Add TrueNAS API Key rule

praetorian-inc / noseyparker

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

Apache License 2.0

1.66k stars 79 forks source link

Add TrueNAS API Key rule #110

Closed gemesa closed 9 months ago

bradlarsen commented 9 months ago

Note, this TrueNAS API Key is not something that other secret scanners (Truffle Hog, GitLeaks, GitHub Advanced Security, GitGuardian) seem to have rules for. Thank you for your original research @gemesa!

bradlarsen commented 9 months ago

Try /truenas AND /\b(\d+-[a-zA-Z0-9]{64})\b// in GitHub search to see some examples. Without the additional search term, the regex is too expensive for GitHub to give results for (again, caused by lack of a distinctive prefix in the token format).

gemesa commented 9 months ago

TrueNAS has 2 APIs: WebSocket and REST API. I tested both and created 2 separate rules, what do you think?