From 61b4f65593618c5135e8be5173d12bf5dae08c36 Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Sat, 30 Aug 2025 15:40:41 +0530 Subject: [PATCH 01/11] Add n8n Redis Queue Authentication Failure Rule Introduced a new rule to detect authentication failures in n8n instances using Redis in queue mode. This rule addresses issues leading to instance outages, silent execution drops, and data loss due to mismatched Redis authentication configurations. Included detailed mitigation strategies and references for users. --- .../n8n-redis-queue-failure.yaml | 71 +++++++++++++++++++ rules/cre-2025-0131/test.log | 10 +++ rules/tags/categories.yaml | 6 ++ rules/tags/tags.yaml | 35 ++++++++- 4 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 rules/cre-2025-0131/n8n-redis-queue-failure.yaml create mode 100644 rules/cre-2025-0131/test.log diff --git a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml new file mode 100644 index 0000000..048e78d --- /dev/null +++ b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml @@ -0,0 +1,71 @@ +rules: +- cre: + id: CRE-2025-0131 + severity: 0 + title: n8n Redis Queue Authentication Failure + category: workflow-automation-problems + author: Dhaval + description: | + n8n instances configured with EXECUTIONS_MODE=queue fail to connect to Redis due to authentication mismatches, causing complete instance outages. This leads to silent execution drops, workflow failures, and data loss in production environments where queue mode is used for scalability and reliability. + cause: | + * Redis authentication configuration mismatch between n8n and Redis server + * Incorrect QUEUE_BULL_REDIS_PASSWORD environment variable + * Redis server requires authentication but n8n is configured without password + * Redis server doesn't require authentication but n8n is configured with password + * Redis connection string format errors in queue configuration + * Redis server password changes without updating n8n configuration + * Redis server authentication requirements changed without corresponding n8n updates + tags: + - n8n + - workflow-automation + - redis + - queue-mode + - authentication-failure + - instance-outage + - execution-loss + - data-loss + - reliability + - production + - enterprise + - scaling + mitigation: | + - **Verify Redis authentication** - Ensure Redis password matches QUEUE_BULL_REDIS_PASSWORD in n8n config + - **Test Redis connectivity** - Use redis-cli to verify authentication before starting n8n + - **Monitor Redis health** - Set up Redis monitoring to detect authentication issues early + - **Use Redis connection pooling** - Configure proper Redis connection settings for reliability + - **Implement circuit breakers** - Add fallback mechanisms when Redis is unavailable + - **Regular configuration audits** - Periodically verify Redis and n8n configuration alignment + - **Backup execution mode** - Consider running in regular mode as fallback when queue mode fails + - **Redis cluster configuration** - Use Redis Sentinel or Redis Cluster for high availability + references: + - https://docs.n8n.io/hosting/configuration/queue-mode/ + - https://docs.n8n.io/hosting/configuration/environment-variables/environment-variables/ + - https://redis.io/docs/management/security/ + applications: + - name: n8n + version: "1.109.0" + containerName: n8n-queue-test + processName: node + impact: | + Redis queue authentication failures cause complete n8n instance outages in queue mode, leading to silent execution drops, workflow failures, missed data synchronization, and broken automations. This particularly impacts enterprise deployments where queue mode is used for scalability and high availability, resulting in significant business impact and data loss. + impactScore: 9 + mitigationScore: 7 + metadata: + kind: prequel + id: MeSYLTdBeDi1kroH6QidFq + gen: 1 + rule: + sequence: + window: "60s" + event: + source: cre.log.n8n + origin: true + order: + - field: message + regex: "(?:WRONGPASS|NOAUTH|Authentication required)" + - field: message + regex: "(?:Redis client|Bull|queue)" + negate: + - field: message + regex: "(?:successfully|connected|ready)" + window: "30s" diff --git a/rules/cre-2025-0131/test.log b/rules/cre-2025-0131/test.log new file mode 100644 index 0000000..577af80 --- /dev/null +++ b/rules/cre-2025-0131/test.log @@ -0,0 +1,10 @@ +2025-08-30T10:05:35.212Z | debug | Started Redis client publisher(n8n) {"scopes":["redis","scaling"],"type":"publisher(n8n)","host":"redis","port":6379,"file":"redis-client.service.js","function":"createRegularClient"} +2025-08-30T10:05:35.220Z | error | [Redis client] WRONGPASS invalid username-password pair or user is disabled. {"scopes":["redis","scaling"],"error":{"name":"ReplyError","message":"WRONGPASS invalid username-password pair or user is disabled.","stack":"ReplyError: WRONGPASS invalid username-password pair or user is disabled.\n at parseError (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:179:12)\n at parseType (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:302:14)"},"file":"redis-client.service.js"} +2025-08-30T10:05:35.457Z | debug | Started Redis client subscriber(n8n) {"scopes":["redis","scaling"],"type":"subscriber(n8n)","host":"redis","port":6379,"file":"redis-client.service.js","function":"createRegularClient"} +2025-08-30T10:05:35.459Z | error | [Redis client] WRONGPASS invalid username-password pair or user is disabled. {"scopes":["redis","scaling"],"error":{"name":"ReplyError","message":"WRONGPASS invalid username-password pair or user is disabled.","stack":"ReplyError: WRONGPASS invalid username-password pair or user is disabled.\n at parseError (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:179:12)\n at parseType (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:302:14)"},"file":"redis-client.service.js"} +2025-08-30T10:05:35.460Z | error | Failed to subscribe to channel n8n.commands {"scopes":["scaling","pubsub"],"error":{"name":"ReplyError","message":"NOAUTH Authentication required.","stack":"ReplyError: NOAUTH Authentication required.\n at parseError (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:179:12)\n at parseType (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:302:14)"},"file":"subscriber.service.js"} +2025-08-30T10:05:35.460Z | error | ReplyError: NOAUTH Authentication required. +2025-08-30T10:05:35.461Z | error | NOAUTH Authentication required. {"file":"error-reporter.js","function":"defaultReport"} +2025-08-30T10:05:36.226Z | error | [Redis client] WRONGPASS invalid username-password pair or user is disabled. {"scopes":["redis","scaling"],"error":{"name":"ReplyError","message":"WRONGPASS invalid username-password pair or user is disabled.","stack":"ReplyError: WRONGPASS invalid username-password pair or user is disabled.\n at parseError (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:179:12)\n at parseType (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:302:14)"},"file":"redis-client.service.js"} +2025-08-30T10:05:36.463Z | error | [Redis client] WRONGPASS invalid username-password pair or user is disabled. {"scopes":["redis","scaling"],"error":{"name":"ReplyError","message":"WRONGPASS invalid username-password pair or user is disabled.","stack":"ReplyError: WRONGPASS invalid username-password pair or user is disabled.\n at parseError (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:179:12)\n at parseType (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:302:14)"},"file":"redis-client.service.js"} +2025-08-30T10:05:37.232Z | error | [Redis client] WRONGPASS invalid username-password pair or user is disabled. {"scopes":["redis","scaling"],"error":{"name":"ReplyError","message":"WRONGPASS invalid username-password pair or user is disabled.","stack":"ReplyError: WRONGPASS invalid username-password pair or user is disabled.\n at parseError (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:179:12)\n at parseType (/usr/local/lib/node_modules/n8n/node_modules/.pnpm/redis-parser@3.0.0/node_modules/redis-parser/lib/parser.js:302:14)"},"file":"redis-client.service.js"} diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml index e61a0cb..3b0966f 100644 --- a/rules/tags/categories.yaml +++ b/rules/tags/categories.yaml @@ -244,3 +244,9 @@ categories: description: | Failures that prevent MongoDB from starting successfully due to corrupted metadata, invalid configurations, or unrecoverable internal errors (e.g., WiredTiger metadata corruption). These failures often require manual repair or backup restoration. + - name: workflow-automation-problems + displayName: Workflow Automation Problems + description: | + Problems related to workflow automation platforms like n8n, Zapier, or custom workflow engines. + This includes issues with node execution, retry mechanisms, data passing between nodes, + silent failures, and reliability problems that affect automated business processes. diff --git a/rules/tags/tags.yaml b/rules/tags/tags.yaml index 1acb1dc..cc93f94 100644 --- a/rules/tags/tags.yaml +++ b/rules/tags/tags.yaml @@ -147,6 +147,18 @@ tags: - name: redis-py displayName: Redis Py description: Errors with the `redis-py` client library in Python. + - name: queue-mode + displayName: Queue Mode + description: Problems related to queue-based execution modes in workflow automation platforms. + - name: authentication-failure + displayName: Authentication Failure + description: Failures in authentication mechanisms causing service access issues. + - name: instance-outage + displayName: Instance Outage + description: Complete service instance failures causing full unavailability. + - name: execution-loss + displayName: Execution Loss + description: Silent failures where task executions are dropped or lost without proper error handling. - name: retry displayName: Retry description: Logic or policy failures when retrying failed operations. @@ -844,4 +856,25 @@ tags: description: Issues with Kubernetes pod scheduling due to resource constraints or networking problems - name: cluster-scaling displayName: Cluster Scaling - description: Problems related to Kubernetes cluster scaling operations and capacity management \ No newline at end of file + description: Problems related to Kubernetes cluster scaling operations and capacity management + - name: n8n + displayName: n8n + description: Problems related to n8n workflow automation platform + - name: workflow-automation + displayName: Workflow Automation + description: Problems related to workflow automation systems and platforms + - name: http-node + displayName: HTTP Node + description: Problems related to HTTP nodes in workflow automation systems + - name: retry-failure + displayName: Retry Failure + description: Problems where retry mechanisms fail to execute as configured + - name: silent-failure + displayName: Silent Failure + description: Problems that fail silently without proper error reporting or logging + - name: reliability + displayName: Reliability + description: Problems affecting system reliability and consistent operation + - name: enterprise + displayName: Enterprise + description: Problems affecting enterprise deployments and production environments \ No newline at end of file From 0b639e60e374e725ed0cbe5dc8dc620f9e2990a6 Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Sat, 30 Aug 2025 16:00:34 +0530 Subject: [PATCH 02/11] Removed outdated tags --- rules/cre-2025-0131/n8n-redis-queue-failure.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml index 048e78d..b9ef4f2 100644 --- a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml +++ b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml @@ -17,7 +17,6 @@ rules: * Redis server authentication requirements changed without corresponding n8n updates tags: - n8n - - workflow-automation - redis - queue-mode - authentication-failure @@ -25,9 +24,7 @@ rules: - execution-loss - data-loss - reliability - - production - enterprise - - scaling mitigation: | - **Verify Redis authentication** - Ensure Redis password matches QUEUE_BULL_REDIS_PASSWORD in n8n config - **Test Redis connectivity** - Use redis-cli to verify authentication before starting n8n @@ -52,7 +49,7 @@ rules: mitigationScore: 7 metadata: kind: prequel - id: MeSYLTdBeDi1kroH6QidFq + id: 8FcHTBsexHkVFT1TEqeUN6oozvYwraqGVJiSuCH9o1KC gen: 1 rule: sequence: From 5c5327a99bbf8ed118d02f2062e95c01391a84da Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Sat, 30 Aug 2025 16:11:19 +0530 Subject: [PATCH 03/11] fix issue --- rules/cre-2025-0131/n8n-redis-queue-failure.yaml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml index b9ef4f2..9485b25 100644 --- a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml +++ b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml @@ -1,7 +1,7 @@ rules: - cre: id: CRE-2025-0131 - severity: 0 + severity: 1 title: n8n Redis Queue Authentication Failure category: workflow-automation-problems author: Dhaval @@ -53,16 +53,9 @@ rules: gen: 1 rule: sequence: - window: "60s" + window: 30s event: source: cre.log.n8n - origin: true order: - - field: message - regex: "(?:WRONGPASS|NOAUTH|Authentication required)" - - field: message - regex: "(?:Redis client|Bull|queue)" - negate: - - field: message - regex: "(?:successfully|connected|ready)" - window: "30s" + - regex: WRONGPASS + - regex: Redis From 1e87bdf7ff7b5ea77f22695dc2949c56104c8f2f Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Wed, 3 Sep 2025 21:45:04 +0530 Subject: [PATCH 04/11] fix merge issues --- rules/tags/categories.yaml | 13 +++++++---- rules/tags/tags.yaml | 48 +++++++++++++++++++++++++++++++++++--- 2 files changed, 53 insertions(+), 8 deletions(-) diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml index 3b0966f..60d7f3d 100644 --- a/rules/tags/categories.yaml +++ b/rules/tags/categories.yaml @@ -244,9 +244,12 @@ categories: description: | Failures that prevent MongoDB from starting successfully due to corrupted metadata, invalid configurations, or unrecoverable internal errors (e.g., WiredTiger metadata corruption). These failures often require manual repair or backup restoration. - - name: workflow-automation-problems - displayName: Workflow Automation Problems + - name: infinite-loop-problem + displayName: Infinite Loop Problems description: | - Problems related to workflow automation platforms like n8n, Zapier, or custom workflow engines. - This includes issues with node execution, retry mechanisms, data passing between nodes, - silent failures, and reliability problems that affect automated business processes. + Problems where applications enter infinite loops causing resource exhaustion, system hangs, or crashes. + This includes recursive loops, circular dependencies, and runaway processes that consume CPU, memory, + or API resources without termination conditions. + - name: workflow-automation-problem + displayName: Workflow Automation Problems + description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems \ No newline at end of file diff --git a/rules/tags/tags.yaml b/rules/tags/tags.yaml index cc93f94..72dbe6e 100644 --- a/rules/tags/tags.yaml +++ b/rules/tags/tags.yaml @@ -857,24 +857,66 @@ tags: - name: cluster-scaling displayName: Cluster Scaling description: Problems related to Kubernetes cluster scaling operations and capacity management + - name: autogpt + displayName: AutoGPT + description: Problems related to AutoGPT autonomous AI agent framework + + - name: infinite-loop + displayName: Infinite Loop + description: Problems where code enters infinite loops causing resource exhaustion or system hangs + + - name: token-exhaustion + displayName: Token Exhaustion + description: Problems where LLM API token limits are exceeded causing service failures + + - name: autonomous-agents + displayName: Autonomous Agents + description: Problems related to autonomous AI agents that chain LLM reasoning with real-world actions + + - name: llm + displayName: LLM + description: Problems related to Large Language Models and their API integrations + + - name: openai + displayName: OpenAI + description: Problems related to OpenAI API services including GPT models + + - name: recursive-analysis + displayName: Recursive Analysis + description: Problems where systems enter recursive self-analysis loops leading to resource exhaustion + - name: n8n - displayName: n8n + displayName: N8N description: Problems related to n8n workflow automation platform + - name: workflow-automation displayName: Workflow Automation description: Problems related to workflow automation systems and platforms + - name: http-node displayName: HTTP Node description: Problems related to HTTP nodes in workflow automation systems + - name: retry-failure displayName: Retry Failure description: Problems where retry mechanisms fail to execute as configured + - name: silent-failure displayName: Silent Failure - description: Problems that fail silently without proper error reporting or logging + description: Problems that occur without visible error messages or alerts, making detection extremely difficult + - name: reliability displayName: Reliability description: Problems affecting system reliability and consistent operation + - name: enterprise displayName: Enterprise - description: Problems affecting enterprise deployments and production environments \ No newline at end of file + description: Problems affecting enterprise deployments and production environments + + - name: production-critical + displayName: Production Critical + description: Issues that have severe impact on production systems and require immediate attention + + - name: data-integrity + displayName: Data Integrity + description: Problems that affect the completeness, accuracy, or consistency of data \ No newline at end of file From e1b9c6e9fa7c3415e80fe814ee2ebf23be685a0f Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Wed, 3 Sep 2025 21:51:20 +0530 Subject: [PATCH 05/11] fix issue --- rules/tags/categories.yaml | 3 ++- rules/tags/tags.yaml | 41 +------------------------------------- 2 files changed, 3 insertions(+), 41 deletions(-) diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml index 60d7f3d..df70343 100644 --- a/rules/tags/categories.yaml +++ b/rules/tags/categories.yaml @@ -252,4 +252,5 @@ categories: or API resources without termination conditions. - name: workflow-automation-problem displayName: Workflow Automation Problems - description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems \ No newline at end of file + description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems + \ No newline at end of file diff --git a/rules/tags/tags.yaml b/rules/tags/tags.yaml index 72dbe6e..270f330 100644 --- a/rules/tags/tags.yaml +++ b/rules/tags/tags.yaml @@ -147,18 +147,6 @@ tags: - name: redis-py displayName: Redis Py description: Errors with the `redis-py` client library in Python. - - name: queue-mode - displayName: Queue Mode - description: Problems related to queue-based execution modes in workflow automation platforms. - - name: authentication-failure - displayName: Authentication Failure - description: Failures in authentication mechanisms causing service access issues. - - name: instance-outage - displayName: Instance Outage - description: Complete service instance failures causing full unavailability. - - name: execution-loss - displayName: Execution Loss - description: Silent failures where task executions are dropped or lost without proper error handling. - name: retry displayName: Retry description: Logic or policy failures when retrying failed operations. @@ -860,63 +848,36 @@ tags: - name: autogpt displayName: AutoGPT description: Problems related to AutoGPT autonomous AI agent framework - - name: infinite-loop displayName: Infinite Loop description: Problems where code enters infinite loops causing resource exhaustion or system hangs - - name: token-exhaustion displayName: Token Exhaustion description: Problems where LLM API token limits are exceeded causing service failures - - name: autonomous-agents displayName: Autonomous Agents description: Problems related to autonomous AI agents that chain LLM reasoning with real-world actions - - name: llm displayName: LLM description: Problems related to Large Language Models and their API integrations - - name: openai displayName: OpenAI description: Problems related to OpenAI API services including GPT models - - name: recursive-analysis displayName: Recursive Analysis description: Problems where systems enter recursive self-analysis loops leading to resource exhaustion - - name: n8n displayName: N8N description: Problems related to n8n workflow automation platform - - name: workflow-automation displayName: Workflow Automation description: Problems related to workflow automation systems and platforms - - - name: http-node - displayName: HTTP Node - description: Problems related to HTTP nodes in workflow automation systems - - - name: retry-failure - displayName: Retry Failure - description: Problems where retry mechanisms fail to execute as configured - - name: silent-failure displayName: Silent Failure description: Problems that occur without visible error messages or alerts, making detection extremely difficult - - - name: reliability - displayName: Reliability - description: Problems affecting system reliability and consistent operation - - - name: enterprise - displayName: Enterprise - description: Problems affecting enterprise deployments and production environments - - name: production-critical displayName: Production Critical description: Issues that have severe impact on production systems and require immediate attention - - name: data-integrity displayName: Data Integrity - description: Problems that affect the completeness, accuracy, or consistency of data \ No newline at end of file + description: Problems that affect the completeness, accuracy, or consistency of data From 791135610c152ce9c26d7316ba65456b860afa1e Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Wed, 3 Sep 2025 21:53:00 +0530 Subject: [PATCH 06/11] fix --- rules/tags/categories.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml index df70343..60d7f3d 100644 --- a/rules/tags/categories.yaml +++ b/rules/tags/categories.yaml @@ -252,5 +252,4 @@ categories: or API resources without termination conditions. - name: workflow-automation-problem displayName: Workflow Automation Problems - description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems - \ No newline at end of file + description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems \ No newline at end of file From 23cf385160dd37dbf23bcc5792dd2bbe1601546f Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Wed, 3 Sep 2025 21:54:17 +0530 Subject: [PATCH 07/11] fix --- rules/tags/categories.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml index 60d7f3d..e291542 100644 --- a/rules/tags/categories.yaml +++ b/rules/tags/categories.yaml @@ -252,4 +252,4 @@ categories: or API resources without termination conditions. - name: workflow-automation-problem displayName: Workflow Automation Problems - description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems \ No newline at end of file + description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems From 6acea4726cc0648ff675486c7a066106739d5e99 Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Wed, 3 Sep 2025 22:02:28 +0530 Subject: [PATCH 08/11] fix --- rules/cre-2025-0131/n8n-redis-queue-failure.