From 651e403b77a11f565a482a202d50898636009034 Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Sat, 20 Apr 2024 09:51:26 -0700 Subject: [PATCH] Add Setting for folder to store extracted pcap flows --- apps/zui/src/domain/configurations/plugin-api.ts | 1 + apps/zui/src/plugins/brimcap/config.ts | 1 + apps/zui/src/plugins/brimcap/configurations.ts | 8 ++++++++ apps/zui/src/plugins/brimcap/packets/download.ts | 6 +++++- apps/zui/src/views/settings-modal/input.tsx | 2 +- 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/apps/zui/src/domain/configurations/plugin-api.ts b/apps/zui/src/domain/configurations/plugin-api.ts index ca00266b74..13f22d459e 100644 --- a/apps/zui/src/domain/configurations/plugin-api.ts +++ b/apps/zui/src/domain/configurations/plugin-api.ts @@ -15,6 +15,7 @@ export type ConfigItem = { command?: string defaultValue?: string | boolean enum?: string[] | [string, string][] + placeholder?: string } export type Config = { diff --git a/apps/zui/src/plugins/brimcap/config.ts b/apps/zui/src/plugins/brimcap/config.ts index 4eb64d5eb3..74c8b61b73 100644 --- a/apps/zui/src/plugins/brimcap/config.ts +++ b/apps/zui/src/plugins/brimcap/config.ts @@ -1,3 +1,4 @@ export const pluginNamespace = "brimcap" export const yamlConfigPropName = "yamlConfigPath" export const suricataLocalRulesPropName = "suricataLocalRulesPath" +export const pcapFolderPropName = "pcapExtractionFolderPath" diff --git a/apps/zui/src/plugins/brimcap/configurations.ts b/apps/zui/src/plugins/brimcap/configurations.ts index 0a73f782a0..e5feed1204 100644 --- a/apps/zui/src/plugins/brimcap/configurations.ts +++ b/apps/zui/src/plugins/brimcap/configurations.ts @@ -2,6 +2,7 @@ import { pluginNamespace, yamlConfigPropName, suricataLocalRulesPropName, + pcapFolderPropName, } from "./config" import {configurations} from "src/zui" @@ -26,6 +27,13 @@ export function activateBrimcapConfigurations() { label: "Local Suricata Rules Folder", defaultValue: "", }, + [pcapFolderPropName]: { + name: pcapFolderPropName, + type: "folder", + label: "Folder For Extracted pcaps", + defaultValue: "", + placeholder: "Default OS tmpdir", + }, }, }) } diff --git a/apps/zui/src/plugins/brimcap/packets/download.ts b/apps/zui/src/plugins/brimcap/packets/download.ts index 678684d5da..27f614f009 100644 --- a/apps/zui/src/plugins/brimcap/packets/download.ts +++ b/apps/zui/src/plugins/brimcap/packets/download.ts @@ -6,6 +6,8 @@ import {window, commands} from "src/zui" import {queryForConnLog} from "./query-conn-log" import {DOWNLOAD} from "./types" import {shell} from "electron" +import {configurations} from "src/zui" +import {pluginNamespace, pcapFolderPropName} from "../config" function getSearchArgsFromConn(conn: zed.Record) { const dur = conn.try("duration") as zed.Duration @@ -22,7 +24,9 @@ function getSearchArgsFromConn(conn: zed.Record) { function getPacketDest(conn: zed.Record) { const tsString = conn.get("ts").toString() - return join(os.tmpdir(), `packets-${tsString}.pcap`.replace(/:/g, "_")) + const pcapExtractionDir = + configurations.get(pluginNamespace, pcapFolderPropName) || os.tmpdir() + return join(pcapExtractionDir, `packets-${tsString}.pcap`.replace(/:/g, "_")) } export async function downloadPackets(root: string, pool: string, uid: string) { diff --git a/apps/zui/src/views/settings-modal/input.tsx b/apps/zui/src/views/settings-modal/input.tsx index fd4a3af481..681d6e3d28 100644 --- a/apps/zui/src/views/settings-modal/input.tsx +++ b/apps/zui/src/views/settings-modal/input.tsx @@ -66,7 +66,7 @@ export function Input(props: SettingProps) { type="text" defaultValue={value} onBlur={onChange} - placeholder="None" + placeholder={field.placeholder || "None"} />