Skip to content

HYG-02: Real production AWS account ID committed in tracked files, violating the repo's .gitallowed policy #1167

Description

@cristim

Severity: P2. Confidence: high.

Affected files: internal/email/sender.go:517, internal/email/executed_notification_test.go:39, internal/email/template_renderers_test.go, frontend/src/__tests__/settings-accounts.test.ts:1240-1256, known_issues/23_ux_review_2026_04_22.md, .gitallowed:10

Evidence: git grep -l '540659244915' hits 5 tracked files (comment in sender.go, AccountLabel fixtures, settings-accounts external_id fixtures, a known_issues doc). This is provably the real deployment account: untracked terraform-apply-fargate.txt shows data.aws_caller_identity.current ... [id=540659244915]. The repo's own .gitallowed says: "DO NOT add a real account ID here. If a real account ID lands in the repo, rotate it and treat the leak seriously instead of silencing the scanner." All other fixtures use deliberate placeholders (123456789012 etc.).

Impact: The live account ID is published in a public repo (gh confirms visibility=PUBLIC; 4 of the files carry it on origin/main). Account IDs are not secrets but the repo's own policy treats them as sensitive: targeted phishing, ARN construction, bucket-policy probing, confused-deputy attempts. It also demonstrates the git-secrets gate has a hole - bare 12-digit numbers in labels/comments fall outside the registered regex shape.

Recommendation: Replace 540659244915 with an allowlisted placeholder in all five tracked files; investigate why git-secrets did not flag these commits; decide with the owner whether history scrubbing / treat-as-leak is warranted per the .gitallowed note.

Verifier verdict: confirmed - pushed to public main, not allowlisted, scanner-gap mechanism identified; P2 since account IDs are not credentials but this is a real published policy violation with a demonstrated gate hole.

Source: docs/reviews/codebase-review-2026-06-10.md (automated multi-dimension code review, adversarially verified for P1/P2)

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions