Secret scanning emails contains duplicate secrets

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • 0
    • CtB - Improve Existing

      Issue Summary

      This is reproducible on Data Center: yes

      Users receive duplicate secrets when the email address or the name of the committer and pusher vary in terms of lower and upper case letters.

      Steps to Reproduce

      1. Configure a secret scanning rule for a repo
      2. Configure a user in bitbucket that has an uppercase email e.g. JOHNSMITH@atlassian.com
      3. Configure git to have the same email address that you entered, except lowercase e.g. johnsmith@atlassian.com
      4. Clone the repo that contains the secret scanning rules
      5. Make a commit containing the configured secret using an SSH key that is assigned to John Smith in bitbucket.

      Expected Results

      A single secret being detected 

      Actual Results

      2 secrets are detected

       

      Workaround

      Change the email address and/or user name in git to match what's been configured for the user in bitbucket. Alternatively, change the email address in Bitbucket to match what's been configured in git.  

        1. image-2023-12-18-13-18-27-669.png
          image-2023-12-18-13-18-27-669.png
          85 kB

            Assignee:
            Sunny Wu
            Reporter:
            David Jansons
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: