From f213f4299a05b36c562e9115e22838b585d859d4 Mon Sep 17 00:00:00 2001 From: aiooss-anssi Date: Mon, 15 Jul 2024 10:08:39 +0200 Subject: [PATCH] webapp: do not use PCAP_FILE env var --- docker-compose.yml | 10 +++++++--- example.env | 8 ++------ webapp/main.py | 9 +-------- 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 23df7f5..2b66c67 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,14 +8,18 @@ services: - "./input_pcaps:/input_pcaps:ro" - "./suricata/rules:/suricata/rules:ro" - "./suricata/output:/suricata/output:rw" - env_file: - - .env + environment: + # Include the name of the input pcap file in Suricata EVE logs (default: true) + PCAP_FILE: "true" + # Make Suricata wait for new pcap files (default: true) + # You need to disable this to see the last few flows, else Suricata will wait without logging them. + PCAP_FILE_CONTINUOUS: "true" webapp: build: ./webapp image: anssi/shovel-webapp:dev volumes: - # You may remove the next line if `PCAP_FILE=false`. + # You may remove the next line if `PCAP_FILE=false` in Suricata env - "./input_pcaps:/input_pcaps:ro" # Write access is required in SQLite `mode=ro` as readers need to record # a mark in the WAL file. If you need to make the volume read-only, then diff --git a/example.env b/example.env index 8391b91..dc7fa96 100644 --- a/example.env +++ b/example.env @@ -1,12 +1,8 @@ # Copyright (C) 2024 ANSSI # SPDX-License-Identifier: CC0-1.0 -# Include the name of the input pcap file in Suricata EVE logs and in webapp (default: true) -PCAP_FILE=true - -# Make Suricata wait for new pcap files (default: true) -# You need to disable this to see the last few flows, else Suricata will wait without logging them. -PCAP_FILE_CONTINUOUS=true +# These environment variables are loaded by the webapp. +# When updating this file, you may restart only the webapp. # Examples from FAUST CTF 2023 (2023-09-23) #CTF_START_DATE=2023-09-23T15:00+02:00 diff --git a/webapp/main.py b/webapp/main.py index 02fc187..3b0aee5 100644 --- a/webapp/main.py +++ b/webapp/main.py @@ -143,10 +143,6 @@ async def api_flow_get(request): result = {"flow": row_to_dict(flow)} app_proto = result["flow"].get("app_proto") - # Make sure `pcap_filename` is empty if PCAP_FILE=false - if not PCAP_FILE: - result["flow"]["pcap_filename"] = "" - # Get associated fileinfo # See https://docs.suricata.io/en/suricata-6.0.9/file-extraction/file-extraction.html if app_proto in ["http", "http2", "smtp", "ftp", "nfs", "smb"]: @@ -325,7 +321,6 @@ async def lifespan(app): PAYLOAD_DB_URI = config( "PAYLOAD_DB_URI", cast=str, default="file:../suricata/output/payload.db?mode=ro" ) -PCAP_FILE = config("PCAP_FILE", cast=bool, default=True) CTF_CONFIG = { "start_date": config("CTF_START_DATE", cast=str, default="1970-01-01T00:00+00:00"), "tick_length": config("CTF_TICK_LENGTH", cast=int, default=0), @@ -350,9 +345,7 @@ async def lifespan(app): Route("/api/replay-http/{flow_id:int}", api_replay_http), Route("/api/replay-raw/{flow_id:int}", api_replay_raw), Mount("/static", StaticFiles(directory="static")), - Mount( - "/input_pcaps", StaticFiles(directory="../input_pcaps", check_dir=PCAP_FILE) - ), + Mount("/input_pcaps", StaticFiles(directory="../input_pcaps", check_dir=False)), Mount("/filestore", StaticFiles(directory="../suricata/output/filestore")), ], lifespan=lifespan,