Organization: Python Software Foundation
Repositorie link: https://github.com/tern-tools/tern.
Tiltle: Use shlex to parse Dockerfile RUN instruction commands.
Details: Use shlex to parse Dockerfile RUN instruction commands. On looking at the type of parsing needed for full shell scripts embedded in the run command, we may need to develop a shell script parser to catch all places where software could have been installed.
Previous work on the project
Works towards docs:
1. Document YAML data output that Tern produces. https://github.com/tern-tools/tern/pull/561.
Works towards dockerfile analysis:
1. Record git project name and sha. https://github.com/tern-tools/tern/pull/571.
2. Parsing ARG varibales. https://github.com/tern-tools/tern/pull/580.
3. Find Git Project URL. https://github.com/tern-tools/tern/pull/606.
Works towards bug fixing:
1. Fix linting error for helper.py. https://github.com/tern-tools/tern/pull/650.
2. Fix linting error for generator.py. https://github.com/tern-tools/tern/pull/651.
Work during GSoC
Works towards shell script parser:
1. Using Regex to split shell script. https://github.com/tern-tools/tern/pull/717.
2. Add test dockerfiles for split shell script. https://github.com/tern-tools/tern/pull/718.
3. Update functions to use the shell script parser. https://github.com/tern-tools/tern/pull/756.
4. Add report for branch statement. https://github.com/tern-tools/tern/pull/764.
Works towards analysis on multistage dockerfile:
1. Split multistage dockerfile by stage. https://github.com/tern-tools/tern/pull/774.
2. Analyze multistage. https://github.com/tern-tools/tern/pull/786. (Still work in progress).
Works towards bug fixing:
1. Bug fix with Dockerfile RUN parsing. https://github.com/tern-tools/tern/pull/773.
Progress on my GSoC 2020
During the preparation period on the GSoC 2020, I got familiar with the basic operations on Github (filing a issue, how to commit) by working on the docs(PR#561). Then I picked up the issue on the dockerfile analysis. I quickly got through the code and tried to make changes on it. My mentors were very helpful and helped me a lot on the coding style and logic.
I chose the proposal on the shell script parser. It seemed tricky at first, but if I took the plan step by step, it should work at end. The first step is to seperate the commands, and then pick out the key words, and do analysis on the command at last. We had a weekly meeting over Zoom to keep track on my progress and resolve some problems. Finally I finished my proposal by the beginning of August.
Next, I began to work on multistage dockerfile analysis. This was kind of relevant to my previous work. My plan is spliting the multistage dockerfile, building the image and analyzing on the image. Now I have finished the first step. I will keep working on the following steps.
Thanks to my mentors, your help was greatly appreciated. Tern is awesome, I like it! This is the first time that I have participated in open source project, and I have spent a great summer in GSoC!