Hello everyone! I am Saurabh Khandelwal, a second year undergraduate at IIT Bombay, India and I will be contributing to the CVE-Binary-Tool under PSF.
Overview of the Project
The CVE Binary Tool scans for a set of checkers, which are common, vulnerable open source components and lets us know if a given directory or binary file includes common libraries with known vulnerabilities. The tool, at its launch, had checkers for 10 different open source libraries. But since there are a lot of common open source libraries with vulnerabilities, we want to incorporate the CVE Binary Tool with as many checkers as possible.
The broad goal is obviously to add as many checkers for open source libraries as possible. I aim to add at least 24 new checkers to the CVE Binary Tool. I have focussed on popular linux libraries as well as commonly used applications with vulnerabilities, so as to make the tool more effective in determining security issues present in a system. Stretch goals include fixing minor bugs and enhancing the tool by improving the code coverage.
What did I do in the Community Bonding Period?
I started working early on the project and have added checkers for Openafs, Openvpn and Polarssl libraries. I also added a new signature test for ncurses checker and improved its coverage. Also, I had weekly meets with my mentors every Wednesday, in which we discuss any issues and what to work on next.
What am I doing this week?
I will be working on creating checkers for some other open source libraries as well on issue #546.
Have I got stuck anywhere?
The one place where I got stuck was to find common signatures in binary files of polarssl, but then I was able to find them for fedora distribution.