Skyscanner/whispers

Config.yml does not work

Closed this issue · 2 comments

cosad3s commented

I have a simple config.yaml:

rules:
  oauth: 
    description: OAuth attributes
    message: OAuth
    severity: MAJOR
    key:
      regex: .*(client_id|client_secret).*$
      ignorecase: True

My Python code:

import whispers

print("Scan file file.txt")
for secret in whispers.secrets(f"--config config.yml --rules oauth file.txt"):
    print(secret)

The scanned file:

client_secret=test

No secret is detected / displayed.

Maybe I do not clearly understand how to use config file ?

Thanks

cosad3s commented

Also, the example does not work in the README file:

The script:

from whispers.cli import parse_args
from whispers.core import run

src = "tests/fixtures"
configfile = "whispers/config.yml"
args = parse_args(["-c", configfile, src])
for secret in run(args):
  print(secret)

Output an error:

Traceback (most recent call last):
  File "/x/x/x/x/x/./whispers_test.py", line 1, in <module>
    from whispers.cli import parse_args
ModuleNotFoundError: No module named 'whispers.cli'

About the installation, I also tried to install whispers from source code instead of pip3 install whispers. As a result, Whispers does not work at all:

Traceback (most recent call last):
  File "/x/x/./whispers_test.py", line 1, in <module>
    from whispers.cli import parse_args
  File "/x/whispers/whispers/cli.py", line 8, in <module>
    from whispers.core import load_config, run
  File "/x/whispers/whispers/core.py", line 5, in <module>
    from whispers.secrets import WhisperSecrets
  File "/x/whispers/whispers/secrets.py", line 5, in <module>
    from whispers.plugins import WhisperPlugins
  File "/x/whispers/whispers/plugins/__init__.py", line 14, in <module>
    from whispers.plugins.json import Json
  File "/x/whispers/whispers/plugins/json.py", line 6, in <module>
    from whispers.plugins.traverse import StructuredDocument
  File "/x/whispers/whispers/plugins/traverse.py", line 2, in <module>
    from whispers.rules import WhisperRules
ImportError: cannot import name 'WhisperRules' from 'whispers.rules' (/x/whispers/whispers/rules/__init__.py)
cosad3s commented

Ok, I found that this library is kind of deprecated and forked to https://github.com/adeptex/whispers. I'll check this problem out in the issues.