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml index 9485b25..ffd913b 100644 --- a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml +++ b/rules/cre-2025-0131/n8n-redis-queue-failure.yaml @@ -3,7 +3,7 @@ rules: id: CRE-2025-0131 severity: 1 title: n8n Redis Queue Authentication Failure - category: workflow-automation-problems + category: workflow-automation-problem author: Dhaval description: | n8n instances configured with EXECUTIONS_MODE=queue fail to connect to Redis due to authentication mismatches, causing complete instance outages. This leads to silent execution drops, workflow failures, and data loss in production environments where queue mode is used for scalability and reliability. @@ -18,13 +18,9 @@ rules: tags: - n8n - redis - - queue-mode - - authentication-failure - - instance-outage - - execution-loss - - data-loss - - reliability - - enterprise + - silent-failure + - data-integrity + - production-critical mitigation: | - **Verify Redis authentication** - Ensure Redis password matches QUEUE_BULL_REDIS_PASSWORD in n8n config - **Test Redis connectivity** - Use redis-cli to verify authentication before starting n8n From c72fa5470625810f285262523c432d2623b20235 Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Fri, 3 Oct 2025 12:48:15 +0530 Subject: [PATCH 09/11] fix --- .../{cre-2025-0131 => cre-2025-0171}/n8n-redis-queue-failure.yaml | 0 rules/{cre-2025-0131 => cre-2025-0171}/test.log | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename rules/{cre-2025-0131 => cre-2025-0171}/n8n-redis-queue-failure.yaml (100%) rename rules/{cre-2025-0131 => cre-2025-0171}/test.log (100%) diff --git a/rules/cre-2025-0131/n8n-redis-queue-failure.yaml b/rules/cre-2025-0171/n8n-redis-queue-failure.yaml similarity index 100% rename from rules/cre-2025-0131/n8n-redis-queue-failure.yaml rename to rules/cre-2025-0171/n8n-redis-queue-failure.yaml diff --git a/rules/cre-2025-0131/test.log b/rules/cre-2025-0171/test.log similarity index 100% rename from rules/cre-2025-0131/test.log rename to rules/cre-2025-0171/test.log From cbb921015e23882c02a0610a8e27e1cd86df8e0d Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Thu, 30 Oct 2025 15:54:12 +0530 Subject: [PATCH 10/11] fix changes --- rules/tags/categories.yaml | 12 +++++- rules/tags/tags.yaml | 83 +++++++++++++++++++++++++++++++++++++- 2 files changed, 93 insertions(+), 2 deletions(-) diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml index e291542..a08a6ed 100644 --- a/rules/tags/categories.yaml +++ b/rules/tags/categories.yaml @@ -244,6 +244,16 @@ categories: description: | Failures that prevent MongoDB from starting successfully due to corrupted metadata, invalid configurations, or unrecoverable internal errors (e.g., WiredTiger metadata corruption). These failures often require manual repair or backup restoration. + - name: supabase-problem + displayName: Supabase Problems + description: | + Problems specific to Supabase self-hosted deployments including authentication failures, database connectivity issues, + storage misconfigurations, realtime service crashes, and infrastructure-related failures that affect the entire Supabase stack. + - name: realtime-problem + displayName: Realtime Problems + description: | + Failures in real-time communication systems including WebSocket connection issues, real-time subscription failures, + and problems with live data streaming that affect user experience in interactive applications. - name: infinite-loop-problem displayName: Infinite Loop Problems description: | @@ -252,4 +262,4 @@ categories: or API resources without termination conditions. - name: workflow-automation-problem displayName: Workflow Automation Problems - description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems + description: Problems related to workflow automation platforms including silent data loss, execution failures, and data integrity issues in workflow processing systems \ No newline at end of file diff --git a/rules/tags/tags.yaml b/rules/tags/tags.yaml index 1450936..ce00e20 100644 --- a/rules/tags/tags.yaml +++ b/rules/tags/tags.yaml @@ -848,6 +848,87 @@ tags: - name: cluster-scaling displayName: Cluster Scaling description: Problems related to Kubernetes cluster scaling operations and capacity management + - name: maxmemory + displayName: Max Memory + description: Problems related to Redis maxmemory configuration and memory limits + - name: noeviction + displayName: No Eviction + description: Issues when Redis noeviction policy prevents writing new data + - name: wrongpass + displayName: Wrong Password + description: Authentication failures due to incorrect Redis passwords + - name: master-replica + displayName: Master-Replica + description: Issues with Redis master-replica replication relationships + - name: sync + displayName: Sync + description: Data synchronization problems in distributed systems + - name: psync + displayName: Partial Sync + description: Redis partial resynchronization issues + - name: aof + displayName: AOF + description: Redis Append-Only File persistence issues + - name: slowlog + displayName: Slow Log + description: Database slow query logging and performance issues + - name: latency + displayName: Latency + description: Response time and performance latency issues + - name: slow-query + displayName: Slow Query + description: Database queries that exceed performance thresholds + - name: write-error + displayName: Write Error + description: Failures when attempting write operations + - name: recovery + displayName: Recovery + description: Data recovery and restoration operations + - name: maxclients + displayName: Max Clients + description: Connection limit issues in database systems + - name: connection-pool + displayName: Connection Pool + description: Problems with database connection pooling + - name: limit + displayName: Limit + description: Various system and resource limits being exceeded + - name: disk + displayName: Disk + description: Problems related to disk storage, space, or I/O operations + - name: replica + displayName: Replica + description: Issues related to database replicas and read-only instances + - name: supabase + displayName: Supabase + description: Problems related to Supabase self-hosted deployments and services + - name: gotrue + displayName: GoTrue + description: Problems related to Supabase's GoTrue authentication service + - name: realtime + displayName: Realtime + description: Problems related to Supabase's realtime service and WebSocket connections + - name: self-hosted + displayName: Self-Hosted + description: Problems specific to self-hosted deployments and infrastructure + - name: exit-code + displayName: Exit Code + description: Problems identified by specific process/container exit codes (e.g., 137, 127, 134, 139). + - name: entrypoint + displayName: Entrypoint + description: Failures caused by invalid or missing container ENTRYPOINT/CMD definitions. + - name: command + displayName: Command + description: Problems caused by invalid commands or arguments at startup (e.g., not found, bad path, non-executable). + - name: sigabrt + displayName: SIGABRT + description: Crashes where a process aborts with SIGABRT (exit 134), often due to assertion failures or allocator checks. + - name: native + displayName: Native + description: Issues in native code paths (C/C++/Rust, libc/ABI), including crashes and memory faults. + - name: reliability + displayName: Reliability + description: Unstable behavior such as unexpected restarts, crash loops, or intermittent failures affecting service reliability. - name: autogpt displayName: AutoGPT description: Problems related to AutoGPT autonomous AI agent framework @@ -883,4 +964,4 @@ tags: description: Issues that have severe impact on production systems and require immediate attention - name: data-integrity displayName: Data Integrity - description: Problems that affect the completeness, accuracy, or consistency of data + description: Problems that affect the completeness, accuracy, or consistency of data \ No newline at end of file From b22e9e532a0686fe418dc4d7af7963913c94704f Mon Sep 17 00:00:00 2001 From: Dhaval Chaudhari Date: Thu, 30 Oct 2025 17:06:31 +0530 Subject: [PATCH 11/11] fix changes --- rules/cre-2025-0171/n8n-redis-queue-failure.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/rules/cre-2025-0171/n8n-redis-queue-failure.yaml b/rules/cre-2025-0171/n8n-redis-queue-failure.yaml index ffd913b..2179984 100644 --- a/rules/cre-2025-0171/n8n-redis-queue-failure.yaml +++ b/rules/cre-2025-0171/n8n-redis-queue-failure.yaml @@ -37,15 +37,13 @@ rules: applications: - name: n8n version: "1.109.0" - containerName: n8n-queue-test - processName: node impact: | Redis queue authentication failures cause complete n8n instance outages in queue mode, leading to silent execution drops, workflow failures, missed data synchronization, and broken automations. This particularly impacts enterprise deployments where queue mode is used for scalability and high availability, resulting in significant business impact and data loss. impactScore: 9 mitigationScore: 7 metadata: kind: prequel - id: 8FcHTBsexHkVFT1TEqeUN6oozvYwraqGVJiSuCH9o1KC + id: TK5md1TrQdvUBtn6eY2Brm gen: 1 rule: sequence: @@ -53,5 +51,5 @@ rules: event: source: cre.log.n8n order: - - regex: WRONGPASS - - regex: Redis + - regex: "((WRONGPASS|NOAUTH).*(Authentication required|invalid username|user is disabled))" + - regex: "(\\[Redis client\\]|ReplyError)"