Values starting with $ are not detected

[erwinc1]

Let's say I have a file that contains:

password: $ecret
And I use the following rule:

password:
  description: Variable names referring to passwords
  message: Password
  severity: CRITICAL
  key:
    regex: ^\S*(passwords?|passwd|pass|pwd)_?(hash)?[0-9]*$
    ignorecase: True
    isAscii: True
  value:
    isUri: False

Why does it not detect $secret? If it's s$cret it will be detected.

[erwinc1]

Oh, also, if you have a value that contains € (i.e. s€cret). The output will be {"key": "password", "value": "s?cret", "file": "testfile.yml", "line": 1, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}

The Euro sign is not displayed properly.

[adeptex]

Hey @erwinc1, that's a good one, thanks for reporting! Which version of whispers are you using?

[erwinc1]

Version 2.0.5. @adeptex

[adeptex]

Hey @erwinc1, this issue is addressed in 2.0.6 - https://github.com/adeptex/whispers

$ whispers -v           
2.0.6
$ whispers /tmp/test.yml 
{"key": "password", "value": "$ecret", "file": "/tmp/test.yml", "line": 1, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}
{"key": "passwd2", "value": "s\u20accret", "file": "/tmp/test.yml", "line": 2, "rule_id": "password", "message": "Password", "severity": "CRITICAL"}

"value": "s\u20accret" is how Python serializes JSON..nothing to be done here, I think. Nevertheless, you could use human-readable format:

$ whispers -H /tmp/test.yml
[/tmp/test.yml:1:passwords:password:CRITICAL] password = $ecret
[/tmp/test.yml:2:passwords:password:CRITICAL] passwd2 = s€cret

Hope this helps.. Cheers