Add rules for certain .NET code patterns

CHANGELOG.md

@@ -6,6 +6,15 @@ All notable changes to the project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project aspires to use [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## Unreleased
+
+### Additions
+- New rules have been added:
+
+  - `Credentials in .NET System.DirectoryServices.DirectoryEntry` ([#234](https://github.com/praetorian-inc/noseyparker/pull/234))
+  - `Credentials in .NET System.Net.NetworkCredential` ([#234](https://github.com/praetorian-inc/noseyparker/pull/234))
+
+
 ## [v0.21.0](https://github.com/praetorian-inc/noseyparker/releases/v0.21.0) (2024-11-20)
 
 ### Changes

README.md

@@ -6,7 +6,7 @@ Nosey Parker is a command-line tool that finds secrets and sensitive information
 
 **Key features:**
 - It natively scans files, directories, and Git repository history
-- It uses regular expression matching with a set of [155 patterns](crates/noseyparker/data/default/builtin/rules) chosen for high signal-to-noise based on experience and feedback from offensive security engagements
+- It uses regular expression matching with a set of [157 patterns](crates/noseyparker/data/default/builtin/rules) chosen for high signal-to-noise based on experience and feedback from offensive security engagements
 - It deduplicates its findings, grouping matches together that share the same secret, which in practice can reduce review burden by 100x or more compared to other tools
 - It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 2 minutes on an older MacBook Pro
 - It scales: it has scanned inputs as large as 20TiB during security engagements

crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_check_builtins-2.snap

@@ -2,4 +2,4 @@
 source: crates/noseyparker-cli/tests/rules/mod.rs
 expression: stdout
 ---
-155 rules and 3 rulesets: no issues detected
+157 rules and 3 rulesets: no issues detected

crates/noseyparker-cli/tests/rules/snapshots/test_noseyparker__rules__rules_list_json-2.snap

@@ -1231,6 +1231,52 @@ expression: stdout
         ]
       }
     },
+    {
+      "id": "np.generic.7",
+      "structural_id": "9ec2aa50c06979127f00cbc82210f433154dd167",
+      "name": "Credentials in .NET System.Net.NetworkCredential",
+      "syntax": {
+        "name": "Credentials in .NET System.Net.NetworkCredential",
+        "id": "np.generic.7",
+        "pattern": "(?x)\n\\b\n(?: NetworkCredential | NETWORKCREDENTIAL | networkcredential )\n\\s* \\( \\s*\n  \" ( [^\"\\n]{3,50} ) \"               (?# username )\n  \\s* , \\s*\n  \" ( [^\"\\n]{3,50} ) \"               (?# password )\n\\s* \\)\n",
+        "examples": [
+          "sender.Credentials = new NetworkCredential(\"NuGets@example.com\", \"vzihlaquknriqlht\");\n",
+          "$webClient.Credentials = new-object System.Net.NetworkCredential(\"cidownload\", \"AP7JaG9ToerxBc6gWP5LcU2CNpb\");\n"
+        ],
+        "negative_examples": [],
+        "references": [
+          "https://learn.microsoft.com/en-us/dotnet/api/system.net.networkcredential"
+        ],
+        "categories": [
+          "fuzzy",
+          "generic",
+          "secret"
+        ]
+      }
+    },
+    {
+      "id": "np.generic.8",
+      "structural_id": "57113d55cc8becd246aeb9c912f60e35b26446dd",
+      "name": "Credentials in .NET System.DirectoryServices.DirectoryEntry",
+      "syntax": {
+        "name": "Credentials in .NET System.DirectoryServices.DirectoryEntry",
+        "id": "np.generic.8",
+        "pattern": "(?x)\n\\b\n(?: DirectoryEntry | DIRECTORYENTRY | directoryentry )\n\\s* \\( \\s*\n  \" ( [^\"\\n]{3,100} ) \"               (?# path )\n  \\s* , \\s*\n  \" ( [^\"\\n]{3,50} ) \"                (?# username )\n  \\s* , \\s*\n  \" ( [^\"\\n]{3,50} ) \"                (?# password )\n  (?: \\s* , \\s* [^)]{3,50} )?         (?# authentication type )\n\\s* \\)\n",
+        "examples": [
+          "$domain = New-Object DirectoryServices.DirectoryEntry(\"LDAP://10.10.10.1\",\"domain\\user\", \"secret\")\n",
+          "new DirectoryEntry(\"LDAP://EXAMPLE.COM\",\n          \"ADMNALRRHH@EXAMPLE.COM\",\n          \"Rrhh1234\");\n"
+        ],
+        "negative_examples": [],
+        "references": [
+          "https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.directoryentry"
+        ],
+        "categories": [
+          "fuzzy",
+          "generic",
+          "secret"
+        ]
+      }
+    },
     {
       "id": "np.github.1",
       "structural_id": "f6c4fca24a1c7f275d51d2718a1585ca6e4ae664",
@@ -3756,7 +3802,7 @@ expression: stdout
     {
       "id": "default",
       "name": "Nosey Parker default rules",
-      "num_rules": 134
+      "num_rules": 136
     },
     {
       "id": "np.assets",