-
Notifications
You must be signed in to change notification settings - Fork 457
CVE Binary Tool Ideas Page for GSoC 2019
The CVE Binary tool team is hoping to participate in Google Summer of Code under the Python Software Foundation umbrella. You can read all about what this means at http://python-gsoc.org/
The CVE Binary Tool is a small Python script that scans for a number of common, vulnerable open source components (openssl, libpng, libxml2, expat and a few others) and will let you know if your binary code includes versions of these common libraries with known vulnerabilities.
This security tool is designed to be a minimal security check that can be made part of your continuous integration as a backup check to make sure older vulnerable code is not part of your release binaries.
We currently have two project ideas:
- GSoC 2019 Project Idea: Add new checkers to the CVE Binary Tool. (Difficulty: easy) You can read about it and discuss it at that link.
- GSoC 2019 Project Idea : Windows support for CVE Binary Tool (Difficulty: intermediate) You can read about it and discuss it at that link.
If you've got a brilliant idea you'd like to propose, please make a new issue with the 'gsoc' tag to discuss it! Students are also welcome to add "stretch goal" ideas to their application if they'd like to start with one of our ideas but have a few extra feature ideas of their own they'd like to work on at the end of the summer if everything stays on schedule. Take a look at the current open issues to see what users want.
- Follow the README and make sure you can run the tool. Try running it against random things on your hard drive and see if it finds anything. On a Linux system, your
/bindirectory usually yields some interesting results. - Run the tests. The CVE Binary tool has a small number of unit tests. Make sure you know how to run them, and if you've never done Python unittests before you might want to read up on python's unittest library. Figure out how to run a single test!
- Write a new test. There's a suggestion about good beginner tests here This will be your first contribution!
Instructions on How to apply can be found on the Python GSoC website. Please don't forget to use our name (cve-bin-tool) in your application title!
Most of our communication will take place in the issue tracker under the label 'gsoc'. Not sure where to ask? Try here!
IRC: Contact us using the main python-gsoc channel, #python-gsoc on freenode. (How to connect.). Note that all our developers are located in US Pacific Standard time at this time.