You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TruffleHog should successfully detect GCP credentials encoded in Base64, even when the encoded data includes escaped characters such as \n and \.
Actual Behavior
When GCP credentials are encoded in Base64 with escape characters (such as \n and \), TruffleHog fails to detect them. However, it successfully identifies the same credentials when they are not encoded in Base64.
Steps to Reproduce
Encode GCP credentials with Base64, ensuring to include escape characters like \n and \.
Run TruffleHog to scan the repository containing the encoded credentials.
Observe that TruffleHog does not detect the credentials.
Decode the Base64-encoded credentials and run TruffleHog again.
Notice that TruffleHog now successfully detects the credentials.
Please review the Community Note before submitting
TruffleHog Version
trufflehog 3.68.5
Trace Output
https://gist.github.com/CharanRoot/906b0aab164904fdc0db44fccba2d3d2
Expected Behavior
TruffleHog should successfully detect GCP credentials encoded in Base64, even when the encoded data includes escaped characters such as \n and \.
Actual Behavior
When GCP credentials are encoded in Base64 with escape characters (such as \n and \), TruffleHog fails to detect them. However, it successfully identifies the same credentials when they are not encoded in Base64.
Steps to Reproduce
{"auths":{"gcr.io":{"username":"_json_key","password":"{\n \"type\": \"service_account\",\n \"project_id\": \"test-test\",\n \"private_key_id\": \"test\",\n \"private_key\": \"----n\",\n \"client_email\": \"testprod.iam.gserviceaccount.com\",\n \"client_id\": \"test\",\n \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n \"token_uri\": \"https://oauth2.googleapis.com/token\",\n \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/test-prod.iam.gserviceaccount.com\"\n}","auth":""}}}
Environment
Additional Context
References
The text was updated successfully, but these errors were encountered: