What I did this week?

Last week I had a discussion with my mentors, and it came up that since now I have a fair experience working with checkers, I should work on checkers for as many libraries as possible. Terri suggested a few of them, and from that list I have added a checker for bash library. Also, I added checkers for dovecot and gimp libraries.

What will I be doing this week?

I will be working on adding checkers for some other libraries and also on updating documentation on adding a new checker to the tool.

Did I get stuck anywhere?

I faced some difficulty in finding viable signatures for bash library which were consistent across different versions and distributions at first, but other than that, everything worked out.

What I did this week ?

This week I added checkers for busybox and radare2 libraries. Along with this I fixed issue #546, which was for the clearer organisation of tests in test_scanner.py file. I arranged tests into sub-arrays for each checker, spilt up the giant array into arrays per checker, and chained them using itertools.chain in @pytest.mark.parametrize.

What is coming up next ?

This week I will be working on adding checkers for dovecot and gimp libraries.

Have I got stuck anywhere?

While last week, I had problems finding common signatures for different versions of polarssl libraries, this week I did not face this issue with busybox and radare. So everything worked out as expected this week.

Hello everyone! I am Saurabh Khandelwal, a second year undergraduate at IIT Bombay, India and I will be contributing to the CVE-Binary-Tool under PSF.

Overview of the Project

The CVE Binary Tool scans for a set of checkers, which are common, vulnerable open source components and lets us know if a given directory or binary file includes common libraries with known vulnerabilities. The tool, at its launch, had checkers for 10 different open source libraries. But since there are a lot of common open source libraries with vulnerabilities, we want to incorporate the CVE Binary Tool with as many checkers as possible.

The broad goal is obviously to add as many checkers for open source libraries as possible. I aim to add at least 24 new checkers to the CVE Binary Tool. I have focussed on popular linux libraries as well as commonly used applications with vulnerabilities, so as to make the tool more effective in determining security issues present in a system. Stretch goals include fixing minor bugs and enhancing the tool by improving the code coverage.

What did I do in the Community Bonding Period?

I started working early on the project and have added checkers for Openafs, Openvpn and Polarssl libraries. I also added a new signature test for ncurses checker and improved its coverage. Also, I had weekly meets with my mentors every Wednesday, in which we discuss any issues and what to work on next. 

What am I doing this week?

I will be working on creating checkers for some other open source libraries as well on issue #546.

Have I got stuck anywhere?

The one place where I got stuck was to find common signatures in binary files of polarssl, but then I was able to find them for fedora distribution.