Articles on SinghHrmn's Blog

GSoC Week 13: Final Week

Singh.hrmn98@gmail.com (SinghHrmn) — Wed, 26 Aug 2020 06:25:51 +0000

What I did this week?

I worked on smaller bug fixes this week.

What is coming up next?

I am having exams this week so I am taking a break.

Have I got stuck anywhere?

There are no blocking issues for me at this moment.

GSoC Week 12: return completed_project

Singh.hrmn98@gmail.com (SinghHrmn) — Wed, 19 Aug 2020 19:08:01 +0000

What I did this week?

I added a new print_mode which produce beautiful printable code. Users can switch from Interactive Mode to Print Mode in the final HTML report.

What is coming up next?

This is my last week before evaluations so I'll be focusing on fixing the leftover code and some documentation if required.

Have I got stuck anywhere?

There are no blocking issues for me at this moment.

GSoC Week 11: Report.print()

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 10 Aug 2020 12:13:15 +0000

What I did this week?

This week I was looking what is the best way to provide the users with a printable format. I am working on ReportLab solution. But I also worked on improving and adding some changes to HTML structure.

What is coming up next?

By this week I'll implement a solution for the print problem. Either be it a PDF or a Easy HTML template that is easy to print.

Have I got stuck anywhere?

There are no blocking issues for me at this moment.

GSoC Week 10: Print

Singh.hrmn98@gmail.com (SinghHrmn) — Thu, 06 Aug 2020 05:00:37 +0000

What I did this week?

I took a break for the week. So there's nothing on my list.

What is coming up next?

From my last work there were few minor things that need to be changed in my triage PR. I'll be working on adding a new format that is PDF. I need some time to figure out what is the best case to add this feature that is either using a different output format or providing a new template so the users can directly print from the HTML.

Have I got stuck anywhere?

There are no blocking issues for me at this moment.

GSoC Week 9: Triage data

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 27 Jul 2020 16:48:18 +0000

What I did this week?

I was working on the Addition of File paths to the HTML reports and I have submit a PR for that. Users will now be able to see what are the files that were vulnerable I also worked on improving the Template design to better support this new functionality.

What is coming up next?

I'll be taking a leave for 6 days from 29 July to Aug 3rd. but before that I'll complete my Triage information stuff in the HTML reports.

Have I got stuck anywhere?

There are no blocking issues for me at this moment.

GSoC Week 8: Where's the problem ?

Singh.hrmn98@gmail.com (SinghHrmn) — Thu, 23 Jul 2020 08:37:52 +0000

What I did this week?

I have been working on adding the tutorial on how to customise the HTML Reports. I have added a argument which will get the directory path from the user. I have also handled the hidden div problem from the plotly.js So now we don't need to reload the window on window resize. The performance has improved significantly for the reports.

What is coming up next?

In our weekly meeting we discussed on adding the application path to the Report as well as other machine readable output like json. Because some of our users generate HTML from json. So now we'll also be storing the product path inside the output.

Have I got stuck anywhere?

There are no blocking issues for me at this moment.

GSoC Week 7: Templates Tutorial

Singh.hrmn98@gmail.com (SinghHrmn) — Thu, 16 Jul 2020 11:41:27 +0000

What I did this week?

I researched for the HTML Report design that is good looking and more feature rich. I have been working on and developing it. The new HTML Report will have support for Triage stuff. So that the user can quickly navigate to CVEs with specified remarks. I have also added a footer with useful links like our github, community IRC, and instructions on how to raise an issue.

What is coming up next?

As discussed in our weekly meeting and as specified in issue #808 we want to let the user specify his own HTML templates if for any reason they want to update that. So to support this I'll write a complete Tutorial on How to add your own templates? and what are the things the user must handel in their Templates.

Have I got stuck anywhere?

For now I was working on my research and design so I good to go.

GSoC Week 6: Begin the Phase 2

Singh.hrmn98@gmail.com (SinghHrmn) — Thu, 09 Jul 2020 09:07:14 +0000

What I did this week?

As mentioned I worked on refactoring output_engine due to its increasing size. It will now be easy to maintain although I have not sumbitted a PR because I need the latest PR by Niraj to work and I'm waiting to get that merged. As soon as that gets merged I'll file a 2 PRs one refactoring output_engine and other adding the exact path to the extracted files. That issue was also on our priority list. But I have not added that in our HTML and we are just storing that for now and it will be covered in the future updates.

What is coming up next?

For now I'll be researching on my future goals and I'll work to update the HTML reports according to the Triage stuff and according to the new Paths that the user might want to see in their HTML reports. New HTML design will contain changes acccording to the new Triage stuff that Niraj kamdar has added Like New Found, Mitigated, Ignored etc.

Have I got stuck anywhere?

I'm stuck because I need the latest PR by Niraj to get merged in order to work Although I have started and completed my work on top of the Niraj's Latest PR but That PR might need some changes and I'll need to incorporate those changes in my PR too.

GSoC Week 5: Priority Matters

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 29 Jun 2020 15:36:32 +0000

What I did this week?

Instead of working on HTML output tests I worked on normalizing the package name and the module name because they were creating confusion so I prioritized that. I also added Vendor field in Console, CSV and JSON. So now we'll get output as Vendor, Product, Version, CVE Number, Severity. That will help distinguish between products that have same name but different vendors. Also I found that our console output is failing on windows, thanks to Niraj-Kamdar who was working on improving windows tests. So I also fixed that issue but as the issue was related to rich so I contacted the developer of rich because this issue can be faced by others. So he worked and released rich version 3.0.0 which he thinks can solve our error. Though I have not tested that But I think that will solve our problem in a very efficient way. Thanks to the developer of rich.

