Add Docker Hub Personal Access Token rule

CHANGELOG.md

@@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - New rules have been added:
 
+  - Docker Hub Personal Access Token
   - WireGuard Private Key
   - WireGuard Preshared Key
 

README.md

@@ -4,7 +4,7 @@ Nosey Parker is a command-line tool that finds secrets and sensitive information
 
 **Key features:**
 - It supports scanning files, directories, and the entire history of Git repositories
-- It uses regular expression matching with a set of 116 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
+- It uses regular expression matching with a set of 117 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
 - It groups matches together that share the same secret, further emphasizing signal over noise
 - It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 2 minutes on an older MacBook Pro
 

crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap

@@ -2,5 +2,5 @@
 source: crates/noseyparker-cli/tests/rules/mod.rs
 expression: stdout
 ---
-116 rules and 3 rulesets: no issues detected
+117 rules and 3 rulesets: no issues detected
 

crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap

@@ -72,6 +72,10 @@ expression: stdout
       "id": "np.digitalocean.3",
       "name": "DigitalOcean Refresh Token"
     },
+    {
+      "id": "np.dockerhub.1",
+      "name": "Docker Hub Personal Access Token"
+    },
     {
       "id": "np.dtrack.1",
       "name": "Dependency-Track API Key"
@@ -473,7 +477,7 @@ expression: stdout
     {
       "id": "default",
       "name": "Nosey Parker default rules",
-      "num_rules": 96
+      "num_rules": 97
     },
     {
       "id": "np.assets",

crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_noargs-2.snap

@@ -22,6 +22,7 @@ expression: stdout
  np.digitalocean.1   DigitalOcean Application Access Token 
  np.digitalocean.2   DigitalOcean Personal Access Token 
  np.digitalocean.3   DigitalOcean Refresh Token 
+ np.dockerhub.1      Docker Hub Personal Access Token 
  np.dtrack.1         Dependency-Track API Key 
  np.dynatrace.1      Dynatrace Token 
  np.facebook.1       Facebook Secret Key 
@@ -124,7 +125,7 @@ expression: stdout
 
  Ruleset ID   Ruleset Name                         Rules 
 ─────────────────────────────────────────────────────────
- default      Nosey Parker default rules              96 
+ default      Nosey Parker default rules              97 
  np.assets    Nosey Parker asset detection rules      15 
  np.hashes    Nosey Parker password hash rules         5 
 

crates/noseyparker/data/default/builtin/rules/dockerhub.yml

@@ -0,0 +1,17 @@
+rules:
+
+- name: Docker Hub Personal Access Token
+  id: np.dockerhub.1
+
+  pattern: |
+    (?x)
+    \b
+    (dckr_pat_[a-zA-Z0-9_-]{27})
+    \b
+
+  examples:
+  - docker login -u gemesa -p dckr_pat_hc8VxYclixyTr2rDFsa2rqzkP3Y
+  - docker login -u gemesa -p dckr_pat_tkzBYxjNNC3R_Yg6jd_O-G8FbrJ
+
+  references:
+  - https://docs.docker.com/security/for-developers/access-tokens/

crates/noseyparker/data/default/builtin/rulesets/default.yml

@@ -29,6 +29,7 @@ rulesets:
   - np.digitalocean.1 # DigitalOcean Application Access Token
   - np.digitalocean.2 # DigitalOcean Personal Access Token
   - np.digitalocean.3 # DigitalOcean Refresh Token
+  - np.dockerhub.1    # Docker Hub Personal Access Token
   - np.dynatrace.1    # Dynatrace Token
   - np.facebook.1     # Facebook Secret Key
   - np.facebook.2     # Facebook Access Token