-
Notifications
You must be signed in to change notification settings - Fork 11
Details ‐ Settings
The Settings page in ShellSweepX provides a user interface for configuring various aspects of the system, including API keys, AI prompts, YARA rules management, and database scanning. This page allows administrators to customize the behavior and capabilities of ShellSweepX.
The settings.html template is structured as follows:
- Header: Contains the ShellSweepX logo and navigation menu.
-
Main Content:
- Settings Form
- YARA Rules Management
- Database Scan Button
- Rule Viewer/Editor
- Footer: Displays copyright information and a link to Terms of Service.
- Allows configuration of:
- GPT API Key
- Claude API Key
- AI Prompt
- YARA Enablement
- Form submission saves settings via POST to
/save_settings - Displays success/error messages after form submission
- Lists existing YARA rules with validation status
- Provides options to view, edit, and delete individual rules
- Allows adding new YARA rules
- Button to trigger a scan of the database using current YARA rules
- Modal-like interface for viewing, editing, and adding YARA rules
- Dynamically shows/hides based on user actions
The page includes several JavaScript functions to handle dynamic behavior:
-
viewRule(filename, content): Displays the rule viewer with the selected rule's content -
closeViewer(): Hides the rule viewer -
addNewRule(): Prepares the rule viewer for adding a new rule -
saveRule(): Handles saving new or updated rules -
deleteRule(filename): Manages the deletion of YARA rules - Event listeners for various user interactions (e.g., clicking view/delete buttons, saving rules)
The page uses fetch API for asynchronous interactions with the server:
- Scanning database with YARA rules
- Adding new YARA rules
- Updating existing YARA rules
- Deleting YARA rules
- Uses CSS defined in
/static/css/styles.css - Custom styling for form elements, buttons, and the rule viewer
- Visual Feedback: Uses checkmarks to indicate set API keys and YARA rule validity
- Confirmation Dialogs: Asks for confirmation before deleting rules
- Dynamic Updates: Page reloads after rule changes to reflect current state
- Modal-like Editing: Rule viewer appears over the main content for focused editing
- API keys are input as password fields to mask the values
- YARA rule content is properly escaped to prevent XSS attacks
- Server-side validation (implied) for API key and YARA rule changes
- Real-time Validation: Validate YARA rules in real-time as they're being edited
- Pagination: If the number of YARA rules grows large, implement pagination for the rules list
- Search Functionality: Add ability to search through YARA rules
- Rule Categories: Implement a categorization system for YARA rules
- Backup/Restore: Add functionality to backup and restore settings and YARA rules
- The template uses Jinja2 syntax to populate initial values (e.g.,
{{ settings.gpt_api_key }}) - Form submission and AJAX calls interact with various backend endpoints for data management
This Settings page serves as a crucial interface for administrators to configure and maintain the ShellSweepX system. It provides comprehensive control over API integrations, AI behavior, and YARA rule management, allowing for fine-tuned customization of the webshell detection process.