Edit git roots with SSH type URLs fails
Incident Report for Fluid Attacks


At least three organizations unexpectedly received the exemption URL must include protocol (http:// or https://) or be a SSH URI when trying to modify a root (UTC-05 23-08-16 19:14 to 23-08-17 15:57 20.7 hours -time to recover-). The incident was detected reactively (at UTC-5 23-08-17 10:08: 14.9 hours -time to detect-) by a user who reported [1] that he tried to modify a field in an existing root, but when he tried to do so he got the exception.


The problem was caused by a regex error in the utility in charge of validating the format of the roots URL [2], The regex did not correctly validate the URLs and therefore threw the exception.


The regex responsible for validating the roots URL was corrected [3].


Validation was not tested with all possible URL formats for roots. INSUFFICIENT-TESTING

Posted Sep 18, 2023 - 19:15 GMT-05:00

The problem was solved and now git roots can be edited without problems.
Posted Aug 17, 2023 - 19:19 GMT-05:00
When a user tries to edit a git root that is associated with an SSH type URL, the platform does not allow to perform the needed change/edition, showing an error message.
Posted Aug 17, 2023 - 14:12 GMT-05:00
This incident affected: Web.