mrva/mrva-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use lima to trace all traffic without container modifications

Browse Source 
Results are in work-gh/mrva/gh-mrva,  ls trace-*
This commit is contained in:
Michael Hohn
2025-07-28 22:33:54 -07:00
committed by =Michael Hohn
parent 654ea40520
commit c1b3a90ebd
3 changed files with 59 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
README.org
View File

@@ -49,7 +49,7 @@
newgrp docker newgrp docker
ln -s /Users/hohn/work-gh /home/hohn.linux/ ln -s /Users/hohn/work-gh /home/hohn.linux/
sudo apt install golang-go sudo apt-get install ngrep golang-go tshark postgresql-client-common
#+END_SRC #+END_SRC
@@ -62,7 +62,7 @@
cd ~/work-gh/mrva/mrva-docker/containers/ghmrva/ cd ~/work-gh/mrva/mrva-docker/containers/ghmrva/
sudo docker build -t client-ghmrva-container:0.4.0 . docker build -t client-ghmrva-container:0.4.0 .
cd ~/work-gh/mrva/mrva-docker/containers/vscode/ cd ~/work-gh/mrva/mrva-docker/containers/vscode/
@@ -136,8 +136,51 @@
docker cp gh-mrva mrva-ghmrva:/usr/local/bin/gh-mrva docker cp gh-mrva mrva-ghmrva:/usr/local/bin/gh-mrva
#+END_SRC #+END_SRC
** set up traffic tracing
In a separate terminal:
#+BEGIN_SRC sh
limactl shell ubu
# in vm
# capture traffic
ip link show | grep br-
# form:
export BR1=br-442ef935d9f8
export BR2=br-e2ebd32bfe66
sudo tcpdump -i $BR1 -w trace-$BR1.pcap &
sudo tcpdump -i $BR2 -w trace-$BR2.pcap &
# Note docker0 is DOWN
# send requests elsewhere
# view full content:
cp trace-$BR1.pcap /tmp/foo
tshark -r /tmp/foo -Y 'http.request' -T fields -e http.request.method \
-e http.host -e http.request.uri | grep '/repositories/'
tshark -r /tmp/foo -Y http -V | less
cp trace-$BR2.pcap /tmp/foo
tshark -r /tmp/foo -Y 'http.request' -T fields -e http.request.method \
-e http.host -e http.request.uri | grep '/repositories/'
tshark -r /tmp/foo -Y http -V | less
tshark -r /tmp/foo -Y 'http.request' -T fields -e http.request.full_uri |\
grep '/repositories/'
# should find these
tshark -r /tmp/foo \
-Y 'http.request.uri contains "/repos/"' \
-T fields -e http.request.uri
# should not find these
tshark -r /tmp/foo \
-Y 'http.request.uri contains "/repositories/"' \
-T fields -e http.request.uri
#+END_SRC
** send requests
In [[./bin/ma.send-request]]
* TODO lima vm * TODO lima vm
** intro ** intro
@@ -512,7 +555,6 @@
#+END_SRC #+END_SRC
** Send request via gui, using vs code ** Send request via gui, using vs code
The following sequence works when run from a local vs code with the custom The following sequence works when run from a local vs code with the custom
codeql plugin. codeql plugin.

8
bin/ma.send-request
View File

@@ -59,19 +59,19 @@ eof
# Submit the MRVA job with the first query # Submit the MRVA job with the first query
cd ~/work-gh/mrva/gh-mrva/ cd ~/work-gh/mrva/gh-mrva/
gh-mrva submit --language cpp --session mirva-session-3482 \ gh-mrva submit --language cpp --session mirva-session-4111 \
--list mirva-list \ --list mirva-list \
--query ~/work-gh/mrva/gh-mrva/FlatBuffersFunc.ql --query ~/work-gh/mrva/gh-mrva/FlatBuffersFunc.ql
# Check the status of the submitted session # Check the status of the submitted session
gh-mrva status --session mirva-session-3482 gh-mrva status --session mirva-session-4111
# Download SARIF files and databases if there are results. For the current # Download SARIF files and databases if there are results. For the current
# query / database combination there are zero result hence no downloads # query / database combination there are zero result hence no downloads
cd ~/work-gh/mrva/gh-mrva/ cd ~/work-gh/mrva/gh-mrva/
gh-mrva download --session mirva-session-3482 \ gh-mrva download --session mirva-session-4111 \
--download-dbs \ --download-dbs \
--output-dir mirva-session-3482 --output-dir mirva-session-4111
#* Set up QLPack for the next query #* Set up QLPack for the next query

13
docker-compose-demo.yml
View File

@@ -50,9 +50,12 @@ services:
# ./containers/ghmrva/Dockerfile # ./containers/ghmrva/Dockerfile
container_name: mrva-ghmrva container_name: mrva-ghmrva
image: client-ghmrva-container:0.4.0 image: client-ghmrva-container:0.4.0
network_mode: "service:server" # Share the 'server' network namespace # network_mode: "service:server" # Share the 'server' network namespace
networks:
- mrva-net
environment: environment:
- SERVER_URL=http://localhost:8080 # 'localhost' now refers to 'server' - SERVER_URL=http://server:8080
- MRVA_SERVER_URL=http://server:8080
code-server: code-server:
# ./containers/vscode/Dockerfile # ./containers/vscode/Dockerfile
@@ -122,7 +125,8 @@ services:
SERVER_PORT: "8080" SERVER_PORT: "8080"
networks: networks:
- backend - backend
- mrva-net
postgres: postgres:
image: postgres:15 image: postgres:15
container_name: mrva-postgres container_name: mrva-postgres
@@ -155,7 +159,8 @@ services:
networks: networks:
backend: backend:
driver: bridge driver: bridge
mrva-net:
driver: bridge
volumes: volumes:
pgdata: pgdata: