Valid `.rar` archive: `rardecode: filename required for multi volume archive`

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials

GNU Affero General Public License v3.0

17.39k stars 1.72k forks source link

Please review the Community Note before submitting

TruffleHog Version

Trace Output

./trufflehog filesystem /tmp/ClamAV-srcflat.tar.gz
🐷🔑🐷  TruffleHog. Unearth your secrets. 🐷🔑🐷

2024-06-06T19:11:05-04:00       info-0  trufflehog      running source  {"source_manager_worker_id": "6Ntve", "with_units": true}
2024-06-06T19:11:05-04:00       error   trufflehog      error unarchiving chunk.        {"source_manager_worker_id": "6Ntve", "unit": "/tmp/ClamAV-srcflat.tar.gz", "unit_kind": "unit", "timeout": 30, "error": "error extracting archive with format: .tar: handling file: ClamAV/inputs/clam-v2.rar: error extracting archive with format: .rar: rardecode: filename required for multi volume archive"}
2024-06-06T19:11:05-04:00       info-0  trufflehog      finished scanning       {"chunks": 186, "bytes": 1616313, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "42.63509ms", "trufflehog_version": "dev"}

Expected Behavior

The archive should be extracted and

$ file -i ClamAV-srcflat.tar.gz
ClamAV-srcflat.tar.gz: application/gzip; charset=binary
$ tar -tvf ClamAV-srcflat.tar.gz
drwxr-xr-x edwin/edwin       0 2008-01-08 08:08 ClamAV/
...
-rw-r--r-- edwin/edwin     364 2008-01-08 07:55 ClamAV/inputs/clam-v3.rar
-rw-r--r-- edwin/edwin     350 2008-01-08 07:55 ClamAV/inputs/clam-v2.rar
...
$ tar xzf ClamAV-srcflat.tar.gz
$ cd ClamAV/inputs
$ unrar x clam-v2.rar

UNRAR 6.11 beta 1 freeware      Copyright (c) 1993-2022 Alexander Roshal

Extracting from clam-v2.rar

Extracting  clam.exe                                                  OK
All OK

Actual Behavior

The file is not scanned because an error occurs.

Steps to Reproduce

Download https://github.com/MediaTek-Labs/llvm-test-suite/blob/f18a2f7572d9979210b79b657900940f977e93e4/MultiSource/Applications/ClamAV/ClamAV-srcflat.tar.gz
Scan file with TruffleHog
Observe reported error

Environment

N/A

Additional Context

N/A

References

N/A

$ /tmp/trufflehog/trufflehog filesystem /tmp/ClamAV 🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷 2024-06-07T09:07:02-04:00 info-0 trufflehog running source {"source_manager_worker_id": "qXQU2", "with_units": true} 2024-06-07T09:07:02-04:00 info-0 trufflehog error scanning filesystem {"source_manager_worker_id": "qXQU2", "unit": "/tmp/ClamAV/inputs/dbdir", "unit_kind": "unit", "path": "/tmp/ClamAV/inputs/dbdir", "error": "skipping symlink"} 2024-06-07T09:07:02-04:00 info-0 trufflehog error scanning filesystem {"source_manager_worker_id": "qXQU2", "unit": "/tmp/ClamAV/inputs/docs", "unit_kind": "unit", "path": "/tmp/ClamAV/inputs/docs", "error": "skipping symlink"} 2024-06-07T09:07:02-04:00 info-0 trufflehog error scanning filesystem {"source_manager_worker_id": "qXQU2", "unit": "/tmp/ClamAV/inputs/large.pcm", "unit_kind": "unit", "path": "/tmp/ClamAV/inputs/large.pcm", "error": "skipping symlink"} 2024-06-07T09:07:02-04:00 info-0 trufflehog error scanning filesystem {"source_manager_worker_id": "qXQU2", "unit": "/tmp/ClamAV/inputs/mei16v2.m2v", "unit_kind": "unit", "path": "/tmp/ClamAV/inputs/mei16v2.m2v", "error": "skipping symlink"} 2024-06-07T09:07:02-04:00 error trufflehog error unarchiving chunk. {"source_manager_worker_id": "qXQU2", "unit": "/tmp/ClamAV/inputs/clam-v2.rar", "unit_kind": "unit", "timeout": 30, "error": "error extracting archive with format: .rar: rardecode: filename required for multi volume archive"} 2024-06-07T09:07:02-04:00 info-0 trufflehog error scanning filesystem {"source_manager_worker_id": "qXQU2", "unit": "/tmp/ClamAV/inputs/tune", "unit_kind": "unit", "path": "/tmp/ClamAV/inputs/tune", "error": "skipping symlink"} 2024-06-07T09:07:03-04:00 info-0 trufflehog finished scanning {"chunks": 435, "bytes": 3785780, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "83.534879ms", "trufflehog_version": "dev"}

trufflesecurity / trufflehog