_repos_list_user_badtoken-3.snap │ │ │ └── test_noseyparker__github__github_repos_list_user_badtoken.snap │ │ ├── help │ │ ├── mod.rs │ │ └── snapshots │ │ │ ├── test_noseyparker__help__help-2.snap │ │ │ ├── test_noseyparker__help__help-3.snap │ │ │ ├── test_noseyparker__help__help.snap │ │ │ ├── test_noseyparker__help__help_datastore-2.snap │ │ │ ├── test_noseyparker__help__help_datastore-3.snap │ │ │ ├── test_noseyparker__help__help_datastore.snap │ │ │ ├── test_noseyparker__help__help_github-2.snap │ │ │ ├── test_noseyparker__help__help_github-3.snap │ │ │ ├── test_noseyparker__help__help_github.snap │ │ │ ├── test_noseyparker__help__help_github_repos-2.snap │ │ │ ├── test_noseyparker__help__help_github_repos-3.snap │ │ │ ├── test_noseyparker__help__help_github_repos.snap │ │ │ ├── test_noseyparker__help__help_github_repos_short-2.snap │ │ │ ├── test_noseyparker__help__help_github_repos_short-3.snap │ │ │ ├── test_noseyparker__help__help_github_repos_short.snap │ │ │ ├── test_noseyparker__help__help_github_short-2.snap │ │ │ ├── test_noseyparker__help__help_github_short-3.snap │ │ │ ├── test_noseyparker__help__help_github_short.snap │ │ │ ├── test_noseyparker__help__help_nogithub-2.snap │ │ │ ├── test_noseyparker__help__help_nogithub-3.snap │ │ │ ├── test_noseyparker__help__help_nogithub.snap │ │ │ ├── test_noseyparker__help__help_report-2.snap │ │ │ ├── test_noseyparker__help__help_report-3.snap │ │ │ ├── test_noseyparker__help__help_report.snap │ │ │ ├── test_noseyparker__help__help_report_short-2.snap │ │ │ ├── test_noseyparker__help__help_report_short-3.snap │ │ │ ├── test_noseyparker__help__help_report_short.snap │ │ │ ├── test_noseyparker__help__help_rules-2.snap │ │ │ ├── test_noseyparker__help__help_rules-3.snap │ │ │ ├── test_noseyparker__help__help_rules.snap │ │ │ ├── test_noseyparker__help__help_scan-2.snap │ │ │ ├── test_noseyparker__help__help_scan-3.snap │ │ │ ├── test_noseyparker__help__help_scan.snap │ │ │ ├── test_noseyparker__help__help_scan_nogithub-2.snap │ │ │ ├── test_noseyparker__help__help_scan_nogithub-3.snap │ │ │ ├── test_noseyparker__help__help_scan_nogithub.snap │ │ │ ├── test_noseyparker__help__help_scan_short-2.snap │ │ │ ├── test_noseyparker__help__help_scan_short-3.snap │ │ │ ├── test_noseyparker__help__help_scan_short.snap │ │ │ ├── test_noseyparker__help__help_scan_short_nogithub-2.snap │ │ │ ├── test_noseyparker__help__help_scan_short_nogithub-3.snap │ │ │ ├── test_noseyparker__help__help_scan_short_nogithub.snap │ │ │ ├── test_noseyparker__help__help_short-2.snap │ │ │ ├── test_noseyparker__help__help_short-3.snap │ │ │ ├── test_noseyparker__help__help_short.snap │ │ │ ├── test_noseyparker__help__help_short_nogithub-2.snap │ │ │ ├── test_noseyparker__help__help_short_nogithub-3.snap │ │ │ ├── test_noseyparker__help__help_short_nogithub.snap │ │ │ ├── test_noseyparker__help__help_summarize-2.snap │ │ │ ├── test_noseyparker__help__help_summarize-3.snap │ │ │ ├── test_noseyparker__help__help_summarize.snap │ │ │ ├── test_noseyparker__help__help_summarize_short-2.snap │ │ │ ├── test_noseyparker__help__help_summarize_short-3.snap │ │ │ ├── test_noseyparker__help__help_summarize_short.snap │ │ │ ├── test_noseyparker__help__no_args-2.snap │ │ │ ├── test_noseyparker__help__no_args-3.snap │ │ │ ├── test_noseyparker__help__no_args.snap │ │ │ ├── test_noseyparker__help__no_args_nogithub-2.snap │ │ │ ├── test_noseyparker__help__no_args_nogithub-3.snap │ │ │ ├── test_noseyparker__help__no_args_nogithub.snap │ │ │ ├── test_noseyparker__help__version_command-2.snap │ │ │ ├── test_noseyparker__help__version_command-3.snap │ │ │ ├── test_noseyparker__help__version_command.snap │ │ │ ├── test_noseyparker__help__version_long-2.snap │ │ │ ├── test_noseyparker__help__version_long-3.snap │ │ │ └── test_noseyparker__help__version_long.snap │ │ ├── report │ │ ├── mod.rs │ │ └── snapshots │ │ │ ├── test_noseyparker__report__report_nonexistent_default_datastore-2.snap │ │ │ ├── test_noseyparker__report__report_nonexistent_default_datastore-3.snap │ │ │ ├── test_noseyparker__report__report_nonexistent_default_datastore.snap │ │ │ ├── test_noseyparker__report__report_output_colors1.snap │ │ │ ├── test_noseyparker__report__report_unlimited_matches-2.snap │ │ │ ├── test_noseyparker__report__report_unlimited_matches-3.snap │ │ │ └── test_noseyparker__report__report_unlimited_matches.snap │ │ ├── rules │ │ ├── mod.rs │ │ └── snapshots │ │ │ ├── test_noseyparker__rules__rules_check_builtins-2.snap │ │ │ ├── test_noseyparker__rules__rules_check_builtins-3.snap │ │ │ ├── test_noseyparker__rules__rules_check_builtins.snap │ │ │ ├── test_noseyparker__rules__rules_list_json-2.snap │ │ │ ├── test_noseyparker__rules__rules_list_json-3.snap │ │ │ ├── test_noseyparker__rules__rules_list_json.snap │ │ │ ├── test_noseyparker__rules__rules_list_jsonl-2.snap │ │ │ ├── test_noseyparker__rules__rules_list_jsonl-3.snap │ │ │ ├── test_noseyparker__rules__rules_list_jsonl.snap │ │ │ ├── test_noseyparker__rules__rules_list_no_builtins-2.snap │ │ │ ├── test_noseyparker__rules__rules_list_no_builtins-3.snap │ │ │ ├── test_noseyparker__rules__rules_list_no_builtins.snap │ │ │ ├── test_noseyparker__rules__rules_list_noargs-2.snap │ │ │ ├── test_noseyparker__rules__rules_list_noargs-3.snap │ │ │ └── test_noseyparker__rules__rules_list_noargs.snap │ │ ├── scan │ │ ├── appmaker │ │ │ ├── mod.rs │ │ │ └── snapshots │ │ │ │ ├── test_noseyparker__scan__appmaker__scan_workflow_from_git_url-2.snap │ │ │ │ ├── test_noseyparker__scan__appmaker__scan_workflow_from_git_url-3.snap │ │ │ │ ├── test_noseyparker__scan__appmaker__scan_workflow_from_git_url-4.snap │ │ │ │ ├── test_noseyparker__scan__appmaker__scan_workflow_from_git_url-5.snap │ │ │ │ └── test_noseyparker__scan__appmaker__scan_workflow_from_git_url.snap │ │ ├── basic │ │ │ ├── mod.rs │ │ │ └── snapshots │ │ │ │ ├── test_noseyparker__scan__basic__scan_default_datastore-2.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_default_datastore-3.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_default_datastore-4.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_default_datastore-5.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_default_datastore.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1-2.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1-3.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1-4.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1-5.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1-6.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1-7.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_1.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1-2.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1-3.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1-4.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1-5.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1-6.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1-7.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_base64_1.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance-2.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance-3.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance-4.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance-5.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance-6.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance-7.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_enumerator_string_provenance.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1-2.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1-3.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1-4.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1-5.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1-6.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1-7.snap │ │ │ │ ├── test_noseyparker__scan__basic__scan_fs_1.snap │ │ │ │ ├── test_noseyparker__scan__basic__summarize_nonexistent_default_datastore-2.snap │ │ │ │ ├── test_noseyparker__scan__basic__summarize_nonexistent_default_datastore-3.snap │ │ │ │ └── test_noseyparker__scan__basic__summarize_nonexistent_default_datastore.snap │ │ ├── copy_blobs │ │ │ └── mod.rs │ │ ├── git_url │ │ │ ├── mod.rs │ │ │ └── snapshots │ │ │ │ ├── test_noseyparker__scan__git_url__file_scheme-2.snap │ │ │ │ ├── test_noseyparker__scan__git_url__file_scheme-3.snap │ │ │ │ ├── test_noseyparker__scan__git_url__file_scheme.snap │ │ │ │ ├── test_noseyparker__scan__git_url__http_scheme-2.snap │ │ │ │ ├── test_noseyparker__scan__git_url__http_scheme-3.snap │ │ │ │ ├── test_noseyparker__scan__git_url__http_scheme.snap │ │ │ │ ├── test_noseyparker__scan__git_url__no_scheme-2.snap │ │ │ │ ├── test_noseyparker__scan__git_url__no_scheme-3.snap │ │ │ │ ├── test_noseyparker__scan__git_url__no_scheme.snap │ │ │ │ ├── test_noseyparker__scan__git_url__ssh_scheme-2.snap │ │ │ │ ├── test_noseyparker__scan__git_url__ssh_scheme-3.snap │ │ │ │ └── test_noseyparker__scan__git_url__ssh_scheme.snap │ │ ├── github │ │ │ ├── mod.rs │ │ │ └── snapshots │ │ │ │ ├── test_noseyparker__scan__github__github_all_orgs_explicit_default_api_url-2.snap │ │ │ │ ├── test_noseyparker__scan__github__github_all_orgs_explicit_default_api_url-3.snap │ │ │ │ ├── test_noseyparker__scan__github__github_all_orgs_explicit_default_api_url.snap │ │ │ │ ├── test_noseyparker__scan__github__github_all_orgs_no_api_url-2.snap │ │ │ │ ├── test_noseyparker__scan__github__github_all_orgs_no_api_url-3.snap │ │ │ │ └── test_noseyparker__scan__github__github_all_orgs_no_api_url.snap │ │ ├── mod.rs │ │ ├── snippet_length │ │ │ ├── mod.rs │ │ │ └── snapshots │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-10.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-11.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-12.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-13.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-14.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-2.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-3.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-4.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-5.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-6.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-7.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-8.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length-9.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_changing_snippet_length.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_short_snippet_length-2.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_short_snippet_length-3.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_short_snippet_length-4.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_short_snippet_length-6.snap │ │ │ │ ├── test_noseyparker__scan__snippet_length__scan_short_snippet_length-7.snap │ │ │ │ └── test_noseyparker__scan__snippet_length__scan_short_snippet_length.snap │ │ └── with_ignore │ │ │ └── mod.rs │ │ └── test_noseyparker.rs ├── noseyparker-digest │ ├── Cargo.toml │ └── src │ │ └── lib.rs ├── noseyparker-rules │ ├── Cargo.toml │ └── src │ │ ├── lib.rs │ │ ├── rule.rs │ │ ├── rules.rs │ │ ├── ruleset.rs │ │ ├── rulesets.rs │ │ └── util.rs ├── noseyparker │ ├── Cargo.toml │ ├── data │ │ └── default │ │ │ ├── builtin │ │ │ ├── rules │ │ │ │ ├── adafruitio.yml │ │ │ │ ├── adobe.yml │ │ │ │ ├── age.yml │ │ │ │ ├── anthropic.yml │ │ │ │ ├── artifactory.yml │ │ │ │ ├── auth0.yml │ │ │ │ ├── aws.yml │ │ │ │ ├── azure.yml │ │ │ │ ├── bitbucket.yml │ │ │ │ ├── blynk.yml │ │ │ │ ├── codeclimate.yml │ │ │ │ ├── crates.io.yml │ │ │ │ ├── databricks.yml │ │ │ │ ├── dependency_track.yml │ │ │ │ ├── digitalocean.yml │ │ │ │ ├── django.yml │ │ │ │ ├── dockerhub.yml │ │ │ │ ├── doppler.yml │ │ │ │ ├── dropbox.yml │ │ │ │ ├── dynatrace.yml │ │ │ │ ├── facebook.yml │ │ │ │ ├── figma.yml │ │ │ │ ├── firecrawl.yml │ │ │ │ ├── generic.yml │ │ │ │ ├── gitalk.yml │ │ │ │ ├── github.yml │ │ │ │ ├── gitlab.yml │ │ │ │ ├── google.yml │ │ │ │ ├── gradle.yml │ │ │ │ ├── grafana.yml │ │ │ │ ├── groq.yml │ │ │ │ ├── hashes.yml │ │ │ │ ├── hashicorp.yml │ │ │ │ ├── heroku.yml │ │ │ │ ├── http.yml │ │ │ │ ├── huggingface.yml │ │ │ │ ├── jenkins.yml │ │ │ │ ├── jina.yml │ │ │ │ ├── jwt.yml │ │ │ │ ├── kagi.yml │ │ │ │ ├── kubernetes.yml │ │ │ │ ├── linkedin.yml │ │ │ │ ├── mailchimp.yml │ │ │ │ ├── mailgun.yml │ │ │ │ ├── mapbox.yml │ │ │ │ ├── microsoft_teams.yml │ │ │ │ ├── mongo.yml │ │ │ │ ├── netrc.yml │ │ │ │ ├── newrelic.yml │ │ │ │ ├── npm.yml │ │ │ │ ├── nuget.yml │ │ │ │ ├── odbc.yml │ │ │ │ ├── okta.yml │ │ │ │ ├── openai.yml │ │ │ │ ├── particle.io.yml │ │ │ │ ├── pem.yml │ │ │ │ ├── phpmailer.yml │ │ │ │ ├── postgres.yml │ │ │ │ ├── postman.yml │ │ │ │ ├── postmark.yml │ │ │ │ ├── psexec.yml │ │ │ │ ├── pypi.yml │ │ │ │ ├── react.yml │ │ │ │ ├── rubygems.yml │ │ │ │ ├── salesforce.yml │ │ │ │ ├── sauce.yml │ │ │ │ ├── segment.yml │ │ │ │ ├── sendgrid.yml │ │ │ │ ├── shopify.yml │ │ │ │ ├── slack.yml │ │ │ │ ├── sonarqube.yml │ │ │ │ ├── sourcegraph.yml │ │ │ │ ├── square.yml │ │ │ │ ├── stackhawk.yml │ │ │ │ ├── stripe.yml │ │ │ │ ├── tavily.yml │ │ │ │ ├── teamcity.yml │ │ │ │ ├── telegram.yml │ │ │ │ ├── thingsboard.yml │ │ │ │ ├── truenas.yml │ │ │ │ ├── twilio.yml │ │ │ │ ├── twitter.yml │ │ │ │ ├── vmware.yml │ │ │ │ └── wireguard.yml │ │ │ └── rulesets │ │ │ │ ├── default.yml │ │ │ │ ├── np.assets.yml │ │ │ │ └── np.hashes.yml │ │ │ └── ignore.conf │ └── src │ │ ├── blob.rs │ │ ├── blob_id.rs │ │ ├── blob_id_map.rs │ │ ├── blob_id_set.rs │ │ ├── blob_metadata.rs │ │ ├── bstring_escape.rs │ │ ├── datastore.rs │ │ ├── datastore │ │ ├── annotation.rs │ │ ├── finding_data.rs │ │ ├── finding_metadata.rs │ │ ├── finding_summary.rs │ │ ├── schema_70.sql │ │ └── status.rs │ │ ├── defaults.rs │ │ ├── git_binary.rs │ │ ├── git_url.rs │ │ ├── github.rs │ │ ├── github │ │ ├── auth.rs │ │ ├── client.rs │ │ ├── client_builder.rs │ │ ├── error.rs │ │ ├── models.rs │ │ ├── models │ │ │ └── page.rs │ │ ├── repo_enumerator.rs │ │ └── result.rs │ │ ├── lib.rs │ │ ├── location.rs │ │ ├── match_type.rs │ │ ├── matcher.rs │ │ ├── matcher_stats.rs │ │ ├── provenance.rs │ │ ├── provenance_set.rs │ │ ├── rule_profiling.rs │ │ ├── rules_database.rs │ │ └── snippet.rs └── progress │ ├── Cargo.toml │ └── src │ └── lib.rs ├── docs ├── RULES.md ├── usage-examples │ ├── .gitignore │ ├── README.md │ ├── common-config.tape │ ├── examples │ │ ├── 01-getting-help.tape │ │ ├── 02-scan-git-history.tape │ │ ├── 03-report-human.tape │ │ └── 04-report-json.tape │ ├── gifs │ │ ├── 01-getting-help.gif │ │ ├── 02-scan-git-history.gif │ │ ├── 03-report-human.gif │ │ └── 04-report-json.gif │ └── record-examples.zsh └── v0.17.0 │ └── man │ └── man1 │ ├── noseyparker-datastore-init.1.md │ ├── noseyparker-datastore.1.md │ ├── noseyparker-generate-json-schema.1.md │ ├── noseyparker-generate-manpages.1.md │ ├── noseyparker-generate-shell-completions.1.md │ ├── noseyparker-generate.1.md │ ├── noseyparker-github-repos-list.1.md │ ├── noseyparker-github-repos.1.md │ ├── noseyparker-github.1.md │ ├── noseyparker-report.1.md │ ├── noseyparker-rules-check.1.md │ ├── noseyparker-rules-list.1.md │ ├── noseyparker-rules.1.md │ ├── noseyparker-scan.1.md │ ├── noseyparker-summarize.1.md │ └── noseyparker.1.md └── scripts ├── codesign-macos-release.zsh └── create-release.zsh /.dockerignore: -------------------------------------------------------------------------------- 1 | # Allow-list dockerignore file 2 | # see https://stackoverflow.com/questions/28097064/dockerignore-ignore-everything-except-a-file-and-the-dockerfile 3 | 4 | # Ignore everything 5 | * 6 | 7 | # Explicitly list things we want to include 8 | !/.cargo 9 | !/.git 10 | !/Cargo.lock 11 | !/Cargo.toml 12 | !/CHANGELOG.md 13 | !/LICENSE 14 | !/README.md 15 | !/crates 16 | !/scripts 17 | !/share 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Something isn't working right 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior. 15 | 16 | **Expected behavior** 17 | A clear and concise description of what you expected to happen. 18 | 19 | **Actual behavior** 20 | A clear and concise description of what you observed to happen. 21 | 22 | **Screenshots** 23 | If applicable, add screenshots to help explain your problem. 24 | 25 | **Output of `noseyparker --version`** 26 | 27 | **Additional context** 28 | Add any other context about the problem here. 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Generated by Cargo 2 | # will have compiled files and executables 3 | **/target/ 4 | 5 | # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries 6 | # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html 7 | # Cargo.lock 8 | 9 | # These are backup files generated by rustfmt 10 | **/*.rs.bk 11 | 12 | .buildx-cache 13 | 14 | # scripts/create-release.zsh output directory 15 | /release 16 | 17 | # Ignore generated credentials from google-github-actions/auth 18 | gha-creds-*.json 19 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # See https://pre-commit.com for more information 2 | # See https://pre-commit.com/hooks.html for more hooks 3 | repos: 4 | - repo: https://github.com/pre-commit/pre-commit-hooks 5 | rev: v5.0.0 6 | 7 | hooks: 8 | - id: check-added-large-files 9 | args: ['--maxkb=1024'] 10 | - id: check-case-conflict 11 | - id: check-json 12 | - id: check-symlinks 13 | - id: check-toml 14 | - id: check-yaml 15 | - id: destroyed-symlinks 16 | - id: trailing-whitespace 17 | 18 | - repo: https://github.com/doublify/pre-commit-rust 19 | rev: v1.0 20 | 21 | hooks: 22 | - id: fmt 23 | - id: cargo-check 24 | 25 | exclude: | 26 | (?x) 27 | ^ 28 | ( .*\.snap$ (?# insta.rs test cases ) 29 | | docs/v0\.17\.0/.* (?# manpages for convenience ) 30 | ) $ 31 | -------------------------------------------------------------------------------- /.rustfmt.toml: -------------------------------------------------------------------------------- 1 | hard_tabs = false 2 | max_width = 100 3 | newline_style = "Unix" 4 | tab_spaces = 4 5 | fn_call_width = 80 6 | edition = "2021" 7 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | members = ["crates/*"] 3 | resolver = "2" 4 | 5 | [workspace.package] 6 | edition = "2021" 7 | rust-version = "1.82" 8 | 9 | license = "Apache-2.0" 10 | authors = ["Brad Larsen "] 11 | 12 | homepage = "https://github.com/praetorian-inc/noseyparker" 13 | repository = "https://github.com/praetorian-inc/noseyparker" 14 | 15 | version = "0.25.0-dev" 16 | 17 | publish = false 18 | 19 | 20 | [profile.release] 21 | opt-level = 3 22 | lto = "thin" 23 | 24 | # strip out debug info from binary, but generate separate debuginfo 25 | strip = "debuginfo" 26 | split-debuginfo = "packed" 27 | 28 | debug = "line-tables-only" # generate enough debug info to give useful stack traces upon panic 29 | #debug = true # generate full debug info; significantly larger! 30 | 31 | 32 | 33 | # A number of packages benefit from being compiled with optimization even as dev dependencies. 34 | [profile.dev.package] 35 | insta = { opt-level = 3 } 36 | similar = { opt-level = 3 } 37 | # Using optimization on the vectorscan packages saves ~6s on each integration test case! 38 | vectorscan-rs = { opt-level = 3 } 39 | vectorscan-rs-sys = { opt-level = 3 } 40 | -------------------------------------------------------------------------------- /Dockerfile.alpine: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # Build `noseyparker` 3 | # 4 | # We use the alpine current, since it's smaller than most debian releases. 5 | ################################################################################ 6 | FROM rust:alpine AS builder 7 | 8 | # Install dependencies 9 | RUN apk add --no-cache --no-interactive \ 10 | boost-dev \ 11 | build-base \ 12 | cmake \ 13 | git \ 14 | make \ 15 | musl-dev \ 16 | openssl \ 17 | openssl-dev \ 18 | perl \ 19 | zsh \ 20 | && \ 21 | apk cache clean 22 | 23 | WORKDIR "/noseyparker" 24 | 25 | COPY . . 26 | 27 | RUN ./scripts/create-release.zsh --no-debug && \ 28 | cp -r release /release 29 | 30 | ################################################################################ 31 | # Build a smaller image just for running the `noseyparker` binary 32 | ################################################################################ 33 | FROM alpine:latest AS runner 34 | 35 | # Add `git` so that noseyparker's git and github integration works 36 | RUN apk add --no-cache --no-interactive git 37 | COPY --from=builder /release /usr/local/ 38 | 39 | # Tip when running: use a volume mount: `-v "$PWD:/scan"` to make for handling of paths on the command line 40 | WORKDIR "/scan" 41 | 42 | ENTRYPOINT ["noseyparker"] 43 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Only the [latest release](https://github.com/praetorian-inc/noseyparker/releases/latest) receives security updates. 6 | 7 | ## Reporting a Vulnerability 8 | 9 | If you have found a vulnerability, please contact . 10 | -------------------------------------------------------------------------------- /crates/bstring-serde/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bstring-serde" 3 | edition.workspace = true 4 | rust-version.workspace = true 5 | license.workspace = true 6 | authors.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | version = "0.0.0" 10 | publish.workspace = true 11 | 12 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 13 | 14 | [dependencies] 15 | base64 = { version = "0.22" } 16 | bstr = { version = "1.0", features = ["serde"] } 17 | schemars = { version = "0.8" } 18 | serde = { version = "1.0", features = ["derive"] } 19 | 20 | [dev-dependencies] 21 | proptest = "1.0" 22 | serde_json = "1.0" 23 | -------------------------------------------------------------------------------- /crates/content-guesser/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | 3 | edition.workspace = true 4 | rust-version.workspace = true 5 | license.workspace = true 6 | authors.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish.workspace = true 10 | 11 | name = "content-guesser" 12 | version = "0.0.0" 13 | 14 | [features] 15 | libmagic = ["magic"] 16 | 17 | [lib] 18 | path = "src/lib.rs" 19 | 20 | [dependencies] 21 | magic = { version = "0.16", optional = true } 22 | mime_guess = "2" 23 | mime = "0.3" 24 | thiserror = "2" 25 | -------------------------------------------------------------------------------- /crates/content-guesser/src/error.rs: -------------------------------------------------------------------------------- 1 | #[derive(Debug, thiserror::Error)] 2 | pub enum GuesserError { 3 | #[cfg(feature = "libmagic")] 4 | #[error("libmagic error: {0}")] 5 | MagicError(String), 6 | } 7 | -------------------------------------------------------------------------------- /crates/content-guesser/src/guesser.rs: -------------------------------------------------------------------------------- 1 | use mime_guess::MimeGuess; 2 | 3 | use crate::{error::GuesserError, input::Input, output::Output}; 4 | 5 | pub struct Guesser { 6 | #[cfg(feature = "libmagic")] 7 | magic_cookie: magic::cookie::Cookie, 8 | } 9 | 10 | // Public Implementation 11 | impl Guesser { 12 | #[cfg(feature = "libmagic")] 13 | pub fn new() -> Result { 14 | use magic::cookie::Flags; 15 | let flags = Flags::ERROR | Flags::MIME; 16 | assert!(!flags.contains(Flags::DEBUG)); 17 | let magic_cookie = 18 | magic::Cookie::open(flags).map_err(|e| GuesserError::MagicError(e.to_string()))?; 19 | // Load the default database 20 | let magic_cookie = magic_cookie 21 | .load(&Default::default()) 22 | .map_err(|e| GuesserError::MagicError(e.to_string()))?; 23 | Ok(Guesser { magic_cookie }) 24 | } 25 | 26 | #[cfg(not(feature = "libmagic"))] 27 | pub fn new() -> Result { 28 | Ok(Guesser {}) 29 | } 30 | 31 | pub fn guess(&self, input: Input) -> Output 32 | where 33 | T: AsRef<[u8]>, 34 | { 35 | let mime_guess = input.path.map(MimeGuess::from_path); 36 | 37 | #[cfg(feature = "libmagic")] 38 | let magic_guess = { 39 | use crate::input::{Content, PrefixContent}; 40 | match &input.content { 41 | Content::None => None, 42 | Content::Prefix(PrefixContent { content, .. }) | Content::Full(content) => { 43 | match self.magic_cookie.buffer(content.as_ref()) { 44 | Ok(m) => m.parse().ok(), 45 | _ => None, 46 | } 47 | } 48 | } 49 | }; 50 | #[cfg(not(feature = "libmagic"))] 51 | let magic_guess = None; 52 | 53 | Output { 54 | mime_guess, 55 | magic_guess, 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /crates/content-guesser/src/lib.rs: -------------------------------------------------------------------------------- 1 | pub use mime::Mime; 2 | 3 | mod input; 4 | pub use input::{Content, Input, PrefixContent}; 5 | 6 | mod output; 7 | pub use output::Output; 8 | 9 | mod error; 10 | pub use error::GuesserError; 11 | 12 | mod guesser; 13 | pub use guesser::Guesser; 14 | -------------------------------------------------------------------------------- /crates/content-guesser/src/output.rs: -------------------------------------------------------------------------------- 1 | use mime::Mime; 2 | use mime_guess::MimeGuess; 3 | 4 | #[derive(Debug)] 5 | pub struct Output { 6 | /// Path-based media type guess 7 | pub(crate) mime_guess: Option, 8 | 9 | /// Content-based media type guess 10 | pub(crate) magic_guess: Option, 11 | } 12 | 13 | impl Output { 14 | /// Get the path-based media type guess 15 | #[inline] 16 | pub fn path_guess(&self) -> Option { 17 | self.mime_guess.and_then(|g| g.first()) 18 | } 19 | 20 | /// Get the content-based media type guess 21 | #[inline] 22 | pub fn content_guess(&self) -> Option { 23 | self.magic_guess.clone() 24 | } 25 | 26 | /// Get the guessed mime type that is considered to be the best. 27 | /// 28 | /// If a content-based guess is available, that is used. 29 | /// Otherwise, the path-based guess is used. 30 | pub fn best_guess(&self) -> Option { 31 | self.content_guess().or_else(|| self.path_guess()) 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /crates/input-enumerator/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "input-enumerator" 3 | edition.workspace = true 4 | rust-version.workspace = true 5 | license.workspace = true 6 | authors.