Error 500 due to missing etc/timesketch/features.yml file #2984
Labels
Comments
|
An error on my part. I had an old ps script cached that didn't download the regex_features.yaml or winevt_features.yaml. Closing as not an issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In the most recent commit of Timesketch, the feature extraction has been updated and the data/features.yml file has been removed. However, it appears that the backend code still attempts to process this file when creating or opening and sketch and the user receives a warning banner with a 500 error. Moving a data/features.yml file from the most recent commit to the etc/timesketch folder fixes the issues but it doesn't appear to be the intended process. Timesketch installed using the deploy_timesketch.ps1 script.
To Reproduce
Steps to reproduce the behavior:
[2023-11-17 18:25:28 +0000] [11] [ERROR] Error handling request /api/v1/sketches/1/analyzer/
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/sync.py", line 135, in handle
self.handle_request(listener, req, client, addr)
File "/usr/local/lib/python3.10/dist-packages/gunicorn/workers/sync.py", line 176, in handle_request
respiter = self.wsgi(environ, resp.start_response)
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2213, in call
return self.wsgi_app(environ, start_response)
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2193, in wsgi_app
response = self.handle_exception(e)
File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 298, in error_router
return original_handler(e)
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2190, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1486, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 298, in error_router
return original_handler(e)
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1484, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1469, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 489, in wrapper
resp = resource(*args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/flask/views.py", line 109, in view
return current_app.ensure_sync(self.dispatch_request)(**kwargs)
File "/usr/local/lib/python3.10/dist-packages/flask_restful/init.py", line 604, in dispatch_request
resp = meth(*args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/flask_login/utils.py", line 290, in decorated_view
return current_app.ensure_sync(func)(*args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/timesketch/api/v1/resources/analysis.py", line 199, in get
if len(analyzer_class.get_kwargs()) > 0:
File "/usr/local/lib/python3.10/dist-packages/timesketch/lib/analyzers/feature_extraction.py", line 134, in get_kwargs
feature_config["plugin_name"] = plugin.NAME.lower()
TypeError: 'str' object does not support item assignment
Expected behavior
Browing or create a sketch with no 500 error or warning banner.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Can be fixed by adding features.yml file to timesketch/etc/timesketch folder. features.yml must be downloaded from a previous commit. Removed in commit c1e0e55.
The text was updated successfully, but these errors were encountered: