search

google / timesketch

Collaborative forensic timeline analysis
Apache License 2.0
2.62k stars 589 forks source link

tsctl - variable is referenced before assignment #2861

Closed blu3ch1m3ra closed 2 months ago

blu3ch1m3ra commented 1 year ago

Describe the bug

When importing search templates through the admin cli, it throws me an UnboundLocalError.

To Reproduce

tsctl import-search-templates /etc/timesketch/templates/

Expected behavior

I expected a clean import of the given search template, so that I can use it in my timesketch instance

Priority

P3

Screenshots/Video

Traceback (most recent call last):
  File "/usr/local/bin/tsctl", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/flask/cli.py", line 357, in decorator
    return __ctx.invoke(f, *args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/timesketch/tsctl.py", line 287, in import_search_templates
    search_template_list = [search_template_list]
UnboundLocalError: local variable 'search_template_list' referenced before assignment

System & Environment

Ubuntu 22.04.2 LTS inside the latest docker image with the id b9e1c8f595c2

Additional context

I did a quick review, and indeed in line 287 I found that the variable search_template_list is assigned with a list of itself, which does not work. https://github.com/google/timesketch/blob/b9b2972986ce299f34c1867501fe906829191a68/timesketch/tsctl.py#L287

I dug a little bit deeper and found furthermore, that the variable search_template_list is not used furthermore in the code. This should be fixed.

As I'm not 100% sure what the author intended refused from submitting a PR. Is it correct, that this function is just supposed to crawl all of the yml files load all the paths into a list and then iterate through the list and load all the yaml search templates? if yes I can submit a PR to fix this bug.

jaegeral commented 1 year ago

yep that seems to be a bug, I assume that should be

search_templates = [search_templates]

Instead, I do not have the time to edit and test it myself right now, so I am assigning it to @berggren to look at it