-
Notifications
You must be signed in to change notification settings - Fork 567
CVE Binary Tool Ideas Page for GSoC 2021
The CVE Binary tool team is hoping to participate in Google Summer of Code under the Python Software Foundation umbrella. You can read all about what this means at http://python-gsoc.org/
The CVE Binary Tool is a small Python script that scans for a number of common, vulnerable open source components (openssl, libpng, libxml2, expat and a few others) and will let you know if your binary code includes versions of these common libraries with known vulnerabilities.
This security tool is designed to be a minimal security check that can be made part of your continuous integration as a backup check to make sure older vulnerable code is not part of your release binaries.
Remember: projects for 2021 are half sized compared to 2020 and earlier (175hr projects instead of 350hr ones), so the project should be scaled down compared to previous years.
-
Follow the README and make sure you can run the tool. Try running it against random things on your hard drive and see if it finds anything. On a Linux system, your
/bindirectory usually yields some interesting results. -
Run the tests. The CVE Binary tool has a number of unit tests. Make sure you know how to run them, and if you've never used pytest before, you might want to read up on it (we also have some tests still using python's unittest, but we're tending towrads pytest for new tests). Figure out how to run a single test!
-
Read the documentation. That should help you figure out what the tool is for and how people use it in more detail.
-
Read the new contributor guide
Some potential first contributions:
- File issues. You might encounter a bug or something confusing in the documentation. Let us know if you do!
- Update documentation. We especially appreciate documentation feedback from new users, since your "beginner mind" means you see things differently than experienced users, and will catch places where the documentation could be more detailed or improved.
- Write a new test. Instructions for writing tests are here. This can be your first contribution!
- Try fixing a bug. We have a few flagged as "good first issue". A number of those are new checkers, which although they might sound challenging are often pretty easy to write. Instructions on how to add a new checker are here.
We expect prospective GSoC students to have made at least one code contribution if they want their application to be considered, so now's a good time to get that going! You can ask for as much help as you need.
- Ask here in this issue! (Or file a new one with your question.)
- We have a chat server on gitter. That allows for "live" chat but no one's actually sitting there 24/7 so you should expect to post your question and get an answer hours later when someone sees it.