Saving progress and avoiding data loss

[b1tst0rm]

I understand the docs already mention that this is a focus for a future release, so I guess I am curious where the state of this is and if we can expect this soon? Are contributions on this feature desired from the community?

Problem: I lost a few hours of work today because I forgot to File-->Save and retain a copy of the AFB locally. I knew the risks, gambled, and lost my progress building out an attack flow. It's really easy to accidentally close a tab.

Proposed solution: I understand this project wants to keep user data client side, and I think that's great. But I would love for a more robust option rather than having to remember to save copies of my work every few minutes.

• Idea: allow the user to consent/opt-in to store AFB data client side in the browser, such as in local storage. If a user closes their tab, re-opening the UI would pull the data from local storage and they can continue editing.
• Idea: allow a flag to be set on the Docker container that would save progress to a volume/mount. This way my data is always updating on my disk without me having to click save, then it makes it easy for me to track with git. Obviously this option isn't enabled for the public UI, but if users want this option they can run the container locally and configure it as such.

RELATED, but different suggestion (if you want me to move this to another issue, LMK):

Make it painfully clear in the documentation that saving the JSON (File-->Publish) is not enough to save your data to continue editing it later. If I try to open a JSON file in the UI, nothing shows up because it is not the required data format (.AFB). Maybe even have a popup on the UI warn a user that when they upload a JSON file that it is the wrong format. My first time using the tool I was a bit confused between Publish and Save. Perhaps even consolidate Save and Publish into one option that downloads both files at the same time.

[mehaase]

Hi @b1tst0rm, thank you for trying out Attack Flow. I apologize that you had such a rough experience. We are resuming development of Attack Flow Builder in June to make a 2.1 release. We will address this and a few other usability issues at that time. You raise a few good suggestions here, and I expect our implementation to use one or more of those ideas. We have also kicked around the possibility of using the File System Access API which lets the app request permission to write to a file more than once, and then we could use that to automatically flush changes to disk.

Also good note about JSON vs AFB -- that's definitely another footgun we need to fix.

[mehaase]

This issue is addressed in PR #90. If you leave a page or refresh without saving off, it will show files that you can recover in the File menu.

This will be included in the Attack Flow 2.1 release in August.

[mehaase]

@b1tst0rm This request is now live in the 2.1 release. If you have any unsaved flows, they will appear in the file menu as well as on the new splash screen.