Adding a rule for Databricks Personal Access Token detection

tobiasgyoerfi commented 4 months ago

Adding a rule for Databricks Personal Access Token detection and enabling it in the default ruleset.

bradlarsen commented 4 months ago

@tobiasgyoerfi thanks, this looks good!

P.S. I retrained the failing tests with cargo insta test --review.

bradlarsen commented 4 months ago

I also updated the CHANGELOG. Thank you for allowing maintainers to edit this pull request!

Thanks for the contribution 🍻

bradlarsen commented 4 months ago

Okay, I also used GitHub Code search to investigate the signal to noise of this new rule.

What you had originally written turns up many false positives. For example, searching for that pattern gives this result:

    dapiDataGetTopLongShortPositionRatio (params?: {}): Promise<implicitReturnType>;

I looked at some examples that appear to be real and noticed a couple things:

The token payload seems to be lowercase hexadecimal, not arbitrary alphabet characters
The dash only seems to appear as a -NUMBER suffix after the 32 payload characters

Making those changes produces far fewer false positives.

Thank you again!

praetorian-inc / noseyparker