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | version = "0.0.0" 10 | publish.workspace = true 11 | 12 | [dependencies] 13 | anyhow = { version = "1.0" } 14 | bstr = { version = "1.0", features = ["serde"] } 15 | bstring-serde = { path = "../bstring-serde" } 16 | crossbeam-channel = "0.5" 17 | fixedbitset = "0.5" 18 | gix = { version = "0.72", features = ["max-performance", "serde"] } 19 | gix-date = "0.10" 20 | ignore = "0.4" 21 | petgraph = "0.8" 22 | roaring = "0.10" 23 | schemars = { version = "0.8" } 24 | serde = { version = "1.0", features = ["derive"] } 25 | smallvec = { version = "1", features = ["const_generics", "const_new", "union"] } 26 | tracing = "0.1" 27 | 28 | [dev-dependencies] 29 | pretty_assertions = "1.3" 30 | # proptest = "1.0" 31 | -------------------------------------------------------------------------------- /crates/input-enumerator/src/blob_appearance.rs: -------------------------------------------------------------------------------- 1 | use crate::git_commit_metadata::CommitMetadata; 2 | use bstr::{BString, ByteSlice}; 3 | use smallvec::SmallVec; 4 | use std::path::Path; 5 | use std::sync::Arc; 6 | 7 | /// Where was a particular blob seen? 8 | #[derive(Clone, Debug, serde::Serialize)] 9 | pub struct BlobAppearance { 10 | pub commit_metadata: Arc, 11 | 12 | /// The path given to the blob 13 | pub path: BString, 14 | } 15 | 16 | impl BlobAppearance { 17 | #[inline] 18 | pub fn path(&self) -> Result<&Path, bstr::Utf8Error> { 19 | self.path.to_path() 20 | } 21 | } 22 | 23 | /// A set of `BlobAppearance` entries 24 | pub type BlobAppearanceSet = SmallVec<[BlobAppearance; 2]>; 25 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/build.rs: -------------------------------------------------------------------------------- 1 | /// This build script uses `vergen` to expose lots of build information at compile time. 2 | /// This information is used in the `noseyparker` CLI in its `version/-V/--version` commands. 3 | use std::error::Error; 4 | use vergen_gitcl::{ 5 | BuildBuilder, CargoBuilder, Emitter, GitclBuilder, RustcBuilder, SysinfoBuilder, 6 | }; 7 | 8 | fn main() -> Result<(), Box> { 9 | Emitter::default() 10 | .add_instructions(&BuildBuilder::all_build()?)? 11 | .add_instructions(&GitclBuilder::all_git()?)? 12 | .add_instructions(&CargoBuilder::all_cargo()?)? 13 | .add_instructions(&RustcBuilder::all_rustc()?)? 14 | .add_instructions(&SysinfoBuilder::all_sysinfo()?)? 15 | .emit()?; 16 | Ok(()) 17 | } 18 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_annotations.rs: -------------------------------------------------------------------------------- 1 | use anyhow::{Context, Result}; 2 | // use tracing::info; 3 | use tracing::debug; 4 | 5 | use crate::args::{AnnotationsArgs, AnnotationsExportArgs, AnnotationsImportArgs, GlobalArgs}; 6 | use crate::util::{get_reader_for_file_or_stdin, get_writer_for_file_or_stdout}; 7 | 8 | use noseyparker::datastore::Annotations; 9 | use noseyparker::datastore::Datastore; 10 | 11 | pub fn run(global_args: &GlobalArgs, args: &AnnotationsArgs) -> Result<()> { 12 | use crate::args::AnnotationsCommand::*; 13 | match &args.command { 14 | Import(args) => cmd_annotations_import(global_args, args), 15 | Export(args) => cmd_annotations_export(global_args, args), 16 | } 17 | } 18 | 19 | fn cmd_annotations_import(global_args: &GlobalArgs, args: &AnnotationsImportArgs) -> Result<()> { 20 | let mut datastore = Datastore::open(&args.datastore, global_args.advanced.sqlite_cache_size) 21 | .with_context(|| format!("Failed to open datastore at {}", args.datastore.display()))?; 22 | 23 | let input = get_reader_for_file_or_stdin(args.input.as_ref())?; 24 | 25 | let annotations: Annotations = 26 | serde_json::from_reader(input).context("Failed to read JSON input")?; 27 | debug!( 28 | "Read {} match and {} finding annotations", 29 | annotations.match_annotations.len(), 30 | annotations.finding_annotations.len() 31 | ); 32 | datastore.import_annotations(&annotations)?; 33 | 34 | Ok(()) 35 | } 36 | 37 | fn cmd_annotations_export(global_args: &GlobalArgs, args: &AnnotationsExportArgs) -> Result<()> { 38 | let datastore = Datastore::open(&args.datastore, global_args.advanced.sqlite_cache_size) 39 | .with_context(|| format!("Failed to open datastore at {}", args.datastore.display()))?; 40 | 41 | let output = get_writer_for_file_or_stdout(args.output.as_ref()) 42 | .context("Failed to open output for writing")?; 43 | 44 | let annotations = datastore 45 | .get_annotations() 46 | .context("Failed to get annotations")?; 47 | 48 | serde_json::to_writer(output, &annotations).context("Failed to write JSON output")?; 49 | 50 | Ok(()) 51 | } 52 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_generate.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | 3 | use crate::args::{GenerateArgs, GenerateCommand, GlobalArgs}; 4 | 5 | mod cmd_generate_json_schema; 6 | mod cmd_generate_manpages; 7 | mod cmd_generate_shell_completions; 8 | 9 | pub fn run(global_args: &GlobalArgs, args: &GenerateArgs) -> Result<()> { 10 | match &args.command { 11 | GenerateCommand::ShellCompletions(args) => { 12 | cmd_generate_shell_completions::run(global_args, args) 13 | } 14 | GenerateCommand::JsonSchema(args) => cmd_generate_json_schema::run(global_args, args), 15 | GenerateCommand::ManPages(args) => cmd_generate_manpages::run(global_args, args), 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_generate/cmd_generate_json_schema.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | use tracing::info; 3 | 4 | use crate::args::{GlobalArgs, JsonSchemaArgs}; 5 | use crate::cmd_report::Finding; 6 | use crate::util::get_writer_for_file_or_stdout; 7 | 8 | pub fn run(_global_args: &GlobalArgs, args: &JsonSchemaArgs) -> Result<()> { 9 | let schema = schemars::schema_for!(Vec); 10 | 11 | let mut writer = get_writer_for_file_or_stdout(args.output.as_ref())?; 12 | writeln!(writer, "{}", serde_json::to_string_pretty(&schema).unwrap())?; 13 | if let Some(output) = &args.output { 14 | info!("Wrote JSON schema to {}", output.display()); 15 | } 16 | Ok(()) 17 | } 18 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_generate/cmd_generate_manpages.rs: -------------------------------------------------------------------------------- 1 | use crate::args::{CommandLineArgs, GlobalArgs, ManPagesArgs}; 2 | use anyhow::Result; 3 | use clap::CommandFactory; 4 | use clap_mangen::generate_to; 5 | use tracing::info; 6 | 7 | pub fn run(_global_args: &GlobalArgs, args: &ManPagesArgs) -> Result<()> { 8 | let cmd = CommandLineArgs::command(); 9 | generate_to(cmd, &args.output)?; 10 | info!("Wrote manpages to {}", args.output.display()); 11 | Ok(()) 12 | } 13 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_generate/cmd_generate_shell_completions.rs: -------------------------------------------------------------------------------- 1 | use crate::args::{CommandLineArgs, GlobalArgs, ShellCompletionsArgs, ShellFormat}; 2 | use anyhow::Result; 3 | use clap::{Command, CommandFactory}; 4 | use clap_complete::{ 5 | generate, shells::Bash, shells::Elvish, shells::Fish, shells::PowerShell, shells::Zsh, 6 | }; 7 | 8 | pub fn run(_global_args: &GlobalArgs, args: &ShellCompletionsArgs) -> Result<()> { 9 | let mut cmd = CommandLineArgs::command(); 10 | generate_completions_for_shell(&args.shell, &mut cmd) 11 | } 12 | 13 | fn generate_completions_for_shell(shell: &ShellFormat, cmd: &mut Command) -> Result<()> { 14 | let bin_name = "noseyparker"; 15 | let std_out = &mut std::io::stdout(); 16 | 17 | match shell { 18 | ShellFormat::Bash => generate(Bash, cmd, bin_name, std_out), 19 | ShellFormat::Zsh => generate(Zsh, cmd, bin_name, std_out), 20 | ShellFormat::Fish => generate(Fish, cmd, bin_name, std_out), 21 | ShellFormat::PowerShell => generate(PowerShell, cmd, bin_name, std_out), 22 | ShellFormat::Elvish => generate(Elvish, cmd, bin_name, std_out), 23 | } 24 | 25 | Ok(()) 26 | } 27 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_report/styles.rs: -------------------------------------------------------------------------------- 1 | pub use console::{Style, StyledObject}; 2 | 3 | pub struct Styles { 4 | pub style_finding_heading: Style, 5 | pub style_rule: Style, 6 | pub style_heading: Style, 7 | pub style_match: Style, 8 | pub style_metadata: Style, 9 | pub style_id: Style, 10 | } 11 | 12 | impl Styles { 13 | pub fn new(styles_enabled: bool) -> Self { 14 | let style_finding_heading = Style::new() 15 | .bold() 16 | .bright() 17 | .white() 18 | .force_styling(styles_enabled); 19 | let style_rule = Style::new() 20 | .bright() 21 | .bold() 22 | .blue() 23 | .force_styling(styles_enabled); 24 | let style_heading = Style::new().bold().force_styling(styles_enabled); 25 | let style_match = Style::new().yellow().force_styling(styles_enabled); 26 | let style_metadata = Style::new().bright().blue().force_styling(styles_enabled); 27 | let style_id = Style::new().bright().green().force_styling(styles_enabled); 28 | 29 | Self { 30 | style_finding_heading, 31 | style_rule, 32 | style_heading, 33 | style_match, 34 | style_metadata, 35 | style_id, 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/cmd_rules.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | 3 | mod cmd_rules_check; 4 | mod cmd_rules_list; 5 | use crate::args; 6 | 7 | pub fn run(global_args: &args::GlobalArgs, args: &args::RulesArgs) -> Result<()> { 8 | match &args.command { 9 | args::RulesCommand::Check(args) => cmd_rules_check::run(global_args, args), 10 | args::RulesCommand::List(args) => cmd_rules_list::run(global_args, args), 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/mimalloc.rs: -------------------------------------------------------------------------------- 1 | use mimalloc::MiMalloc; 2 | 3 | #[global_allocator] 4 | static GLOBAL: MiMalloc = MiMalloc; 5 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/src/reportable.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | 3 | /// A trait for things that can be output as a document. 4 | /// 5 | /// This trait is used to factor output-related code, such as friendly handling of buffering, into 6 | /// one place. 7 | pub trait Reportable { 8 | type Format; 9 | 10 | fn report(&self, format: Self::Format, writer: W) -> Result<()>; 11 | } 12 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/mod.rs: -------------------------------------------------------------------------------- 1 | use super::*; 2 | 3 | #[test] 4 | fn init() { 5 | let scan_env = ScanEnv::new(); 6 | assert_cmd_snapshot!(noseyparker_success!("datastore", "init", "-d", scan_env.dspath())); 7 | } 8 | 9 | /// Create a datastore, export it, extract it, and test that Nosey Parker still sees it as a valid 10 | /// datastore. 11 | #[test] 12 | fn export_empty() { 13 | let scan_env = ScanEnv::new(); 14 | // create datastore 15 | noseyparker_success!("datastore", "init", "-d", scan_env.dspath()); 16 | 17 | // export it 18 | let tgz = scan_env.root.child("export.tgz"); 19 | noseyparker_success!("datastore", "export", "-d", scan_env.dspath(), "-o", tgz.path()); 20 | tgz.assert(predicate::path::is_file()); 21 | 22 | // extract the archive 23 | let extract_dir = scan_env.root.child("export.np"); 24 | std::fs::create_dir(&extract_dir).unwrap(); 25 | 26 | let file = std::fs::File::open(tgz.path()).unwrap(); 27 | let mut archive = tar::Archive::new(flate2::read::GzDecoder::new(file)); 28 | archive.unpack(&extract_dir).unwrap(); 29 | 30 | // make sure the extracted datastore still works 31 | assert_cmd_snapshot!(noseyparker_success!("summarize", "-d", extract_dir.path())); 32 | } 33 | 34 | // TODO: add case for exporting to an already-existing output file 35 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/snapshots/test_noseyparker__datastore__export_empty-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/datastore/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────── 7 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/snapshots/test_noseyparker__datastore__export_empty-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/datastore/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/snapshots/test_noseyparker__datastore__export_empty.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/datastore/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/snapshots/test_noseyparker__datastore__init-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/datastore/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/snapshots/test_noseyparker__datastore__init-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/datastore/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/datastore/snapshots/test_noseyparker__datastore__init.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/datastore/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/generate/mod.rs: -------------------------------------------------------------------------------- 1 | //! Tests for Nosey Parker `generate` functionality 2 | 3 | use super::*; 4 | 5 | #[test] 6 | fn generate_json_schema() { 7 | let cmd = noseyparker_success!("generate", "json-schema"); 8 | 9 | let output = cmd.get_output(); 10 | let status = output.status; 11 | assert!(status.success()); 12 | let stdout: serde_json::Value = serde_json::from_slice(&output.stdout).unwrap(); 13 | assert_json_snapshot!(stdout); 14 | let stderr = String::from_utf8(output.stderr.clone()).unwrap(); 15 | assert_eq!