Issues downloading reports

Incident Report for Fluid Attacks

Postmortem

Impact

At least one user encountered issues while attempting to download reports from the platform. The issue started on UTC-5 24-10-10 14:40 and was proactively discovered 1.9 hours (TTD) later by one of our engagement managers, who reported through our help desk [1] that an error occurred instead of successfully downloading the report. The problem was resolved in 4 hours (TTF), resulting in a total impact of 5.7 hours (TTR) [2].

Cause

The html.escape function was applied to the context variables for rendering email templates, including the URL for downloading reports. This change altered the URL format, adding extra characters that prevented AWS from recognizing the required parameters to download the signed file [3].

Solution

Excluding the URL field from the application of html.escape resolved the issue, ensuring that the original format of the URL was preserved and allowing AWS to correctly identify the necessary parameters for downloading the reports [4].

Conclusion

The escape function was applied to the entire context due to the difficulty of distinguishing user input fields from generated fields, which complicated the verification of whether a URL would successfully download content. To address this, types are being added to the context, facilitating the identification of which fields, particularly those from user input, require escaping [5]. INCOMPLETE_PERSPECTIVE

Posted Oct 11, 2024 - 15:38 GMT-05:00

Resolved

The incident has been resolved, and reports can now be downloaded without any issues.

Posted Oct 10, 2024 - 20:31 GMT-05:00

Identified

Difficulties have been identified when downloading reports such as Executive, Technical, and Export reports from the platform.

Posted Oct 10, 2024 - 18:18 GMT-05:00

This incident affected: Platform.