Articles on Harsh's Blog

Final Check-In

singh.harsh9097@gmail.com (Harsh) — Sun, 29 Aug 2021 19:13:09 +0000

The GSoC journey has come to an end. This summer has been one of the most exciting summers of my life. During this journey, I learned a lot of things from writing clean code to documentation to various soft skills that would help me through my journey/career.

I am extremely grateful to my mentors Terri, John, Anthony, Harmandeep and Saurabh and fellow contributors Sahil, Suhail and Dmitry Volodin for guiding and helping me out through this journey. Thank you Google, Python Software Foundation and Intel for giving me this incredible opportunity! :)

Read my final project report here: Harsh's Final Report

- Harsh (peb) ;)

Weekly Check-In #10

singh.harsh9097@gmail.com (Harsh) — Thu, 19 Aug 2021 11:55:29 +0000

What did you do this week?

This week was spent wrapping up and closing open PRs. This week I added argparse module support to helper-script. I also fixed some bugs related to "affected-versions".

What is coming up next?

I would write a few more tests and improve docs and prepare for the final report :)

Did you get stuck anywhere?

No.

Weekly Check-In #8 & #9

singh.harsh9097@gmail.com (Harsh) — Wed, 04 Aug 2021 14:16:39 +0000

What did you do this week?

Majority of week 8 was spent shifting and travelling to my college dorms due to sudden opening of colleges here and I had an exam on the start of week 9. So, some time was spent preparing for the exam. During this period, I added the console output for "safe package recommendation" to cve-bin-tool. I also added some checkers.

What is coming up next?

In the upcoming week, I plan on expanding the "safe version recommendation" to html output too. I also plan on improving adding some minor improvements to the "helper-script", on which I worked in the first half of my GSoC.

Did you get stuck anywhere?

No.

Weekly Check-In #7

singh.harsh9097@gmail.com (Harsh) — Wed, 21 Jul 2021 18:01:09 +0000

What did you do this week?

Most of this week was spent researching for "recommending safe packages" related ideas and reading many articles and posts on what could be the best method. I also worked on some minor issues in cve-bin-tool.

What is coming up next?

The upcoming week would be spent making this and iterating over it. I would also like to improve the user input method for helper-script this week. :)

Did you get stuck anywhere?

Again, I had small doubts here and there, but my mentors helped me to overcome them seamlessly :)

Weekly Check-In #6

singh.harsh9097@gmail.com (Harsh) — Thu, 15 Jul 2021 15:38:40 +0000

What did you do this week?

This week I tested Helper-Script on a lot of new/unknown packages to scan for binary strings and the results were consistent. During this process, I added checkers which version strings in them like: liblas, libbpg, zsh, etc.. I also did some minor refactoring on helper-script too.

What is coming up next?

In the coming week, I would start with the second half of my project, i.e., "Recommending safe packages". In this this week, I plan on researching and collecting the resources that would be required for the upcoming weeks.

Did you get stuck anywhere?

Weekly Check-In #5

singh.harsh9097@gmail.com (Harsh) — Wed, 07 Jul 2021 18:28:29 +0000

I had my college exams from 5th July to 7th July, so most of my time was spent studying for them and I was not able to contribute for the most of this week :( Since my exams are over now! I'm back full of energy!!! (yay! :))

Weekly Check-In #4

singh.harsh9097@gmail.com (Harsh) — Tue, 29 Jun 2021 17:01:59 +0000

What did you do this week?

This week I finished giving the Helper-Script an output and tested it on packages for whom we already have a checker for to validate Helper-Script's results. I also completed writing the docs for Helper-Script and fixed "CONTAIN_PATTERNS" for avahi, bash, bind, busybox, cups, curl, dnsmasq, wireshark, varnish checkers.

What is coming up next?

In the upcoming week, I plan on getting feedback from my mentors and friends and implement any necessary changes. I also plan on adding various checker and fixing other existing checkers while testing the tool :)

Did you get stuck anywhere?

Weekly Check-In #3

singh.harsh9097@gmail.com (Harsh) — Tue, 22 Jun 2021 18:52:54 +0000

What did you do this week?

This week I automated the file extraction process and the strings finding process from the ELF binary files. After this was done, I began testing it against various packages(for whom the checkers already exist) to confirm that the tool works as expected before moving forward to make the output a bit pretty :) I also iterated over the vendor-product finding process to deal with some corner cases.

What is coming up next?

In the upcoming week, I plan on making the output a bit pretty and test it against various packages to find any corner-cases or bugs. I also plan on writing the tests and the documentation for the same.

Did you get stuck anywhere?

Again, I had small doubts here and there, but my mentors helped me to overcome them easily :)

Weekly Check-In #2

singh.harsh9097@gmail.com (Harsh) — Wed, 16 Jun 2021 06:49:46 +0000

What did you do this week?

I automated the process for retrieving the vendor-product pairs from the csv database that cve-bin-tool stores. I started by first retrieving the package name from the package filename provided by the user and then I automated the retrieving process with the help of "sqlite3" module. I also started working on the regex process (where I would be finding required strings in the binary).

What is coming up next?

This week I plan on completing the regex process (mentioned above) and also the file extracting process.

Did you get stuck anywhere?

I had small doubts here and there in the codebase, but my mentors helped me to get past them. :)

Weekly Check-In #1

singh.harsh9097@gmail.com (Harsh) — Tue, 08 Jun 2021 13:27:45 +0000

Hello Everyone!! I am Harsh, a first year undergrad at BIT, Bangalore - India. This summer I will be working with CVE Binary Tool under the umbrella of Python Software Foundation.

What did you do in Community Bonding Period?

The community bonding period helped me to know my mentors and set a communication medium. During this period, I was familiarizing myself with the codebase and I also learnt various things that would help me with the project like - web-scrapping, about various modules and many more things.

What is coming up next?

I will be working on creating the extraction process of binary files. Since, cve-bin-tool already has code for extracting files and getting strings, so my task here would be to understand this and use it in the "Helper Script".

Did you get stuck anywhere?

I was intimidated by the codebase at first, but as I learnt various stuff during the "community bonding period", I felt more confident and now I feel like I could tackle any challenge in my way :)