What I did this week?

Last week I discussed that we need to find another charting library because "Pygal" was not up to the mark. So I started looking and found that Plotly can be an option. So I tested if it can produce the same results as Pygal and found it is much more useful. I'm now using Plotly Python which is a Plotly API. So, now we can quickly generate graphs using Plotly. I was also working on adding Filter property so that the user can filter out products. Now we can generate HTML reports with a nice filter property.

What is coming up next?

This week I will work on adding colors to the console output. After this change we will get a nice console output with different color for different severity levels. 

Have I got stuck anywhere?

There were few issues with Plotly Implementations and I guess they are solved in Plotly but it will take some time for changes to get reflected in Plotly Python. Although I have solved those problems but Plotly's own implementaion will be faster so it would be nice if they get that fixed.

What I did this week?

I was working on the HTML Report genration process. For that I have to do some changes in the cvedb.py and some modificatioins in the structure of the code. We also figured out the confusion in the "product" and "package" naming conventions. So now we are using product everywhere except for the packages that are downloaded from the internet. Also I looked for other libraries for chart generation beacuse the one that we were using currently ("Pygal") is not being maintained. I'm currently testing Plotly and see if that can solve our problem.  

What is coming up next?

After I have worked on HTML Report generation I'll work on Adding Color to the console output. And other smaller changes in the HTML Report Like adding a filter property. 

Have I got stuck anywhere?

I was using pygal to generate SVG Charts but then Jhon said pygal is not being maintained and we must use something that is maintained and tested. But this helped me realize the importance of a maintained project. So I excepted this exception as opportunity to learn.

Hello Everyone!
I'm Harmandeep Singh, a third-year undergrad in B.Tech CSE at Guru Nanak Dev University, Amritsar, India and I'll be working with CVE Binary Tool this summer under the umbrella of Python Software Foundation. My task will be to improve the Output of cve-bin-tool and other smaller issues.

What is the CVE Binary Tool?

The CVE Binary Tool scans for a number of common, vulnerable open source components like openssl, libpng, libxml2, expat etc. to let you know if a given directory or binary file includes common libraries with known vulnerabilities.

How it works?

We have checkers for popular open source libraries which contains methods which look at the strings found in a binary file to see if they match certain unique strings found in an open source library and try to guess it's version. We have a scanner module which recursively scans every binary file of the given directory and parse strings from the binary file and forward it to every checkers and checkers determine the vendor, product and version and pass it to the scanner then scanner look into local copy of NVD database and finds all the vulnerabilities associated with the given product and displays it. We supports many output formats like JSON, CSV and a nice console format.  

What did I do in Community Bonding Period?

 know this year is tough for many of us. There were several things that we all wanted to achieve but couldn't due to this pandemic. In this year where everything is changing at a very fast pace and it's hard to predict when this will be over, I wanted to start early so that if anything goes wrong I will have time to figure out something. So, I started working on the HTML Report generation process. My first task was to create a template that will describe the structure of the final output. After getting the template design approved from the mentors. I started working to make this base template modular by dividing it into smaller components so that it is easy to maintain HTML. After that my task was to update the database and add the details I needed for the HTML report.

In between all this, I had weekly meetings with the mentors and they guided and approved what I was doing.

What am I doing this week?

I have few PRs that needs to get merged and they are related to the HTML report. This week I'll work on some smaller issues that need to be solved to make tool consistent. Currently, we are using 'package' for 'product' as well as 'module' and that creates confusion. After the PRs are merged I'll start working on linking HTML as an output type for cve-bin-tool.

Have I got stuck anywhere?

Few places were challenging like when I was working to update the database. As I was not familiar with the cvedb.py, it took me some time to make the desired changes. While other smaller problems were easy to fix.