Google Summer of Code Final Work Report
- Name: Saurabh Khandelwal
- Organisation: Python Software Foundation
- Sub-Organisation: CVE Binary Tool
- Project: Adding new checkers to the CVE Binary Tool
- Proposal: View / Download
Improving CVE-Binary-Tool by adding as many checkers as possible. Focussed on popular linux libraries as well as commonly used applications with vulnerabilities, so as to make the tool more effective in determining security issues present in a system.
A few of them were:
Added checkers for more than 24 open-source libraries.
More than doubled the number of products that the CVE-Binary Tool can detect.
Reorganized tests in test_scanner.py
Arranged tests into sub-arrays for each checker. Broken up the giant array into arrays per checker, and chained them using itertools.chain in @pytest.mark.parametrize.
Detailed weekly description of tasks and work done can be found in:
- Weekly Blogs: https://blogs.python-gsoc.org/en/saurabhk122s-blog/
- All Commits: https://github.com/intel/cve-bin-tool/commits?author=SaurabhK122&before=12b62be7e4ebf8f1863076cfd14074cde2cd413a+35
The tool has come a long way since I started contributing to it in February 2020. The tool had 10 checkers to begin with, while now it has 60+ checkers. A lot of new contributors have joined us, and the tool has improved a lot in the past couple of months. Some of the things on which I would to work on are:
- Figuring out a workaround for checkers like prosody, which don't have any viable signatures other than of the form (X.X.X)
- Adding more checkers for products that could be important for the tool to detect
I would like to thank my mentors Terri Oda and John Andersen, who have guided throughout the summers. It is because of them that I was able to complete the project on time. I would also like to thank Google and Python Software Foundation for this amazing opportuninty.