- Name - Anant Vijay (@XDRAGON2002)
- Organisation - Python Software Foundation
- Sub-Organisation - CVE Binary Tool
- Project - Improve language-specific package support
- Proposal - View / Download
cve-bin-tool allows scanning of package data files for various languages, but the manner of doing this is very unstructured in nature, moreover there is no code modularity or abstraction. As various commonanilites exist between these parsers, principles of Object Oriented Programming can be used to improve the code quality, moreover the process of adding suport for new languages can be improved as well
Improve the code quality and methodology of parsers which includes:
- Create an OOPs based structure to add parsers
- Restructure existing parsers to the new format
- Wrap the parsers under a uniform abstracted API for parsing package data
- Created a new structure for the parsers, refactored the existing parsers to the new format and wrapped all the parsers under a common API for ease of use and for improving code quality, modularity and abstraction.
- PRs:
cve-bin-tool supports scanning of language data files but the number of supported languages is very less, so in order to improve the detection capabilities of the tool support for more languages needs to be added.
Improve the language parsing support of the tool which includes:
- Add support for new languages
- Improve support for existing languages
- Added support for various new languages which improved the use case of the tool, also improved the support for existing language data parsers.
- PRs:
You can find a detailed description of progress and work done in weekly blogs.
I plan on contributing significantly to the project after the GSoC period. Things I plan to do:
- Further improving the code quality and working on making the codebase future proof.
- Working with SBOMs and improving the tool to support more formats.
- Adding support for even more language and further improving the detection capabilities of the tool.
I am thankful to Google, Python Software Foundation, and Intel for providing me with this excellent opportunity and the mentors, Terri Oda, Suhail, and Anthony Harrison, who guided and helped me throughout the program.
I would also like to thank my fellow GSoC contributor Yashu & Rhythm and the cve-bin-tool community for helping me during the program.