Commit hash missing in location submissions
Incident Report for Fluid Attacks
Postmortem

Impact

At least one user experienced issues when reporting vulnerabilities on the platform. The issue started on UTC-5 22-10-27 08:27 and was proactively discovered 26.1 months (TTD) later by a staff member who reported through our help desk [1] that after completing the process of uploading locations, the commit hash would unexpectedly disappear, resulting in the entries being rejected by the reviewer. The problem was resolved in 6.9 hours (TTF), resulting in a total impact of 26.1 months (TTR) [2].

Cause

When analysts added the commit information in an unsupported format, the system did not recognize it. During an automated process, this unrecognized commit information was deleted, which led to the rejection of vulnerabilities. Analysts then had to reprocess and resubmit the locations [3].

Solution

A consistent and supported format was defined for the path field in ToE Line vulnerabilities, ensuring the data is correctly processed and retained during updates [4].

Conclusion

Analysts were unaware of the correct format for entering the vulnerable commit information, leading to inconsistent data entry. Moreover, the need to preserve this vulnerable commit information was not considered when the rebase feature was implemented. A standard format for entering the commit information has now been established, and validation has been implemented to ensure the format is followed. COMMUNICATION_FAILURE < INCOMPLETE_PERSPECTIVE

Posted Dec 20, 2024 - 07:55 GMT-05:00
Resolved
The incident has been resolved, and location reports are now being processed correctly.
Posted Dec 18, 2024 - 20:12 GMT-05:00
Identified
Issues have been identified where commit hashes provided during location submissions sometimes disappear after submissions, leading to reviewers' rejections.
Posted Dec 18, 2024 - 10:41 GMT-05:00
This incident affected: Platform.
Current Status Powered by Atlassian Statuspage