What is coming up next?

As things are changing fast I hope to work on the last week leftovers. But I guess I'll need to work on improving the filepath description in the logs to be more precise and hierarchical manner. And we also need to store that to produce the list of affected files somehow and show that in HTML Reports if necessary.

Have I got stuck anywhere?

There were some priority changes so I had to change my plans. But there were no problems encountered this week so far.

GSoC Week 4: import rich:

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 22 Jun 2020 13:52:17 +0000

What I did this week?

I worked on adding color to the console as well as log. I'm using rich library for that. The reason why I choose this library is that rich supports cross platform implementaion and it's ability to detect terminal and adjust acoordingly is awesome. It supports mainly every terminal and even remove color codes if it detects that the output is not console. Now we can generate colored output for the console.

What is coming up next?

As the size of OutputEngine is growing and we have many different implementations inside a single file. I'll work to refactor the code so that it is more maintainable. Also I will work to add tests for the HTML output. Currently I'm learning different ways in which I can test the HTML output.

Have I got stuck anywhere?

This week I was lucky and haven't met with any unneccessary blockages.

GSoC Week 3: try except finally:

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 15 Jun 2020 13:11:03 +0000

What I did this week?

Last week I discussed that we need to find another charting library because "Pygal" was not up to the mark. So I started looking and found that Plotly can be an option. So I tested if it can produce the same results as Pygal and found it is much more useful. I'm now using Plotly Python which is a Plotly API. So, now we can quickly generate graphs using Plotly. I was also working on adding Filter property so that the user can filter out products. Now we can generate HTML reports with a nice filter property.

What is coming up next?

This week I will work on adding colors to the console output. After this change we will get a nice console output with different color for different severity levels.

Have I got stuck anywhere?

There were few issues with Plotly Implementations and I guess they are solved in Plotly but it will take some time for changes to get reflected in Plotly Python. Although I have solved those problems but Plotly's own implementaion will be faster so it would be nice if they get that fixed.

GSoC Week 2: except Exception as opportunity_to_learn:

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 08 Jun 2020 09:15:38 +0000

What I did this week?

I was working on the HTML Report genration process. For that I have to do some changes in the cvedb.py and some modificatioins in the structure of the code. We also figured out the confusion in the "product" and "package" naming conventions. So now we are using product everywhere except for the packages that are downloaded from the internet. Also I looked for other libraries for chart generation beacuse the one that we were using currently ("Pygal") is not being maintained. I'm currently testing Plotly and see if that can solve our problem.

What is coming up next?

After I have worked on HTML Report generation I'll work on Adding Color to the console output. And other smaller changes in the HTML Report Like adding a filter property.

Have I got stuck anywhere?

I was using pygal to generate SVG Charts but then Jhon said pygal is not being maintained and we must use something that is maintained and tested. But this helped me realize the importance of a maintained project. So I excepted this exception as opportunity to learn.

GSoC Week 1: def journey_begins(excited=True):

Singh.hrmn98@gmail.com (SinghHrmn) — Mon, 01 Jun 2020 12:26:12 +0000

Hello Everyone!
I'm Harmandeep Singh, a third-year undergrad in B.Tech CSE at Guru Nanak Dev University, Amritsar, India and I'll be working with CVE Binary Tool this summer under the umbrella of Python Software Foundation. My task will be to improve the Output of cve-bin-tool and other smaller issues.

What is the CVE Binary Tool?

The CVE Binary Tool scans for a number of common, vulnerable open source components like openssl, libpng, libxml2, expat etc. to let you know if a given directory or binary file includes common libraries with known vulnerabilities.

How it works?

We have checkers for popular open source libraries which contains methods which look at the strings found in a binary file to see if they match certain unique strings found in an open source library and try to guess it's version. We have a scanner module which recursively scans every binary file of the given directory and parse strings from the binary file and forward it to every checkers and checkers determine the vendor, product and version and pass it to the scanner then scanner look into local copy of NVD database and finds all the vulnerabilities associated with the given product and displays it. We supports many output formats like JSON, CSV and a nice console format.

What did I do in Community Bonding Period?

know this year is tough for many of us. There were several things that we all wanted to achieve but couldn't due to this pandemic. In this year where everything is changing at a very fast pace and it's hard to predict when this will be over, I wanted to start early so that if anything goes wrong I will have time to figure out something. So, I started working on the HTML Report generation process. My first task was to create a template that will describe the structure of the final output. After getting the template design approved from the mentors. I started working to make this base template modular by dividing it into smaller components so that it is easy to maintain HTML. After that my task was to update the database and add the details I needed for the HTML report.

In between all this, I had weekly meetings with the mentors and they guided and approved what I was doing.

What am I doing this week?

I have few PRs that needs to get merged and they are related to the HTML report. This week I'll work on some smaller issues that need to be solved to make tool consistent. Currently, we are using 'package' for 'product' as well as 'module' and that creates confusion. After the PRs are merged I'll start working on linking HTML as an output type for cve-bin-tool.

Have I got stuck anywhere?

Few places were challenging like when I was working to update the database. As I was not familiar with the cvedb.py, it took me some time to make the desired changes. While other smaller problems were easy to fix.