-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GSoC 2019 Project Idea: Add new checkers to the CVE Binary Tool #24
Comments
@terriko Hi. I'm interested to work on this. |
I've started to add a few new checker requests into our github issues list, so if you're looking for some more advanced work, here's the search that will find them as they get added |
I'm interested in this. Is this available to work on @terriko ? |
@arnav-t All GSoC ideas are open to all until Google's application system closes and we have to choose students. |
We're looking for "real file" tests of the scanners, if anyone's interested in working on those, details on how to add one are are available in #107. Short version, your test will look like this: @unittest.skipUnless(os.getenv('LONG_TESTS') == '1', 'Skipping long tests')
def test_rpm_curl_7_32_0(self):
"""
test to see if we detect a real copy of curl 7.32.0
"""
self._file_test(
'https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/20/Everything/x86_64/os/Packages/c/',
'curl-7.32.0-3.fc20.x86_64.rpm',
'curl',
'7.32.0') And when you test it locally, you'll need to make sure you have LONG_TESTS enabled, so this one would have to be run as follows: LONG_TESTS=1 python -m unittest test.test_scanner.TestScanner.test_rpm_curl_7_32_0 |
I added a batch of new checker requests to github issues today that could be relevant to this gsoc idea. |
I also made a new tag "signature needs work" to flag the ones where we know there's no easy version string we can use as a signature, so people know those aren't the best ones to start on. I'm open to better ideas of what to call the tag, too. |
Closing this since GSoC 2019 is drawing to a close, but this will probably be an idea again in GSoC 2020 because we can always use new checkers! |
The CVE Binary tool team is hoping to participate in Google Summer of Code (GSoC) under the Python Software Foundation umbrella. You can read all about what this means at http://python-gsoc.org/. This issue, and any others tagged 'gsoc' are not generally available bugs, but related to project ideas for GSoC.
Project Idea : Add new checkers to the CVE Binary Tool
Project description: The CVE Binary Tool, at launch, only has checkers for 10 different open source libraries. We have a list of over 50 that are being added to our issues list (search for new checkers) that we'd like to have in our next few releases. For this project, you'll implement as many of those as you can, including producing tests.
(Don't worry that we're going to run out of checkers -- if we exhaust the current list, we can definitely find more to add.)
Skills: Python, git, experience reading source code for other languages a bonus
Difficulty level: Easy
Related Readings/Links: How to add new checkers
Potential mentors: @terriko @pdxjohnny @WhataTiberius
Getting Started: Python requires that all students submit a code sample as part of your application. For your first pull request, we recommend you write a new test case for an existing checker. The easiest one to do as a first pull request is a scanner test for a new version of a library we can already detect.
test/
cve-bin-tool/checkers/
test/binaries/
Extra credit: Got your test working and want to try something more? You can also try adding a checker before the project starts. See the related readings above for instructions.
The text was updated successfully, but these errors were encountered: