When using l2t_scaffolder.py to create a new timesketch sketch analyzer the template ts_sketch_analyzer.jinja2 is used. However, the argument for the class in line 9 interface.BaseSketchAnalyzer seems to be deprecated and renamed to interface.BaseAnalyzer. Trying to run timesketch with the analyzer file generated by the l2t_scaffolder.py tool does crash with AttributeError: module 'timesketch.lib.analyzers.interface' has no attribute 'BaseSketchAnalyzer'.
To Reproduce
Steps to reproduce the behavior:
$ l2t_scaffolder.py
== Starting the scaffolder ==
Gathering required information.
Available definitions:
[0] plaso
[1] timesketch
[2] turbinia
Definition choice: 1
timesketch chosen.
Path to the project root: .
Path [.] set as the project path.
Name of the module to be generated. This can be something like "foobar sqlite" or "event analytics".
This will be used for class name generation and file name prefixes.
Module Name: screenshot
About to create a new feature branch to store newly generated code.
ERROR:root:Running: "git show-ref --verify --quiet refs/heads/"screenshot"" failed with error: .
Creating feature branch: screenshot inside .
Switching to feature branch screenshot
Available scaffolders for timesketch:
[0] index_analyzer
[1] sketch_analyzer
Scaffolder choice: 1
Ready to generate files? [Y/n]:
File: ./timesketch/lib/analyzers/screenshot.py written to disk.
File: ./timesketch/lib/analyzers/screenshot_test.py written to disk.
File: ./timesketch/lib/analyzers/__init__.py written to disk.
Error
As soon as I try to run timesketch after creating the new analyzer template the timesketch container throws the following error:
[2022-06-07 15:26:01 +0000] [156] [ERROR] Exception in worker process
Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/gunicorn/arbiter.py", line 586, in spawn_worker
worker.init_process()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 135, in init_process
self.load_wsgi()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/workers/base.py", line 144, in load_wsgi
self.wsgi = self.app.wsgi()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/base.py", line 67, in wsgi
self.callable = self.load()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/wsgiapp.py", line 52, in load
return self.load_wsgiapp()
File "/usr/local/lib/python3.8/dist-packages/gunicorn/app/wsgiapp.py", line 41, in load_wsgiapp
return util.import_app(self.app_uri)
File "/usr/local/lib/python3.8/dist-packages/gunicorn/util.py", line 350, in import_app
__import__(module)
File "/usr/local/src/timesketch/timesketch/wsgi.py", line 39, in <module>
from timesketch.app import configure_logger
File "/usr/local/src/timesketch/timesketch/app.py", line 32, in <module>
from timesketch.api.v1.routes import API_ROUTES as V1_API_ROUTES
File "/usr/local/src/timesketch/timesketch/api/v1/routes.py", line 18, in <module>
from .resources.aggregation import AggregationGroupResource
File "/usr/local/src/timesketch/timesketch/api/v1/resources/aggregation.py", line 30, in <module>
from timesketch.api.v1 import utils
File "/usr/local/src/timesketch/timesketch/api/v1/utils.py", line 29, in <module>
from timesketch.lib import ontology
File "/usr/local/src/timesketch/timesketch/lib/ontology.py", line 17, in <module>
from timesketch.lib.analyzers import interface
File "/usr/local/src/timesketch/timesketch/lib/analyzers/__init__.py", line 29, in <module>
from timesketch.lib.analyzers import screenshot
File "/usr/local/src/timesketch/timesketch/lib/analyzers/screenshot.py", line 9, in <module>
class ScreenshotSketchPlugin(interface.BaseSketchAnalyzer):
AttributeError: module 'timesketch.lib.analyzers.interface' has no attribute 'BaseSketchAnalyzer'
[2022-06-07 15:26:01 +0000] [156] [INFO] Worker exiting (pid: 156)
[2022-06-07 15:26:02 +0000] [115] [INFO] Shutting down: Master
[2022-06-07 15:26:02 +0000] [115] [INFO] Reason: Worker failed to boot.
Expected behavior
When using the l2t_scaffolder.py tool to create a new analyzer template I would expect it not to crash the timesketch server.
Possible solution
Change ts_sketch_analyzer.jinja2 line 9 to class {{ class_name }}SketchPlugin(interface.BaseAnalyzer):
Desktop (please complete the following information):
OS: Debian
Version 5.17.6-1rodete1 (2022-05-12)
**l2tscaffolder Version``
$ pip3 list | grep l2tscaffolder
l2tscaffolder 20200511
Describe the bug
When using
l2t_scaffolder.pyto create a new timesketch sketch analyzer the template ts_sketch_analyzer.jinja2 is used. However, the argument for the class in line 9interface.BaseSketchAnalyzerseems to be deprecated and renamed tointerface.BaseAnalyzer. Trying to run timesketch with the analyzer file generated by thel2t_scaffolder.pytool does crash withAttributeError: module 'timesketch.lib.analyzers.interface' has no attribute 'BaseSketchAnalyzer'.To Reproduce
Steps to reproduce the behavior:
Error As soon as I try to run timesketch after creating the new analyzer template the timesketch container throws the following error:
Expected behavior
When using the
l2t_scaffolder.pytool to create a new analyzer template I would expect it not to crash the timesketch server.Possible solution Change ts_sketch_analyzer.jinja2 line 9 to
class {{ class_name }}SketchPlugin(interface.BaseAnalyzer):Desktop (please complete the following information):
**l2tscaffolder Version``