Issue with Base64 Decoding of Escaped Characters in GCP Credentials

[CharanRoot]

Please review the Community Note before submitting

TruffleHog Version

trufflehog 3.68.5

Trace Output

https://gist.github.com/CharanRoot/906b0aab164904fdc0db44fccba2d3d2

Expected Behavior

TruffleHog should successfully detect GCP credentials encoded in Base64, even when the encoded data includes escaped characters such as \n and \.

Actual Behavior

When GCP credentials are encoded in Base64 with escape characters (such as \n and \), TruffleHog fails to detect them. However, it successfully identifies the same credentials when they are not encoded in Base64.

Steps to Reproduce

• Encode GCP credentials with Base64, ensuring to include escape characters like \n and \.
• Run TruffleHog to scan the repository containing the encoded credentials.
• Observe that TruffleHog does not detect the credentials.
• Decode the Base64-encoded credentials and run TruffleHog again.
• Notice that TruffleHog now successfully detects the credentials.

{"auths":{"gcr.io":{"username":"_json_key","password":"{\n \"type\": \"service_account\",\n \"project_id\": \"test-test\",\n \"private_key_id\": \"test\",\n \"private_key\": \"----n\",\n \"client_email\": \"testprod.iam.gserviceaccount.com\",\n \"client_id\": \"test\",\n \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n \"token_uri\": \"https://oauth2.googleapis.com/token\",\n \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/test-prod.iam.gserviceaccount.com\"\n}","auth":""}}}

Environment

• OS: MacOS - Sonoma
• Version: 14.3.1

Additional Context

References

• #0000