Inconsistent treatment of default file archive scanning behaviour depending upon data source

[0x736E]

Please review the Community Note before submitting

TruffleHog Version

v3.63.7 and later

Trace Output

N/A

Expected Behavior

TruffleHog should treat all data sources equally; unless the data source does not intrinsicly support a given feature or behaviour, then the default behaviour should be common amongst all data sources.

Actual Behavior

TruffleHog treats data sources differently when scanning for file archives. When scanning, the 'archive' handler may or may not be enabled, depending upon the data source. This results in secrets being found in file archives for some data sources but not others. There is also no mechanism for the user to enable or disable this behaviour.

The default behaviour as of v3.63.7 is as follows:

Data Source	skipArchives
CircleCI	False
Docker	False
FileSystem	False
GCS	False
Git	True
GitHub	False
GitLab	False
S3	False
SysLog	False
TravisCI	False

When we compare findings when scanned with the 'filesystem' and 'git' data sources we can see that the filesystem datasource scans and produces findings for the 10 secrets located in the zip file, however in the results from the scan which used the git data source we do not see this:

Steps to Reproduce

1. Create a zip file containing some secrets
2. Scan the folder containing the zip file with the filesystem data source configuration
3. Scan the folder containing the zip file with the git data source configuration
4. Compare the result

Environment

• OS: All
• Version v3.63.7 and above

Additional Context

Root cause analysis is located here:

• https://github.com/0x736E/trufflehog_v3_archive_bug

References

• Enable/Disable archive scanning from commandline #2505