(stderr, ""); 16 | } 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url1-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url1-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stderr 4 | --- 5 | error: a non-default value for `--github-api-url` is required when using `--all-github-organizations` 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url1.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url2-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url2-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stderr 4 | --- 5 | error: a non-default value for `--github-api-url` is required when using `--all-github-organizations` 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url3-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url3-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stderr 4 | --- 5 | error: a non-default value for `--github-api-url` is required when using `--all-github-organizations` 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url4-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url4-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stderr 4 | --- 5 | error: a non-default value for `--github-api-url` is required when using `--all-github-organizations` 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_all_organizations_no_api_url4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_noargs-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_noargs-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: stderr 4 | --- 5 | Error: No repositories specified 6 | 7 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_noargs.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_org_badtoken-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_org_badtoken-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stderr 4 | --- 5 | Error: Failed to enumerate GitHub repositories: error making request: HTTP status client error (401 Unauthorized) for url (https://api.github.com/rate_limit): HTTP status client error (401 Unauthorized) for url (https://api.github.com/rate_limit) 6 | 7 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_org_badtoken.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_user_badtoken-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_user_badtoken-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/github/mod.rs 3 | expression: stderr 4 | --- 5 | Error: Failed to enumerate GitHub repositories: error making request: HTTP status client error (401 Unauthorized) for url (https://api.github.com/rate_limit): HTTP status client error (401 Unauthorized) for url (https://api.github.com/rate_limit) 6 | 7 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/github/snapshots/test_noseyparker__github__github_repos_list_user_badtoken.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_github.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_datastore-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_datastore.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_repos-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_repos.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_repos_short-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | Interact with GitHub repositories 6 | 7 | Usage: noseyparker github repos [OPTIONS] 8 | 9 | Commands: 10 | list List repositories belonging to a specific user or organization 11 | help Print this message or the help of the given subcommand(s) 12 | 13 | Options: 14 | --github-api-url Use the specified URL for GitHub API access [default: 15 | https://api.github.com/] [aliases: api-url] 16 | -h, --help Print help (see more with '--help') 17 | 18 | Global Options: 19 | -v, --verbose... Enable verbose output 20 | -q, --quiet Suppress non-error feedback messages 21 | --color Enable or disable colored output [default: auto] [possible values: auto, 22 | never, always] 23 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 24 | never, always] 25 | --ignore-certs Ignore validation of TLS certificates 26 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_repos_short-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_repos_short.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_short-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | Interact with GitHub 6 | 7 | Usage: noseyparker github [OPTIONS] 8 | 9 | Commands: 10 | repos Interact with GitHub repositories 11 | help Print this message or the help of the given subcommand(s) 12 | 13 | Options: 14 | --github-api-url Use the specified URL for GitHub API access [default: 15 | https://api.github.com/] [aliases: api-url] 16 | -h, --help Print help (see more with '--help') 17 | 18 | Global Options: 19 | -v, --verbose... Enable verbose output 20 | -q, --quiet Suppress non-error feedback messages 21 | --color Enable or disable colored output [default: auto] [possible values: auto, 22 | never, always] 23 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 24 | never, always] 25 | --ignore-certs Ignore validation of TLS certificates 26 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_short-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_github_short.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_nogithub-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_nogithub.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_report-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_report.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_report_short-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | Report detailed scan findings 6 | 7 | Usage: noseyparker report [OPTIONS] 8 | 9 | Options: 10 | -d, --datastore Use the specified datastore [env: NP_DATASTORE=] [default: datastore.np] 11 | -h, --help Print help (see more with '--help') 12 | 13 | Filtering Options: 14 | --max-matches Limit the number of matches per finding to at most N [default: 3] 15 | --max-provenance Limit the number of provenance entries per match to at most N 16 | [default: 3] 17 | --min-score Only report findings that have a mean score of at least N 18 | [default: 0.05] 19 | --finding-status Include only findings with the assigned status [possible values: 20 | accept, reject, mixed, null] 21 | --suppress-redundant Suppress redundant matches and findings [default: true] [possible 22 | values: true, false] 23 | 24 | Output Options: 25 | -o, --output Write output to the specified path 26 | -f, --format Write output in the specified format [default: human] [possible values: 27 | human, json, jsonl, sarif] 28 | 29 | Global Options: 30 | -v, --verbose... Enable verbose output 31 | -q, --quiet Suppress non-error feedback messages 32 | --color Enable or disable colored output [default: auto] [possible values: auto, 33 | never, always] 34 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 35 | never, always] 36 | --ignore-certs Ignore validation of TLS certificates 37 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_report_short-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_report_short.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_rules-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_rules.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan_nogithub-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan_nogithub.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan_short-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan_short.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan_short_nogithub-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_scan_short_nogithub.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_short-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | Nosey Parker is a command-line program that finds secrets and sensitive information in textual data 6 | and Git history. 7 | 8 | Usage: noseyparker [OPTIONS] 9 | 10 | Commands: 11 | scan Scan content for secrets 12 | summarize Summarize scan findings 13 | report Report detailed scan findings 14 | github Interact with GitHub 15 | datastore Manage datastores 16 | rules Manage rules and rulesets 17 | annotations Manage annotations (experimental) 18 | generate Generate Nosey Parker release assets 19 | help Print this message or the help of the given subcommand(s) 20 | 21 | Options: 22 | -h, --help Print help (see more with '--help') 23 | -V, --version Print version 24 | 25 | Global Options: 26 | -v, --verbose... Enable verbose output 27 | -q, --quiet Suppress non-error feedback messages 28 | --color Enable or disable colored output [default: auto] [possible values: auto, 29 | never, always] 30 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 31 | never, always] 32 | --ignore-certs Ignore validation of TLS certificates 33 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_short-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_short.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_short_nogithub-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | Nosey Parker is a command-line program that finds secrets and sensitive information in textual data 6 | and Git history. 7 | 8 | Usage: noseyparker [OPTIONS] 9 | 10 | Commands: 11 | scan Scan content for secrets 12 | summarize Summarize scan findings 13 | report Report detailed scan findings 14 | datastore Manage datastores 15 | rules Manage rules and rulesets 16 | annotations Manage annotations (experimental) 17 | generate Generate Nosey Parker release assets 18 | help Print this message or the help of the given subcommand(s) 19 | 20 | Options: 21 | -h, --help Print help (see more with '--help') 22 | -V, --version Print version 23 | 24 | Global Options: 25 | -v, --verbose... Enable verbose output 26 | -q, --quiet Suppress non-error feedback messages 27 | --color Enable or disable colored output [default: auto] [possible values: auto, 28 | never, always] 29 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 30 | never, always] 31 | --ignore-certs Ignore validation of TLS certificates 32 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_short_nogithub-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_short_nogithub.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_summarize-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_summarize.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_summarize_short-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | Summarize scan findings 6 | 7 | Usage: noseyparker summarize [OPTIONS] 8 | 9 | Options: 10 | -d, --datastore Use the specified datastore [env: NP_DATASTORE=] [default: datastore.np] 11 | -h, --help Print help (see more with '--help') 12 | 13 | Output Options: 14 | -o, --output Write output to the specified path 15 | -f, --format Write output in the specified format [default: human] [possible values: 16 | human, json, jsonl] 17 | 18 | Global Options: 19 | -v, --verbose... Enable verbose output 20 | -q, --quiet Suppress non-error feedback messages 21 | --color Enable or disable colored output [default: auto] [possible values: auto, 22 | never, always] 23 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 24 | never, always] 25 | --ignore-certs Ignore validation of TLS certificates 26 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_summarize_short-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__help_summarize_short.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__no_args-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__no_args-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | Nosey Parker is a command-line program that finds secrets and sensitive information in textual data 6 | and Git history. 7 | 8 | Usage: noseyparker [OPTIONS] 9 | 10 | Commands: 11 | scan Scan content for secrets 12 | summarize Summarize scan findings 13 | report Report detailed scan findings 14 | github Interact with GitHub 15 | datastore Manage datastores 16 | rules Manage rules and rulesets 17 | annotations Manage annotations (experimental) 18 | generate Generate Nosey Parker release assets 19 | help Print this message or the help of the given subcommand(s) 20 | 21 | Options: 22 | -h, --help Print help (see more with '--help') 23 | -V, --version Print version 24 | 25 | Global Options: 26 | -v, --verbose... Enable verbose output 27 | -q, --quiet Suppress non-error feedback messages 28 | --color Enable or disable colored output [default: auto] [possible values: auto, 29 | never, always] 30 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 31 | never, always] 32 | --ignore-certs Ignore validation of TLS certificates 33 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__no_args.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__no_args_nogithub-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__no_args_nogithub-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | Nosey Parker is a command-line program that finds secrets and sensitive information in textual data 6 | and Git history. 7 | 8 | Usage: noseyparker [OPTIONS] 9 | 10 | Commands: 11 | scan Scan content for secrets 12 | summarize Summarize scan findings 13 | report Report detailed scan findings 14 | datastore Manage datastores 15 | rules Manage rules and rulesets 16 | annotations Manage annotations (experimental) 17 | generate Generate Nosey Parker release assets 18 | help Print this message or the help of the given subcommand(s) 19 | 20 | Options: 21 | -h, --help Print help (see more with '--help') 22 | -V, --version Print version 23 | 24 | Global Options: 25 | -v, --verbose... Enable verbose output 26 | -q, --quiet Suppress non-error feedback messages 27 | --color Enable or disable colored output [default: auto] [possible values: auto, 28 | never, always] 29 | --progress Enable or disable progress bars [default: auto] [possible values: auto, 30 | never, always] 31 | --ignore-certs Ignore validation of TLS certificates 32 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__no_args_nogithub.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__version_command-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/test_noseyparker_help.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__version_command-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/test_noseyparker_help.rs 3 | expression: stderr 4 | --- 5 | error: unrecognized subcommand 'version' 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__version_command.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/test_noseyparker_help.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__version_long-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stdout 4 | --- 5 | noseyparker 0.25.0-dev 6 | 7 | Build Configuration: 8 | 9 | Build Timestamp: 10 | 11 | Commit Timestamp: 12 | Commit Branch: 13 | Commit SHA: 14 | 15 | Cargo Features: 16 | Debug: 17 | Optimization: 18 | Target Triple: 19 | 20 | Build System: 21 | 22 | OS: 23 | OS Version: 24 | 25 | CPU Vendor: 26 | CPU Brand: 27 | CPU Cores: 28 | 29 | rustc Version: 30 | rustc Channel: 31 | rustc Host Triple: 32 | rustc Commit Date: 33 | rustc Commit SHA: 34 | rustc LLVM Version: 35 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__version_long-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/help/snapshots/test_noseyparker__help__version_long.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/help/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_nonexistent_default_datastore-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_nonexistent_default_datastore-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: stderr 4 | --- 5 | Error: Failed to open datastore at datastore.np: unable to open database file: datastore.np/datastore.db: Error code 14: Unable to open the database file 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_nonexistent_default_datastore.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_output_colors1.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: output1_contents 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc) 10 | File: 11 | Blob: 12 | Lines: 3:12-3:51 13 | 14 | # This is fake configuration data 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_unlimited_matches-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc) 10 | File: 11 | Blob: 12 | Lines: 3:12-3:51 13 | 14 | # This is fake configuration data 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_unlimited_matches-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/report/snapshots/test_noseyparker__report__report_unlimited_matches.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/report/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/mod.rs: -------------------------------------------------------------------------------- 1 | //! Tests for Nosey Parker's `rules` command 2 | 3 | use super::*; 4 | 5 | /// Check the default list of rules in Nosey Parker using a snapshot test. 6 | /// This will alert us to when the default rules have changed for some reason (usually because a 7 | /// rule has been added). 8 | #[test] 9 | fn rules_list_noargs() { 10 | assert_cmd_snapshot!(noseyparker_success!("rules", "list")); 11 | } 12 | 13 | #[test] 14 | fn rules_list_json() { 15 | assert_cmd_snapshot!(noseyparker_success!("rules", "list", "--format=json")); 16 | } 17 | 18 | /// No JSONL format support for the `rules list` command 19 | #[test] 20 | fn rules_list_jsonl() { 21 | assert_cmd_snapshot!(noseyparker_failure!("rules", "list", "-f", "jsonl")); 22 | } 23 | 24 | /// Check the default rules using the built-in linter. 25 | #[test] 26 | fn rules_check_builtins() { 27 | assert_cmd_snapshot!(noseyparker_success!("rules", "check", "--warnings-as-errors")); 28 | } 29 | 30 | /// Check that the `rules list --builtins false` option works as expected 31 | #[test] 32 | fn rules_list_no_builtins() { 33 | assert_cmd_snapshot!(noseyparker_success!("rules", "list", "--load-builtins=false")); 34 | } 35 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stdout 4 | --- 5 | 185 rules and 3 rulesets: no issues detected 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_jsonl-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_jsonl-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stderr 4 | --- 5 | error: invalid value 'jsonl' for '--format ' 6 | [possible values: human, json] 7 | 8 | tip: a similar value exists: 'json' 9 | 10 | For more information, try '--help'. 11 | 12 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_jsonl.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_no_builtins-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stdout 4 | --- 5 | Rule ID Rule Name Categories 6 | ────────────────────────────────── 7 | 8 | Ruleset ID Ruleset Name Rules 9 | ─────────────────────────────────── 10 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_no_builtins-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_no_builtins.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/rules/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/appmaker/snapshots/test_noseyparker__scan__appmaker__scan_workflow_from_git_url-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/appmaker/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ────────────────────────────────────────────────────────────────────────────────────── 7 | AWS API Credentials 1 1 0 0 0 1 8 | AWS API Key 3 3 0 0 0 3 9 | AWS S3 Bucket 3 13 0 0 0 3 10 | AWS Secret Access Key 1 1 0 0 0 1 11 | Amazon Resource Name 3 3 0 0 0 3 12 | Generic Secret 3 3 0 0 0 3 13 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/appmaker/snapshots/test_noseyparker__scan__appmaker__scan_workflow_from_git_url-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/appmaker/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/appmaker/snapshots/test_noseyparker__scan__appmaker__scan_workflow_from_git_url.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/appmaker/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_default_datastore-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: json_output 4 | --- 5 | [] 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_default_datastore-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_default_datastore-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_default_datastore-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | error: the default datastore at datastore.np exists; explicitly specify the datastore if you wish to update it 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_default_datastore.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: json_output 4 | --- 5 | [] 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_1-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────────────────────────────── 7 | GitHub Personal Access Token 1 1 0 0 0 1 8 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_1-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_1-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_1-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc) 10 | Extended Provenance: {"filename":"input.txt"} 11 | Blob: 12 | Lines: 3:12-3:51 13 | 14 | # This is fake configuration data 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_1-6.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_1.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_base64_1-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────────────────────────────── 7 | GitHub Personal Access Token 1 1 0 0 0 1 8 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_base64_1-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_base64_1-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_base64_1-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc) 10 | Extended Provenance: {"filename":"input.txt"} 11 | Blob: 12 | Lines: 3:12-3:51 13 | 14 | # This is fake configuration data 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_base64_1-6.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_base64_1.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_string_provenance-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────────────────────────────── 7 | GitHub Personal Access Token 1 1 0 0 0 1 8 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_string_provenance-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_string_provenance-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_string_provenance-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc) 10 | Extended Provenance: "input.txt" 11 | Blob: 12 | Lines: 3:12-3:51 13 | 14 | # This is fake configuration data 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_string_provenance-6.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_enumerator_string_provenance.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────────────────────────────── 7 | GitHub Personal Access Token 1 1 0 0 0 1 8 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc) 10 | File: 11 | Blob: 12 | Lines: 3:12-3:51 13 | 14 | # This is fake configuration data 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1-6.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1-7.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: json_output 4 | --- 5 | [ 6 | { 7 | "comment": null, 8 | "finding_id": "d551329ba5578559646aa49467be47e9d496578d", 9 | "groups": [ 10 | "Z2hwX1hJeEI3S01OZEFyM3pxV3RRcWhFOTRxZ2xIcU96bjFEMXN0Zw==" 11 | ], 12 | "matches": [ 13 | { 14 | "blob_id": "bef17e1f92978931020b423cfcfb6f1e7381d559", 15 | "blob_metadata": { 16 | "charset": null, 17 | "id": "bef17e1f92978931020b423cfcfb6f1e7381d559", 18 | "mime_essence": "text/plain", 19 | "num_bytes": 104 20 | }, 21 | "comment": null, 22 | "groups": [ 23 | "Z2hwX1hJeEI3S01OZEFyM3pxV3RRcWhFOTRxZ2xIcU96bjFEMXN0Zw==" 24 | ], 25 | "location": { 26 | "offset_span": { 27 | "end": 103, 28 | "start": 63 29 | }, 30 | "source_span": { 31 | "end": { 32 | "column": 51, 33 | "line": 3 34 | }, 35 | "start": { 36 | "column": 12, 37 | "line": 3 38 | } 39 | } 40 | }, 41 | "provenance": [ 42 | { 43 | "kind": "file", 44 | "path": "/input.txt" 45 | } 46 | ], 47 | "redundant_to": [], 48 | "rule_name": "GitHub Personal Access Token", 49 | "rule_structural_id": "f6c4fca24a1c7f275d51d2718a1585ca6e4ae664", 50 | "rule_text_id": "np.github.1", 51 | "score": null, 52 | "snippet": { 53 | "after": "\n", 54 | "before": "# This is fake configuration data\nUSERNAME=the_dude\nGITHUB_KEY=", 55 | "matching": "ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg" 56 | }, 57 | "status": null, 58 | "structural_id": "155cdfa3e16d6abc09ecb8a2f659c2f84f7b91fc" 59 | } 60 | ], 61 | "mean_score": null, 62 | "num_matches": 1, 63 | "num_redundant_matches": 0, 64 | "rule_name": "GitHub Personal Access Token", 65 | "rule_structural_id": "f6c4fca24a1c7f275d51d2718a1585ca6e4ae664", 66 | "rule_text_id": "np.github.1", 67 | "statuses": [] 68 | } 69 | ] 70 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__scan_fs_1.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__summarize_nonexistent_default_datastore-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__summarize_nonexistent_default_datastore-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: stderr 4 | --- 5 | Error: Failed to open datastore at datastore.np: unable to open database file: datastore.np/datastore.db: Error code 14: Unable to open the database file 6 | 7 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/basic/snapshots/test_noseyparker__scan__basic__summarize_nonexistent_default_datastore.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/basic/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/mod.rs: -------------------------------------------------------------------------------- 1 | use super::*; 2 | 3 | #[test] 4 | fn https_nonexistent() { 5 | let scan_env = ScanEnv::new(); 6 | 7 | let path = "https://example.com/nothere.git"; 8 | noseyparker_failure!("scan", "-d", scan_env.dspath(), "--git-url", path) 9 | .stderr(is_match(r"(?m)^Cloning into bare repository .*$")) 10 | .stderr(is_match(r"(?m)^fatal: (repository .* not found$|unable to access .*$)")) 11 | .stderr(is_match(r"(?m)^Error: No inputs to scan$")); 12 | } 13 | 14 | // Test what happens when there is no `git` binary but it is needed 15 | #[test] 16 | fn git_binary_missing() { 17 | let scan_env = ScanEnv::new(); 18 | 19 | let path = "https://github.com/praetorian-inc/noseyparker"; 20 | noseyparker!("scan", "-d", scan_env.dspath(), "--git-url", path) 21 | .env("PATH", "/dev/null") 22 | .assert() 23 | .failure() 24 | .stderr(is_match(r"Failed to clone .*: git execution failed:")) 25 | .stderr(is_match(r"(?m)^Error: No inputs to scan$")); 26 | } 27 | 28 | #[test] 29 | fn ssh_scheme() { 30 | let scan_env = ScanEnv::new(); 31 | let path = "ssh://example.com/nothere.git"; 32 | assert_cmd_snapshot!(noseyparker_failure!("scan", "-d", scan_env.dspath(), "--git-url", path)); 33 | } 34 | 35 | #[test] 36 | fn http_scheme() { 37 | let scan_env = ScanEnv::new(); 38 | let path = "http://example.com/nothere.git"; 39 | assert_cmd_snapshot!(noseyparker_failure!("scan", "-d", scan_env.dspath(), "--git-url", path)); 40 | } 41 | 42 | #[test] 43 | fn file_scheme() { 44 | let scan_env = ScanEnv::new(); 45 | let path = "file://example.com/nothere.git"; 46 | assert_cmd_snapshot!(noseyparker_failure!("scan", "-d", scan_env.dspath(), "--git-url", path)); 47 | } 48 | 49 | #[test] 50 | fn no_scheme() { 51 | let scan_env = ScanEnv::new(); 52 | let path = "nothere.git"; 53 | assert_cmd_snapshot!(noseyparker_failure!("scan", "-d", scan_env.dspath(), "--git-url", path)); 54 | } 55 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__file_scheme-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__file_scheme-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stderr 4 | --- 5 | error: invalid value 'file://example.com/nothere.git' for '--git-url ': only https URLs without credentials, query parameters, or fragment identifiers are supported 6 | 7 | For more information, try '--help'. 8 | 9 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__file_scheme.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__http_scheme-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__http_scheme-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stderr 4 | --- 5 | error: invalid value 'http://example.com/nothere.git' for '--git-url ': only https URLs without credentials, query parameters, or fragment identifiers are supported 6 | 7 | For more information, try '--help'. 8 | 9 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__http_scheme.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__no_scheme-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__no_scheme-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stderr 4 | --- 5 | error: invalid value 'nothere.git' for '--git-url ': only https URLs without credentials, query parameters, or fragment identifiers are supported 6 | 7 | For more information, try '--help'. 8 | 9 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__no_scheme.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__ssh_scheme-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__ssh_scheme-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: stderr 4 | --- 5 | error: invalid value 'ssh://example.com/nothere.git' for '--git-url ': only https URLs without credentials, query parameters, or fragment identifiers are supported 6 | 7 | For more information, try '--help'. 8 | 9 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/git_url/snapshots/test_noseyparker__scan__git_url__ssh_scheme.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: tests/test_noseyparker_scan.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/mod.rs: -------------------------------------------------------------------------------- 1 | use super::*; 2 | 3 | #[test] 4 | fn github_all_orgs_no_api_url() { 5 | let scan_env = ScanEnv::new(); 6 | assert_cmd_snapshot!(noseyparker_failure!( 7 | "scan", 8 | "-d", 9 | scan_env.dspath(), 10 | "--all-github-organizations" 11 | )); 12 | } 13 | 14 | #[test] 15 | fn github_all_orgs_explicit_default_api_url() { 16 | let scan_env = ScanEnv::new(); 17 | assert_cmd_snapshot!(noseyparker_failure!( 18 | "scan", 19 | "-d", 20 | scan_env.dspath(), 21 | "--all-github-organizations", 22 | "--github-api-url", 23 | "https://api.github.com" 24 | )); 25 | } 26 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/snapshots/test_noseyparker__scan__github__github_all_orgs_explicit_default_api_url-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/github/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/snapshots/test_noseyparker__scan__github__github_all_orgs_explicit_default_api_url-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/github/mod.rs 3 | expression: stderr 4 | --- 5 | error: a non-default value for `--github-api-url` is required when using `--all-github-organizations` 6 | 7 | Usage: noseyparker [OPTIONS] 8 | 9 | For more information, try '--help'. 10 | 11 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/snapshots/test_noseyparker__scan__github__github_all_orgs_explicit_default_api_url.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/github/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/snapshots/test_noseyparker__scan__github__github_all_orgs_no_api_url-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/github/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/snapshots/test_noseyparker__scan__github__github_all_orgs_no_api_url-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/github/mod.rs 3 | expression: stderr 4 | --- 5 | error: the following required arguments were not provided: 6 | --github-api-url 7 | 8 | Usage: noseyparker scan --github-api-url --datastore --all-github-organizations [INPUT]... 9 | 10 | For more information, try '--help'. 11 | 12 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/github/snapshots/test_noseyparker__scan__github__github_all_orgs_no_api_url.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/github/mod.rs 3 | expression: status 4 | --- 5 | exit status: 2 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/mod.rs: -------------------------------------------------------------------------------- 1 | //! Tests for Nosey Parker's `scan` command 2 | use super::*; 3 | 4 | mod appmaker; 5 | mod basic; 6 | mod copy_blobs; 7 | mod git_url; 8 | #[cfg(feature = "github")] 9 | mod github; 10 | mod snippet_length; 11 | mod with_ignore; 12 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-10.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-11.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-12.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 02f264f3a42f38d96d0069e4b91e3d3e66bf8b08) 10 | File: 11 | Blob: 12 | Lines: 30:12-30:51 13 | 14 | ta 15 | USERNAME=the_dude 16 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 17 | 18 | function lorem(ipsum, dolor = 19 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-13.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────────────────────────────── 7 | GitHub Personal Access Token 1 1 0 0 0 1 8 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-5.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stdout 4 | --- 5 | Finding 1/1 (id d551329ba5578559646aa49467be47e9d496578d) 6 | Rule: GitHub Personal Access Token 7 | Group: ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 8 | 9 | Match 1/1 (id 02f264f3a42f38d96d0069e4b91e3d3e66bf8b08) 10 | File: 11 | Blob: 12 | Lines: 30:12-30:51 13 | 14 | dude 15 | GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg 16 | 17 | function lorem 18 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-6.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-8.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length-9.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stdout 4 | --- 5 | Rule Findings Matches Accepted Rejected Mixed Unlabeled 6 | ───────────────────────────────────────────────────────────────────────────────────────────── 7 | GitHub Personal Access Token 1 1 0 0 0 1 8 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_changing_snippet_length.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_short_snippet_length-2.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stdout 4 | --- 5 | 6 | Rule Distinct Matches Total Matches 7 | ──────────────────────────────────────────────── 8 | AWS API Key 1 1 9 | 10 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_short_snippet_length-3.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_short_snippet_length-4.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_short_snippet_length-6.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: stderr 4 | --- 5 | 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_short_snippet_length-7.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: json_output 4 | --- 5 | [ 6 | { 7 | "match_content": "AKIADEADBEEFDEADBEEF", 8 | "matches": [ 9 | { 10 | "blob_id": "c3c55e6f7e1304573e25e85202e9f019bfc05087", 11 | "capture_group_index": 1, 12 | "location": { 13 | "offset_span": { 14 | "end": 752, 15 | "start": 732 16 | }, 17 | "source_span": { 18 | "end": { 19 | "column": 28, 20 | "line": 30 21 | }, 22 | "start": { 23 | "column": 9, 24 | "line": 30 25 | } 26 | } 27 | }, 28 | "match_content": "AKIADEADBEEFDEADBEEF", 29 | "provenance": { 30 | "kind": "file", 31 | "path": "/input.txt" 32 | }, 33 | "rule_name": "AWS API Key", 34 | "snippet": { 35 | "after": "\n\nfunction lorem", 36 | "before": "he_dude\nAWS_KEY=", 37 | "matching": "AKIADEADBEEFDEADBEEF" 38 | } 39 | } 40 | ], 41 | "num_matches": 1, 42 | "rule_name": "AWS API Key" 43 | } 44 | ] 45 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/scan/snippet_length/snapshots/test_noseyparker__scan__snippet_length__scan_short_snippet_length.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: crates/noseyparker-cli/tests/scan/snippet_length/mod.rs 3 | expression: status 4 | --- 5 | exit status: 0 6 | -------------------------------------------------------------------------------- /crates/noseyparker-cli/tests/test_noseyparker.rs: -------------------------------------------------------------------------------- 1 | //! Integration tests for Nosey Parker 2 | 3 | mod common; 4 | use common::*; 5 | 6 | mod datastore; 7 | 8 | mod generate; 9 | 10 | // XXX We'd like to actually run these tests when the `github` feature is disabled, but use 11 | // different snapshot files in that case. But that's not easy to do. 12 | #[cfg(feature = "github")] 13 | mod github; 14 | 15 | mod help; 16 | mod report; 17 | mod rules; 18 | mod scan; 19 | 20 | // TODO(test): add test for scanning with `--github-user` 21 | // TODO(test): add test for scanning with `--github-org` 22 | // TODO(test): add test for caching behavior of rescanning `--git-url` 23 | // TODO(test): add test for scanning multiple times with changing `--git-clone-mode` option 24 | // TODO(test): add test for scanning with `--git-clone-mode bare` and `--git-clone-mode mirror` 25 | // TODO(test): add test for scanning with `--github-api-url` 26 | // TODO(test): add test using a non-default `--github-api-url URL` 27 | // TODO(test): add tests for SARIF output format 28 | 29 | // TODO(test): add tests for blob metadata recording 30 | // TODO(test): add tests for rerunning with changing `--blob-metadata` and `--git-blob-provenance` options 31 | 32 | // TODO(test): add tests for trying to open existing datastores from other Nosey Parker versions 33 | // TODO(test): add tests for enumerating GitHub Enterprise with the `--ignore-certs` optino 34 | // TODO(test): add tests for `scan --git-url=URL --ignore-certs` 35 | // TODO(test): add test case that validates `report -f json` output against the JSON schema (see the `jsonschema` crate) 36 | // TODO(test) add test that failing to set rlimits at startup doesn't crash, but outputs a warning 37 | -------------------------------------------------------------------------------- /crates/noseyparker-digest/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "noseyparker-digest" 3 | edition.workspace = true 4 | rust-version.workspace = true 5 | license.workspace = true 6 | authors.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | version = "0.0.0" 10 | publish.workspace = true 11 | 12 | [dependencies] 13 | gix-hash = "0.18" 14 | hex = "0.4" 15 | 16 | [dev-dependencies] 17 | pretty_assertions = "1.3" 18 | -------------------------------------------------------------------------------- /crates/noseyparker-digest/src/lib.rs: -------------------------------------------------------------------------------- 1 | pub struct Sha1(gix_hash::Hasher); 2 | 3 | pub type Sha1Digest = [u8; 20]; 4 | 5 | impl Sha1 { 6 | pub fn new() -> Self { 7 | Self(gix_hash::hasher(gix_hash::Kind::Sha1)) 8 | } 9 | 10 | pub fn update(&mut self, input: &[u8]) { 11 | self.0.update(input); 12 | } 13 | 14 | pub fn hexdigest(self) -> String { 15 | self.0.try_finalize().unwrap().to_string() 16 | } 17 | 18 | pub fn digest(self) -> Sha1Digest { 19 | self.0 20 | .try_finalize() 21 | .unwrap() 22 | .as_bytes() 23 | .try_into() 24 | .unwrap() 25 | } 26 | } 27 | 28 | pub fn sha1_hexdigest(input: &[u8]) -> String { 29 | let mut h = Sha1::new(); 30 | h.update(input); 31 | h.hexdigest() 32 | } 33 | 34 | // XXX implement a Write instance for `Sha1`, in an attempt to avoid allocations for 35 | // formatting the input length. Not sure how well this actually avoids allocation. 36 | impl std::io::Write for Sha1 { 37 | #[inline] 38 | fn write(&mut self, buf: &[u8]) -> std::io::Result { 39 | self.0.update(buf); 40 | Ok(buf.len()) 41 | } 42 | 43 | #[inline] 44 | fn flush(&mut self) -> std::io::Result<()> { 45 | Ok(()) 46 | } 47 | } 48 | 49 | #[cfg(test)] 50 | mod tests { 51 | use super::*; 52 | use pretty_assertions::assert_eq; 53 | 54 | #[test] 55 | fn empty() { 56 | assert_eq!(sha1_hexdigest(&[]), "da39a3ee5e6b4b0d3255bfef95601890afd80709"); 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /crates/noseyparker-rules/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "noseyparker-rules" 3 | edition.workspace = true 4 | rust-version.workspace = true 5 | license.workspace = true 6 | authors.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | version = "0.0.0" 10 | publish.workspace = true 11 | 12 | [dependencies] 13 | anyhow = { version = "1.0" } 14 | ignore = "0.4" 15 | lazy_static = "1.4" 16 | noseyparker-digest = { path = "../noseyparker-digest" } 17 | regex = "1.7" 18 | serde = { version = "1.0", features = ["derive"] } 19 | serde_json = "1.0" 20 | serde_yaml = "0.9" 21 | tracing = "0.1" 22 | 23 | [dev-dependencies] 24 | pretty_assertions = "1.3" 25 | proptest = "1.0" 26 | -------------------------------------------------------------------------------- /crates/noseyparker-rules/src/lib.rs: -------------------------------------------------------------------------------- 1 | mod rule; 2 | mod rules; 3 | mod ruleset; 4 | mod util; 5 | 6 | pub use rule::{Rule, RuleSyntax}; 7 | pub use rules::Rules; 8 | pub use ruleset::RulesetSyntax; 9 | 10 | // ------------------------------------------------------------------------------------------------- 11 | // test 12 | // ------------------------------------------------------------------------------------------------- 13 | #[cfg(test)] 14 | mod test { 15 | use pretty_assertions::assert_eq; 16 | use proptest::prelude::*; 17 | // use proptest::string::string_regex; 18 | 19 | proptest! { 20 | // Idea: load up psst rules, and for each one, generate strings conforming to its pattern, then 21 | // check some properties. 22 | // 23 | // See https://altsysrq.github.io/proptest-book/proptest/tutorial/transforming-strategies.html 24 | #[test] 25 | fn regex_gen_noop(s in r"((?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})") { 26 | println!("{}", s); 27 | } 28 | } 29 | 30 | #[test] 31 | #[should_panic] 32 | fn failure() { 33 | assert_eq!(5, 42); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /crates/noseyparker-rules/src/ruleset.rs: -------------------------------------------------------------------------------- 1 | use anyhow::{Context, Result}; 2 | use serde::{Deserialize, Serialize}; 3 | use std::path::Path; 4 | use tracing::{debug, debug_span}; 5 | 6 | use crate::util; 7 | 8 | /// A syntactic representation describing a set of Nosey Parker rules. 9 | #[derive(Serialize, Deserialize, Debug, PartialEq, Eq, PartialOrd, Ord, Hash, Clone)] 10 | pub struct RulesetSyntax { 11 | /// A unique identifier for this ruleset 12 | pub id: String, 13 | 14 | /// A human-readable name for the ruleset 15 | pub name: String, 16 | 17 | /// A description of the ruleset 18 | pub description: String, 19 | 20 | /// A list of rule IDs included in the ruleset 21 | pub include_rule_ids: Vec, 22 | } 23 | 24 | impl RulesetSyntax { 25 | /// Load a ruleset from the given YAML file. 26 | pub fn from_yaml_file>(path: P) -> Result { 27 | let path = path.as_ref(); 28 | let _span = debug_span!("Ruleset::from_yaml_file", "{}", path.display()).entered(); 29 | let ruleset: Self = util::load_yaml_file(path) 30 | .with_context(|| format!("Failed to load ruleset YAML from {}", path.display()))?; 31 | debug!("Loaded ruleset of {} rules from {}", ruleset.num_rules(), path.display()); 32 | Ok(ruleset) 33 | } 34 | 35 | /// How many rules are listed in this ruleset? 36 | pub fn num_rules(&self) -> usize { 37 | self.include_rule_ids.len() 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /crates/noseyparker-rules/src/rulesets.rs: -------------------------------------------------------------------------------- 1 | use anyhow::{Context, Result}; 2 | use serde::{Deserialize, Serialize}; 3 | use std::path::Path; 4 | 5 | use crate::Ruleset; 6 | 7 | /// A collection of rulesets 8 | #[derive(Serialize, Deserialize)] 9 | pub struct Rulesets { 10 | pub rulesets: Vec, 11 | } 12 | 13 | impl Rulesets { 14 | pub fn from_paths_and_contents<'a, I: IntoIterator>( 15 | iterable: I, 16 | ) -> Result { 17 | let mut rulesets = Rulesets { 18 | rulesets: Vec::new(), 19 | }; 20 | for (path, contents) in iterable.into_iter() { 21 | let rs: Self = serde_yaml::from_reader(contents) 22 | .with_context(|| format!("Failed to load rulesets YAML from {}", path.display()))?; 23 | rulesets.extend(rs); 24 | } 25 | 26 | Ok(rulesets) 27 | } 28 | 29 | /// Create an empty collection of rulesets. 30 | pub fn new() -> Self { 31 | Self { 32 | rulesets: Vec::new(), 33 | } 34 | } 35 | 36 | /// How many rulesets are in this collection? 37 | #[inline] 38 | pub fn len(&self) -> usize { 39 | self.rulesets.len() 40 | } 41 | 42 | /// Is this collection of rulesets empty? 43 | #[inline] 44 | pub fn is_empty(&self) -> bool { 45 | self.rulesets.is_empty() 46 | } 47 | 48 | #[inline] 49 | pub fn iter(&self) -> std::slice::Iter<'_, Ruleset> { 50 | self.rulesets.iter() 51 | } 52 | } 53 | 54 | /// Creates an empty collection of rulesets. 55 | impl Default for Rulesets { 56 | fn default() -> Self { 57 | Self::new() 58 | } 59 | } 60 | 61 | impl Extend for Rulesets { 62 | fn extend>(&mut self, iter: T) { 63 | self.rulesets.extend(iter); 64 | } 65 | } 66 | 67 | impl IntoIterator for Rulesets { 68 | type Item = Ruleset; 69 | type IntoIter = as IntoIterator>::IntoIter; 70 | fn into_iter(self) -> Self::IntoIter { 71 | self.rulesets.into_iter() 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /crates/noseyparker-rules/src/util.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | use serde::de::DeserializeOwned; 3 | use std::fs::File; 4 | use std::io::BufReader; 5 | use std::path::Path; 6 | 7 | /// Load a value from a YAML file. 8 | pub fn load_yaml_file>(path: P) -> Result { 9 | let path = path.as_ref(); 10 | let infile = File::open(path)?; 11 | let reader = BufReader::new(infile); 12 | let result = serde_yaml::from_reader(reader)?; 13 | Ok(result) 14 | } 15 | -------------------------------------------------------------------------------- /crates/noseyparker/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | 3 | edition.workspace = true 4 | rust-version.workspace = true 5 | license.workspace = true 6 | authors.workspace = true 7 | homepage.workspace = true 8 | repository.workspace = true 9 | publish.workspace = true 10 | 11 | name = "noseyparker" 12 | version = "0.0.0" 13 | 14 | [lib] 15 | name = "noseyparker" 16 | path = "src/lib.rs" 17 | 18 | [features] 19 | # Enable per-rule runtime profiling, causing profile data to be dumped in a 20 | # table to stdout after scanning. 21 | rule_profiling = [] 22 | 23 | # Provide functionality for enumerating and interacting with GitHub. 24 | # If this is not enabled, no GitHub functionality will be available. 25 | github = ["dep:reqwest", "dep:tokio", "dep:secrecy", "dep:chrono"] 26 | 27 | 28 | [dependencies] 29 | anyhow = { version = "1.0" } 30 | atoi = "2.0" 31 | bstr = { version = "1.0", features = ["serde"] } 32 | bstring-serde = { path = "../bstring-serde" } 33 | chrono = { version = "0.4", default-features = false, features = ["std"], optional = true } 34 | console = "0.15" 35 | gix = { version = "0.72", features = ["max-performance", "serde"] } 36 | hex = "0.4" 37 | include_dir = { version = "0.7", features = ["glob"] } 38 | input-enumerator = { path = "../input-enumerator" } 39 | indoc = "2.0" 40 | lazy_static = "1.4" 41 | noseyparker-digest = { path = "../noseyparker-digest" } 42 | noseyparker-rules = { path = "../noseyparker-rules" } 43 | progress = { path = "../progress" } 44 | regex = "1.7" 45 | reqwest = { version = "0.12", features = ["json", "native-tls-vendored"], optional = true } 46 | rusqlite = { version = "0.35", features = ["bundled", "backup", "serde_json"] } 47 | schemars = { version = "0.8", features = ["smallvec"] } 48 | secrecy = { version = "0.10.0", optional = true } 49 | smallvec = { version = "1", features = ["const_generics", "const_new", "union"] } 50 | serde = { version = "1.0", features = ["derive", "rc"] } 51 | serde_json = { version = "1.0" } 52 | thiserror = "2" 53 | tokio = { version = "1.23", optional = true } 54 | tracing = "0.1" 55 | url = "2.3" 56 | vectorscan-rs = { version = "0.0.5" } 57 | 58 | [dev-dependencies] 59 | pretty_assertions = "1.3" 60 | test-case = "3" 61 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/adafruitio.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Adafruit IO Key 4 | id: np.adafruit.1 5 | 6 | pattern: | 7 | (?x) 8 | \b 9 | (aio\_[a-zA-Z0-9]{28}) 10 | \b 11 | 12 | examples: 13 | - '#define IO_KEY "aio_NrZCb67VvzSaM7fr3nMXrfZ1uMPH"' 14 | - 'export IO_KEY="aio_NrZCb67VvzSaM7fr3nMXrfZ1uMPH"' 15 | - 'ADAFRUIT_IO_KEY = "aio_NrZCb67VvzSaM7fr3nMXrfZ1uMPH"' 16 | 17 | references: 18 | - https://io.adafruit.com/api/docs 19 | 20 | categories: 21 | - api 22 | - secret 23 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/adobe.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Adobe OAuth Client Secret 4 | id: np.adobe.1 5 | 6 | pattern: | 7 | (?x)(?i) 8 | \b 9 | (p8e-[a-z0-9-]{32}) 10 | (?:[^a-z0-9-]|$) 11 | 12 | references: 13 | - https://developer.adobe.com/developer-console/docs/guides/authentication/ 14 | - https://developer.adobe.com/developer-console/docs/guides/authentication/OAuthIntegration/ 15 | - https://developer.adobe.com/developer-console/docs/guides/authentication/OAuth/ 16 | 17 | examples: 18 | - | 19 | { 20 | "client_credentials": { 21 | "client_id": "a65b0146769d433a835f36660881db50", 22 | "client_secret": "p8e-ibndcvsmAp9ZgPBZ606FSlYIZVlsZ-g5" 23 | }, 24 | 25 | categories: 26 | - api 27 | - secret 28 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/age.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Age Recipient (X25519 public key) 4 | id: np.age.1 5 | pattern: '\b(age1[0-9a-z]{58})\b' 6 | 7 | examples: 8 | - 'age1zvkyg2lqzraa2lnjvqej32nkuu0ues2s82hzrye869xeexvn73equnujwj' 9 | 10 | references: 11 | - https://age-encryption.org 12 | - https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html 13 | - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type 14 | 15 | categories: 16 | - identifier 17 | 18 | 19 | - name: Age Identity (X22519 secret key) 20 | id: np.age.2 21 | pattern: '\b(AGE-SECRET-KEY-1[0-9A-Z]{58})\b' 22 | 23 | examples: 24 | - | 25 | # created: 2022-09-26T21:55:47-05:00 26 | # public key: age1epzmwwzw8n09slh0c7z1z52x43nnga7lkksx3qrh07tqz5v7lcys45428t 27 | AGE-SECRET-KEY-1HJCRJVK7EE3A5N8CRP8YSEUGZKNW90Y5UR2RGYAS8L279LFP6LCQU5ADNR 28 | - 'AGE-SECRET-KEY-1GFPYYSJZGFPYYSJZGFPYYSJZGFPYYSJZGFPYYSJZGFPYYSJZGFPQ4EGAEX' 29 | 30 | references: 31 | - https://age-encryption.org 32 | - https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html 33 | - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type 34 | 35 | categories: 36 | - secret 37 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/anthropic.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Anthropic API Key 4 | id: np.anthropic.1 5 | 6 | pattern: | 7 | (?x) 8 | \b 9 | (sk-ant-api[0-9]{2}-[a-zA-Z0-9_-]{95}) 10 | (?: [^a-zA-Z0-9_-] | $ ) 11 | 12 | categories: [api, secret] 13 | 14 | description: > 15 | An Anthropic API key was found. 16 | Anthropic is an AI company. 17 | An attacker could use this API key to consume limited resources, cause denial-of-service, or access internal fine-tuned models. 18 | 19 | examples: 20 | - 'sk-ant-api03-jSq6OMjv1syXaEUE0bvOckLe_GtCKy8lvZdko3eOJgV8TH-f2iyzRekyZNSby5d9ScikGYuqQhsrxML3X3N3rQ-XwQaQAAA' 21 | - 'sk-ant-api03-f-SD8UXTHZuL3dhlRLMzMh7sxOopjFG510MC0B6g5Whzu2gM6gYJrQUduYWWQkG8XvkjeVj-MfYvtzMBF7NXSg-W34tmAAA' 22 | 23 | references: 24 | - https://docs.anthropic.com/en/api/getting-started 25 | - https://support.anthropic.com/en/articles/9767949-api-key-best-practices-keeping-your-keys-safe-and-secure 26 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/artifactory.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Artifactory API Key 4 | id: np.artifactory.1 5 | # FIXME: all the real ones start with `AKC`? 6 | pattern: '(?i)artifactory.{0,50}\b([a-z0-9]{73})\b' 7 | 8 | examples: 9 | - | 10 | export HOMEBREW_ARTIFACTORY_API_TOKEN=AKCp8igrDNFerC357m4422e4tmu7xB983QLPxJhKFcSMfoux2RFvp8rc4jC8t9ncdmYCMFD8W 11 | export HOMEBREW_ARTIFACTORY_API_USER=kashorn 12 | - 'jfrog rt dl --url=http://localhost:8071/artifactory --apikey=AKCp2WXX7SDvcsmny528sSDnaB3zACkNQoRcD8D1WmxhMV9gk6Wp8mVWC8bh38kJQbXagUT8Z generic-local/hello.txt' 13 | 14 | references: 15 | - https://jfrog.com/help/r/jfrog-rest-apis/introduction-to-the-artifactory-rest-apis 16 | 17 | categories: 18 | - api 19 | - fuzzy 20 | - secret 21 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/bitbucket.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Bitbucket App Password 4 | id: np.bitbucket.1 5 | 6 | pattern: | 7 | (?x) 8 | \b 9 | (ATBB[a-zA-Z0-9]{32}) 10 | \b 11 | 12 | examples: 13 | - 'git ls-remote https://gemesa:ATBB3g7gLXseCxPjJs1CQNMyEjwf1D12516D@bitbucket.org/***/***' 14 | 15 | references: 16 | - https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/ 17 | - https://support.atlassian.com/bitbucket-cloud/docs/using-app-passwords/ 18 | 19 | categories: 20 | - api 21 | - secret 22 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/codeclimate.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | # This rule detects the appearance of a or CodeClimate Reporter ID (aka Repo Token). 4 | # Such a token only has write access for coverage info from the corresponding 5 | # repository, and has no other access than that. 6 | # 7 | # However, a leaked token could still be used to upload fraudulent code 8 | # coverage data or cause abuse of services. 9 | - name: CodeClimate Reporter ID 10 | id: np.codeclimate.1 11 | 12 | pattern: | 13 | (?x) 14 | (?: CODECLIMATE_REPO_TOKEN | CC_TEST_REPORTER_ID) 15 | \s* [:=] \s* 16 | ([a-f0-9]{64})\b 17 | 18 | categories: 19 | - api 20 | - fuzzy 21 | - secret 22 | 23 | references: 24 | # Old reporters use `CODECLIMATE_REPO_TOKEN` 25 | - https://github.com/codeclimate/javascript-test-reporter 26 | - https://github.com/codeclimate/php-test-reporter 27 | - https://github.com/codeclimate/python-test-reporter 28 | - https://github.com/codeclimate/ruby-test-reporter 29 | - https://github.com/codeclimate/ruby-test-reporter/issues/34 30 | 31 | # New reporter uses `CC_TEST_REPORTER_ID` 32 | - https://docs.codeclimate.com/docs/finding-your-test-coverage-token#should-i-keep-my-test-reporter-id-secret 33 | 34 | examples: 35 | - ' - RAILS_ENV=test CODECLIMATE_REPO_TOKEN=d37a8b9e09642cb73cfcf4e1284815fc3d6a55a7714110187ac59856ae4ab5ad' 36 | 37 | - | 38 | - uses: paambaati/codeclimate-action@v2.2.4 39 | env: 40 | CC_TEST_REPORTER_ID: 945dfb58a832d233a3caeb84e3e6d3be212e8c7abcb48117fce63b9adcb43647 41 | 42 | 43 | 44 | # XXX: should add rules for CodeClimate API keys too: https://developer.codeclimate.com/#authentication 45 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/crates.io.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: crates.io API Key 4 | id: np.cratesio.1 5 | 6 | # It's a 32-character alphanumeric identifier prefixed by `cio` 7 | pattern: '\b(cio[a-zA-Z0-9]{32})\b' 8 | 9 | categories: [api, secret] 10 | 11 | references: 12 | - https://crates.io/data-access 13 | - https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs 14 | 15 | examples: 16 | - 'Bearer: ciotgp8BGZBlX192iExSQPm0SrUlBunG8zd' 17 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/databricks.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Databricks Personal Access Token 4 | id: np.databricks.1 5 | pattern: | 6 | (?x) 7 | \b 8 | ( 9 | dapi[a-f0-9]{32} 10 | (?: -[0-9]+ )? (?# optional -NUM suffix ) 11 | ) 12 | \b 13 | 14 | categories: [api, secret] 15 | 16 | references: 17 | - https://docs.databricks.com/en/dev-tools/auth/pat.html 18 | 19 | examples: 20 | - "DATABRICKS_TOKEN: 'dapicd295a7be286969133e18a58e4afe7bd-3'" 21 | - "dapif21ee53d2b3648c2a1ed38953312a203" 22 | 23 | negative_examples: 24 | - " dapiDataGetTopLongShortPositionRatio (params?: {}): Promise;" 25 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/dependency_track.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | # This detects occurrences of a Dependency-Track API key that uses the default 4 | # `odt_` key prefix. This prefix was set as the default in the Dependency-Track 5 | # v4.9.0 release on October 16, 2023. 6 | - name: Dependency-Track API Key 7 | id: np.dtrack.1 8 | pattern: '\b(odt_[A-Za-z0-9]{32,255})\b' 9 | 10 | categories: [api, secret] 11 | 12 | examples: 13 | - 'odt_KTJlDq2AGGGlqG4riKdT7p980AW8RlU5' 14 | - 'odt_ABCDDq2AGxGlrF4ribBT7p98AOM9TlU8' 15 | - 'odt_FHxhQGh77JAHHIYpZ818UQ0aYjXIdMIxxgeR' 16 | 17 | negative_examples: 18 | - 'KTJlDq2AGGGlqG8riKdT7p980AW8RlU5' 19 | - 'ABCDDq2AGxGlqG 4ribBT7p98AOM9TlU8' 20 | - 'FHxhQGh77_JAHHIYpZ818UQ0aYjXIdMIxxgeR' 21 | 22 | references: 23 | - https://docs.dependencytrack.org/integrations/rest-api/ 24 | - https://docs.dependencytrack.org/getting-started/configuration/ 25 | 26 | # Code that implements stuff related to the API key 27 | - https://github.com/stevespringett/Alpine/blob/92fdb7de7e5623b8c986de08997480036af5f472/alpine-model/src/main/java/alpine/model/ApiKey.java 28 | 29 | # Issue about adding support for the `odt_` default key prefix 30 | - https://github.com/DependencyTrack/dependency-track/pull/3047 31 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/digitalocean.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: DigitalOcean Application Access Token 4 | id: np.digitalocean.1 5 | 6 | pattern: | 7 | (?x)(?i) 8 | \b 9 | (doo_v1_[a-f0-9]{64}) 10 | \b 11 | 12 | categories: [api, secret] 13 | 14 | references: 15 | - https://docs.digitalocean.com/reference/api/ 16 | 17 | examples: 18 | - 'curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer doo_v1_c46dde8bd620fcc382e70d5d43be6eebb141fa2452e8f8fa882433377898ebf2" "https://api.digitalocean.com/v2/cdn/endpoints"' 19 | 20 | 21 | - name: DigitalOcean Personal Access Token 22 | id: np.digitalocean.2 23 | 24 | pattern: | 25 | (?x)(?i) 26 | \b 27 | (dop_v1_[a-f0-9]{64}) 28 | \b 29 | 30 | categories: [api, secret] 31 | 32 | references: 33 | - https://docs.digitalocean.com/reference/api/ 34 | 35 | examples: 36 | - 'token = "dop_v1_ef0e04edc13918192246e0c90f0735c7f4db7a5a036a857e48d6cc98f1c9576b"' 37 | 38 | 39 | - name: DigitalOcean Refresh Token 40 | id: np.digitalocean.3 41 | 42 | pattern: | 43 | (?x)(?i) 44 | \b 45 | (dor_v1_[a-f0-9]{64}) 46 | \b 47 | 48 | categories: [api, secret] 49 | 50 | references: 51 | - https://docs.digitalocean.com/reference/api/ 52 | 53 | examples: 54 | - ' "refresh_token": "dor_v1_d6ce5b93104521c47be0b580e9296454ef4a319b02b5513469f0ec71d99af2e2",' 55 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/django.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Django Secret Key 4 | id: np.django.1 5 | 6 | # This identifies cryptographic signing secrets in configuration files generated by `django-admin startproject`. 7 | pattern: | 8 | (?x) 9 | \#\ SECURITY\ WARNING:\ keep\ the\ secret\ key\ used\ in\ production\ secret! \s* 10 | .{0,5} SECRET_KEY \s* = \s* r?["'] ([^"'\n]{5,100}) ["'] 11 | 12 | categories: [fuzzy, secret] 13 | 14 | examples: 15 | - | 16 | # Quick-start development settings - unsuitable for production 17 | # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/ 18 | 19 | # SECURITY WARNING: keep the secret key used in production secret! 20 | SECRET_KEY = 'django-insecure-_du9e^cmago!%(^+=gr@cu@v9-v7ulhbk2s3!w&39w4+n3*k*$' 21 | 22 | # SECURITY WARNING: don't run with debug turned on in production! 23 | DEBUG = True 24 | 25 | - | 26 | # Quick-start development settings - unsuitable for production 27 | # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/ 28 | 29 | # SECURITY WARNING: keep the secret key used in production secret! 30 | # SECRET_KEY = 'django-insecure-_du9e^cmago!%(^+=gr@cu@v9-v7ulhbk2s3!w&39w4+n3*k*$' 31 | SECRET_KEY = 'hmm' 32 | 33 | # SECURITY WARNING: don't run with debug turned on in production! 34 | DEBUG = True 35 | 36 | 37 | references: 38 | - https://docs.djangoproject.com/en/5.1/ref/settings/#std-setting-SECRET_KEY 39 | - https://docs.djangoproject.com/en/5.1/topics/signing/ 40 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/dockerhub.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Docker Hub Personal Access Token 4 | id: np.dockerhub.1 5 | 6 | pattern: | 7 | (?x) 8 | \b 9 | (dckr_pat_[a-zA-Z0-9_-]{27}) 10 | (?: $ | [^a-zA-Z0-9_-] ) 11 | 12 | categories: [api, secret] 13 | 14 | examples: 15 | - docker login -u gemesa -p dckr_pat_hc8VxYclixyTr2rDFsa2rqzkP3Y 16 | - docker login -u gemesa -p dckr_pat_tkzBYxjNNC3R_Yg6jd_O-G8FbrJ 17 | - docker login -u gemesa -p dckr_pat_1q8yKET1VDJTpfCwseUDzT8vFh- 18 | 19 | references: 20 | - https://docs.docker.com/security/for-developers/access-tokens/ 21 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/dropbox.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Dropbox Access Token 4 | id: np.dropbox.1 5 | 6 | pattern: | 7 | (?x) 8 | \b 9 | (sl\.[a-zA-Z0-9_-]{130,152}) 10 | (?: $ | [^a-zA-Z0-9_-] ) 11 | 12 | categories: [api, secret] 13 | 14 | examples: 15 | - 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"' 16 | # this one comes from dropbox example documentation; ends with a `-` 17 | - ' "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",' 18 | 19 | references: 20 | - https://developers.dropbox.com/oauth-guide 21 | - https://www.dropbox.com/developers/ 22 | - https://www.dropbox.com/developers/documentation/http/documentation 23 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/dynatrace.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Dynatrace Token 4 | id: np.dynatrace.1 5 | 6 | pattern: '\b(dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})\b' 7 | 8 | categories: [api, secret] 9 | 10 | examples: 11 | - | 12 | helmCharts: 13 | - name: dynatrace-operator 14 | namespace: dynatrace 15 | version: 0.4.1 16 | repo: https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable 17 | releaseName: dynatrace-operator 18 | includeCRDs: true 19 | valuesInline: 20 | apiUrl: https://fqp43822.live.dynatrace.com/api 21 | apiToken: dt0c01.FJEGSO2NBAXCOEA7WOSKOA2G.GGMUK6GJDH2TWLNKQT6F68FH22252VXP2F3QAMBUVUDV5TSYYHAWZVVFCUQLF2UA 22 | paasToken: dt0c01.QS7G6CAS5G64DLXFMEDEJ2O7.XVJQTFD2H7XG45V5RTDGA78GAI5W44MFTLZTUOMH4JEXPAV6NSEHUNGAYPIZGEIV 23 | 24 | references: 25 | - https://www.dynatrace.com/support/help/dynatrace-api 26 | - https://www.dynatrace.com/support/help/dynatrace-api/basics/dynatrace-api-authentication 27 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/facebook.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Facebook Secret Key 4 | id: np.facebook.1 5 | 6 | pattern: | 7 | (?x)(?i) 8 | \b (?: facebook | fb ) 9 | .? 10 | (?: api | app | application | client | consumer | customer | secret | key ) 11 | .? 12 | (?: key | oauth | sec | secret )? 13 | .{0,2} \s{0,20} .{0,2} \s{0,20} .{0,2} (?# string terminators, whitespace, binding operators, etc ) 14 | \b ([a-z0-9]{32}) \b 15 | 16 | references: 17 | - https://developers.facebook.com/docs/facebook-login/access-tokens/ 18 | 19 | categories: [api, fuzzy, secret] 20 | 21 | examples: 22 | - ' # config.facebook.key = "34cebc81c056a21bc66e212f947d73ec"' 23 | - " var fbApiKey = '0278fc1adf6dc1d82a156f306ce2c5cc';" 24 | - ' fbApiKey: "171e84fd57f430fc59afa8fad3dbda2a",' 25 | 26 | negative_examples: 27 | # XXX would be nice if the following matched 28 | - '\"fbconnectkey\";s:32:\"8f52d1586bd18a18e152289b00ed7d29\";' 29 | 30 | 31 | - name: Facebook Access Token 32 | id: np.facebook.2 33 | 34 | pattern: '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b' 35 | 36 | categories: [api, secret] 37 | 38 | references: 39 | - https://developers.facebook.com/docs/facebook-login/access-tokens/ 40 | 41 | examples: 42 | - "url = 'https://graph.facebook.com/me/friends?access_token=EAACEdEose0cBAD5XZCz5JXYvqyeJzcSvFZC42toHiWyfjhcZCMZBZCpE3uRJnEBsrhUEMRK1wWs6SsdiDCaCI1mYwyoNuMix2XZCpvsKbZB9TumtZBlcLeIpl4pa931Ce9rTinEAhtyVVZAAZAX4NmfpBUqWtzCRC0fX5GZBn7ZC28mPKAZDZD'" 43 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/figma.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Figma Personal Access Token 4 | id: np.figma.1 5 | 6 | # The key material looks like a v4 UUID with an extra 4 hex digits up front 7 | pattern: | 8 | (?x)(?i) 9 | figma.{0,20} 10 | \b 11 | ( 12 | [0-9a-f]{4}- 13 | [0-9a-f]{8}- 14 | [0-9a-f]{4}- 15 | [0-9a-f]{4}- 16 | [0-9a-f]{4}- 17 | [0-9a-f]{12} 18 | ) 19 | \b 20 | 21 | categories: [api, fuzzy, secret] 22 | 23 | references: 24 | - https://www.figma.com/developers/api 25 | - https://www.figma.com/developers/api#access-tokens 26 | 27 | examples: 28 | - "--header='X-Figma-Token: 1394-0ca7a5be-8e22-40ee-8c40-778d41ab2313'" 29 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/firecrawl.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Firecrawl API Key 4 | id: np.firecrawl.1 5 | pattern: '\b(fc-[a-f0-9]{32})\b' 6 | 7 | categories: [api, secret] 8 | 9 | description: > 10 | A Firecrawl API Key was found. 11 | Firecrawl provides LLM-centric services for web scraping and crawling. 12 | An attacker could use this API key to consume limited, possibly paid resources, or cause denial-of-service. 13 | 14 | references: 15 | - https://www.firecrawl.dev 16 | - https://docs.firecrawl.dev/api-reference/introduction#authentication 17 | 18 | examples: 19 | - 'app = FirecrawlApp(api_key="fc-7da8b1ca1d2150c496e91440d777fea8")' 20 | -------------------------------------------------------------------------------- /crates/noseyparker/data/default/builtin/rules/gitalk.yml: -------------------------------------------------------------------------------- 1 | rules: 2 | 3 | - name: Gitalk OAuth Credentials 4 | id: np.gitalk.1 5 | 6 | pattern: | 7 | (?x) 8 | \b 9 | new \s+ Gitalk \s* \( \s* \{ \s* 10 | clientID: \s* '([a-f0-9]{20})', \s* 11 | clientSecret: \s* '([a-f0-9]{40})', 12 | 13 | categories: [api, secret, fuzzy] 14 | 15 | description: > 16 | Gitalk OAuth credentials were found. 17 | Gitalk is a GitHub-based commenting system. 18 | An attacker may be able to use these credentials to impersonate the Gitalk 19 | app and control its data. 20 | 21 | references: 22 | - https://gitalk.github.io 23 | - https://github.com/gitalk/gitalk 24 | 25 | examples: 26 | - | 27 | new Gitalk({ 28 | clientID: 'd17d49be2e680b78a83d', 29 | clientSecret:'9363cb456dda6402cb71d65092490e75c9f11873', 30 | 31 | negative_examples: 32 | - | 33 | '\\n