Output contains duplicates
m1cm1c opened this issue · comments
Describe the bug
In some repos, there are duplicate findings.
To Reproduce
- Clone https://github.com/ethers-io/ethers.js
- Reset branch
mainto92761872for optimal reproduction (latest commit at the time of this writing) - Run
gitleaks detect --report-format json --report-path /tmp/output.json - In the output, search for:
"Match": "Key: '0xb96e9ccb774cc33213cbcb2c69d3cdae17b0fe4888a1ccd343cbd1a17fd98b18'",
"Secret": "0xb96e9ccb774cc33213cbcb2c69d3cdae17b0fe4888a1ccd343cbd1a17fd98b18",
This will yield 4 results: https://gist.github.com/m1cm1c/543c9e6dbcef42535fd39a13d8070f6f
5. Check out where the 1st result originates from:
$ git blame -p -L 52,52 73a0077fd38c6ae79f33a9d4d3cc128a904b4a6c -- "packages/testcases/lib.esm/generation-scripts/hdnode.js"
7c3ed406c23419d941f112baf7d7e7761f74b75d 63 52 1
author Richard Moore
author-mail <github@ricmoo.com>
author-time 1557874128
author-tz -0400
committer Richard Moore
committer-mail <github@ricmoo.com>
committer-time 1557874128
committer-tz -0400
summary Updated dist files.
filename packages/testcases/generation-scripts/hdnode.js
privateKey: '0xb96e9ccb774cc33213cbcb2c69d3cdae17b0fe4888a1ccd343cbd1a17fd98b18',
- Check out where the 2nd result originates from:
$ git blame -p -L 63,63 7c3ed406c23419d941f112baf7d7e7761f74b75d -- "packages/testcases/generation-scripts/hdnode.js"
7c3ed406c23419d941f112baf7d7e7761f74b75d 63 63 1
author Richard Moore
author-mail <github@ricmoo.com>
author-time 1557874128
author-tz -0400
committer Richard Moore
committer-mail <github@ricmoo.com>
committer-time 1557874128
committer-tz -0400
summary Updated dist files.
filename packages/testcases/generation-scripts/hdnode.js
privateKey: '0xb96e9ccb774cc33213cbcb2c69d3cdae17b0fe4888a1ccd343cbd1a17fd98b18',
They have the exact same origin: line 63 of packages/testcases/generation-scripts/hdnode.js in commit 7c3ed406c23419d941f112baf7d7e7761f74b75d
Expected behavior
There should be no duplicate results as defined by their origin according to git blame and all of their properties being identical.
Basic Info (please complete the following information):
- OS: Manjaro
- Gitleaks Version: 8.18.3 (latest)
cc @zricethezav
@m1cm1c these aren't duplicates since the secret is located in different lines in different files in different commits. Closing this issue.
you are right. in commit 73a0077fd38c6ae79f33a9d4d3cc128a904b4a6c, the line exists both in /packages/testcases/lib.esm/generation-scripts/hdnode.js (line 52) and in /packages/testcases/lib/generation-scripts/hdnode.js (line 63). i thought it was moved between two locations and therefore incorrectly shown twice in gitleak's output. but because it was introduced another time in commit 73a0077fd38c6ae79f33a9d4d3cc128a904b4a6c instead of merely moved, it makes perfect sense to show it another time in gitleak's output. i still don't understand why git blame says results 1 and 2 have the same origin even though they don't (it correctly says results 3 and 4 have different origins (these are the same lines too, even when considering whitespace, not just the same secret), so it can't be just because the lines are identical) but this clearly isn't a gitleaks issue
sorry for the trouble and thank you very much for your answer