Impact
At least one user experienced issues when attempting to add a payment method on the platform. The issue started on UTC-5 24-09-20 13:15 and was reactively discovered 7.3 months (TTD) later by a client reported through our help desk [1] that the platform displayed an error indicating a problem with the card during the payment method addition process. The problem was resolved in 11.5 hours (TTF), resulting in a total window of exposure of 7.4 months (WOE).
Cause
The system did not include validation or sanitization mechanisms to handle unexpected formatting in user-provided data, such as leading or trailing spaces in critical fields. This oversight allowed malformed input to propagate into external API calls, resulting in failures when required fields were inadvertently left empty [2].
Solution
Leading and trailing spaces were trimmed from the Business name
and Business ID
fields on the front and back-end. Additionally, the code that handles the API call to Treli was updated to manage such formatting issues more gracefully if they occur [3].
Conclusion
The team aims to identify edge cases better and enforce proper input validation so that such issues are either prevented or become easier to detect and fix. DATA_QUALITY < NCOMPLETE_PERSPECTIVE