Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-19055

Secret scanning emails contains duplicate secrets

XMLWordPrintable

      Issue Summary

      This is reproducible on Data Center: yes

      Users receive duplicate secrets when the email address or the name of the committer and pusher vary in terms of lower and upper case letters.

      Steps to Reproduce

      1. Configure a secret scanning rule for a repo
      2. Configure a user in bitbucket that has an uppercase email e.g. JOHNSMITH@atlassian.com
      3. Configure git to have the same email address that you entered, except lowercase e.g. johnsmith@atlassian.com
      4. Clone the repo that contains the secret scanning rules
      5. Make a commit containing the configured secret using an SSH key that is assigned to John Smith in bitbucket.

      Expected Results

      A single secret being detected 

      Actual Results

      2 secrets are detected

       

      Workaround

      Change the email address and/or user name in git to match what's been configured for the user in bitbucket. Alternatively, change the email address in Bitbucket to match what's been configured in git.  

        1. image-2023-12-18-13-18-27-669.png
          image-2023-12-18-13-18-27-669.png
          85 kB

              509bae61989f Sunny Wu
              e74118b4e28d David Jansons
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: