systeminformer
systeminformer copied to clipboard
winsiderss
Values starting with $ are not detected
Let's say I have a file that contains:
password: $ecret
And I use the following rule:
password:
description: Variable names referring to passwords
message: Password
severity: CRITICAL
key:
regex: ^\S*(passwords?|passwd|pass|pwd)_?(hash)?[0-9]*$
ignorecase: True
isAscii: True
value:
isUri: False
Why does it not detect $secret? If it's s$cret it will be detected.
Oh, also, if you have a value that contains € (i.e. s€cret). The output will be {"key": "password", "value": "s?cret", "file": "testfile.yml", "line": 1, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}
The Euro sign is not displayed properly.
Hey @erwinc1, that's a good one, thanks for reporting! Which version of whispers are you using?
Hey @erwinc1, this issue is addressed in 2.0.6 - https://github.com/adeptex/whispers
$ whispers -v
2.0.6
$ whispers /tmp/test.yml
{"key": "password", "value": "$ecret", "file": "/tmp/test.yml", "line": 1, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}
{"key": "passwd2", "value": "s\u20accret", "file": "/tmp/test.yml", "line": 2, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}
"value": "s\u20accret" is how Python serializes JSON..nothing to be done here, I think. Nevertheless, you could use human-readable format:
$ whispers -H /tmp/test.yml
[/tmp/test.yml:1:passwords:password:CRITICAL] password = $ecret
[/tmp/test.yml:2:passwords:password:CRITICAL] passwd2 = s€cret
Hope this helps.. Cheers