From Fedora Project Wiki

Contact Information

Name: Vasram Devji
Email: vasramdchaudhary@gmail.com
IRC: vasramc


About Me

I have used GNU/Linux for many years now and I have contributed to many software projects on my campus. I have extensive experience with Python language and have dabbled with Java non-trivially. I am comfortable writing C as well.

I am doing my bachelors in engineering because I want to solve the problems of humanity with technology. This has been my aim since I was a very young age.

I am a Computer lover and am a big believer in their power to improve the world. Computers have the potential to elevate humans from their suffering and lift them into the sunshine of joy. Us, as computer scientists have the solemn duty to bring that about.

I specifically wish to work for Fedora because of their principles. Specifically the First principle of innovation. I like that Fedora distribution is the first to adopt new software into the distribution and are pioneers of new technology. This spirit of curiosity, this love of technology, is what attracts me to Fedora.

I would love to contribute to Fedora in all ways I can (and explore new technologies in the domains where I cannot presently) after GSoC. It would be a honor to do so.

The Project

I presently wish to work on "Continuous static analysis db".

The idea is described as:

   This project proposes the design and implementation of a system to continuously run multiple security oriented static analyzers on source code and display the alarms related to a specific version of the analyzed software. The alarms to be presented will be ranked based on their importance, where critical flaws shall be ranked first and potential false positives are ranked last. We will develop a tool to perform continuous static analysis with different static analyzers and propose a warning classification method using their outputs. We will also propose a visualization approach for the information generated with our tool. 

I chose this project because this is something that can be of great help to Fedora if completed successfully. The large amount of code that Fedora ships can be tested with the static analyzers to make sure that it is not faulty. Static analysis can provide very detailed analysis about our code and alert us to bugs in the system before we ship it. Apart from the bugs, it can also alert us to warnings(red flags) in the code that the static analyzers throw.

This bundled with a web UI to show the present and past results of the static analysis on a particular software can be used to improve the quality of code that Fedora ships.

Here is how I plan to implement this project:

The system will consist of 3 parts:

1. The workers that run the static tests

2. A webserver that accepts the static analysis results sent by the workers

3. A frontend component that would query the webserver for the metrics which it will visualize


Details:

1. We can use Celery queues (or some other alternative) that would start a subprocess and run a script to perform the static analysis on the software mentioned by the webserver and report the findings back to the webserver.

2. The webserver (running a Django app, say) assigns duties to the Celery workers by giving it the static analysis tests which it has to run on the given piece of software. It then accepts the findings and stores them in a database. The webserver is also responsible for exposing an API that the frontend can query for data

3. The frontend will query the API exposed by the webserver for results of the static analysis and display them with nice visualizations.

Architecture visualization:

[1]

I have been in constant touch with the mentor Athos Ribiero (athoscr) and have discussed with him my ideas about how to complete the project. I collaborated with him to submit a patch which added a parser for frama-c static analyzer to the firehose project.

The final deliverable is a deployed system that can be accessed by the stakeholders and can be used to run static analysis on software they care about. On completion of the scan, the system would be able to display the results of the static scans with the issues listed in the order of severity. Along with this, informative visualizations and the ability to re-run the scan would be present as well.

Project Timeline and Workflow

Timeline

Dates Details Deliverable
May 4 - June 15
  • Design the Django app - the database schema, the views, the basic templates. Write tests.
  • Create user roles, implement authentication, populate the database with projects.
  • A functional Django app where the user can login and view a listing of all the proejcts of interest to them
June 15 - June 26
  • Work on the front-end templates and add designing to the web UI. Create login page, home page, project listing page, project static scan results overview page, static scan results detail page. Write tests
  • A fully functional website where the user can login, view projects, see dummy scan result overview and detailed findings and order re-scans
June 26 END OF PHASE 1
The last phase was focused on the webapp. Next phase will be for implementing the parsers and analyzer queues.
June 26 - July 28
  • Implement Celery worker architecture
  • Wire the workers to pipelines that run static scans on the software. Write tests.
  • Workers would be able to run analyzer jobs on clicking from the web UI and view the results
July 28 - August 29
  • Adding more parsers to the pool and refining any wrinkles in the system.
  • Writing additional tests for the entire system
  • Writing documentation
  • The completed functional project submitted.


Why me

I have a firm belief that computers have the ability to solve all the problems of modern society and of humanity in general. This belief in the promise of programming and the computer is what drives my everyday thinking. The idea that someone would work so hard as to create a kernel and then share it with the world for everyone to use, the idea that people from all over the world collaborate on developing that kernel, making it better and more powerful, sharing knowledge and ideas is very motivating for me. I want to be a part of this community and contribute to the betterment of human society in my small way. My passion for the art of computer programming helps me learn things quickly and apply them to solve practical problems.

Prior commitments and Plans during the summer

I have no plans during the summer and would be dedicating the entire summer to working on this project. I will be in constantly available via email, skype, slack etc. I will put more than 50 hours into the project per week. Programming is what I love to do, and I have no plans other than GSoC.