Folders with sensitives names cause false positives and lead to crashes

[tombaileywzd]

Firstly, thank you for creating this tool. It is very helpful.

During a recent scan I noticed that folders with sensitive names (e.g. password, debugKeystore, etc) are flagged as problematic. I think that is a false positive that it should be safe to rule out? What's more, in the process of flagging these as issues whispers crashes with:

File "/usr/local/lib/python3.9/site-packages/whispers/core.py", line 88, in run
  for secret in whispers.scan(filename):
File "/usr/local/lib/python3.9/site-packages/whispers/secrets.py", line 90, in scan
  yield self.detect_secrets("file", plugin.filepath.as_posix(), plugin.filepath)
File "/usr/local/lib/python3.9/site-packages/whispers/secrets.py", line 83, in detect_secrets
  return self.rules.check(key, value, filepath, self.foundlines[filepath.as_posix()])
File "/usr/local/lib/python3.9/site-packages/whispers/rules/__init__.py", line 114, in check
  find_line_number(filepath, key, value, foundlines),
File "/usr/local/lib/python3.9/site-packages/whispers/utils.py", line 104, in find_line_number
  for line_number, line in enumerate(filepath.open().readlines(), 1):
File "/usr/local/Cellar/python@3.9/3.9.1/Frameworks/Python.framework/Versions/3.9/lib/python3.9/pathlib.py", line 1241, in open
  return io.open(self, mode, buffering, encoding, errors, newline,
IsADirectoryError: [Errno 21] Is a directory: ...

This seems to stem from whispers expecting a file for which it can determine a line number but actually it is dealing with a folder. See

whispers/whispers/rules/__init__.py

Line 114 in 031d6be

find_line_number(filepath, key, value, foundlines),

A temporary workaround for anyone with this issue is to simply rename the problematic folder to something that won't cause a false positive.

[adeptex]

hey @tombaileywzd, nice finding! I will patch it up, should be a one-liner check if what we are opening is a file.