SPO600 Lab1

 Lab 1 for SPO600:

I have picked node.js and openSSL, the reason I have picked both of these is that I have had the chance to work with Node in the past and found openSSL to be kind of cool never learned about it till I researched it.


1.) Node.js is an open software package that uses permissive MIT license for the main library. More information can be found here \https://snyk.io/learn/node-js-licensing-and-security-risks/.

Node.js accepts contributions from developers by using Github, here developers can add patches to the software. This link will redirect to the Github page https://github.com/nodejs/node.

There is a total 3,131 contributors to this software, a user by the name mhdawson  seems to be the lead of the project and others can post and patch as well. There is a link here https://github.com/nodejs/node/blob/main/CONTRIBUTING.md#pull-requests that will allow you to apply to become a contributor to the project.


    One of the code patches that I found was by as user named evenLucas who was the author of the patch and also of RafaelGS who committed the patch. The patch is an update to a single file with two changes, two being additions and two being deletions. The patch is fix startup benchmark and looks like the user changed from moduleCategories to builtinCategories. There is no comments on the code so i believe it was just reviewed and after approval was committed by the RafaelGS user. 

link to patch: https://github.com/nodejs/node/commit/f497368679

As for what changes I would have made, I would need to understand a bit more of what the two functions the user changed, from what I did research it seems that the person was trying to change from a native to a built in, which I think would improve speed.

---------------------------------------------------------------------------------------------------------------------------

2.) OpenSSL is a toolkit for cryptography and secure communication, it is written in primarily c programming and is open source for the SSL and TLS protocols. Its lisencing is derived form the Apache License v2. This software uses git to push and pull updates and bug patches. To learn more about the license follow this linkhttps://www.openssl.org/source/license.html

The developers use github in order to push and pull and commit patches. There is 705 total contributors involved in github. https://github.com/openssl/openssl

I found a patch that shows a user grahmwoodward posted and had 4 other users revie it and check on it before it was allowed to be merged and committed. This is a small piece of code but is a great sample to see how they are patching code in regards to cryptography, a lot of the patches where quit large. In this code the user shows a change that fix's the missing null check. The user made a change so if the the strchr returns null then don't add one. This to me looks like the user was getting some errors regarding a bug and was able to debug the results to find the bug.

There where no comments on this code patch but by the looks of it, a few people made some reviews so I am guessing it took a few days to review then be given the go ahead for the push and commit.



Some thing I would had to learn to make my own patch is to learn the way that this program is working as I have never worked with cryptography before or security, as far as this patch goes those it seems straight forward as the user got rid of the +1 at the end of the msg = strchr and now the if statement will check to see if the msg is not null and then increment msg after. It seems the advantage to this approach is that in wont be giving errors to any one using this file in the code. This code could have been giving false results or causing warnings, and changing it to check for the null value first is a much better approach in my mind.


link to patch https://github.com/openssl/openssl/commit/b85d53c1670e47273827bba508daff310c3263ab



Comments

Post a Comment

Popular posts from this blog

SPO600(Project 3.2 FInal Post and thoughts on project and course)

Please Read 3.0 and 3.1 post as well!!  Thoughts on the tool and project. I believe that this can be very useful if expanded, what I mean by this is that I limited this tool just taking in C code using Python, That can be incredibly useful in the sense that if I only had an IDE such as Vs code (Made up example) that only was able to execute python that could become an issue if I need to execute a C style file or code bloc. This tool that I made was able to take that C and still give the desired output using Python language and syntax. This could be done in principial with any kind of code coming to the tool such as C++, Java and all other kinds. This tool could also be put onto other soft ware and is very modular in design.  This tool can be used very well to choose specific architecture, for my tool it was for aarch64 SME, SME2 and ASIMD, Proving the tool worked for choosing the methods was done in my 3.0 post and it shows we can choose a function using the tool that I had made.  The
Read more

SPO600(Project Part 2.1)

Image
My code can be found here:  https://github.com/a-martin94/Spo600/blob/main/tool.py As part two of the project I needed to put my plan in action and so that required a bit revision. Instead of writing in the code in C++ or Node I opted to pick python instead as this was a recommendation from our professor if we had used the language before because it is very good at parsing which is essentially what this project needs to do the most in order to get the expected output. I sadly had never used python before so I found myself learning a lot on the fly, luckily python is some what of an easy language to grasp but having to learn some new syntax and and other tools that python offers was some what harder to do. I do like python in the sense that you can just start coding not really to much third party installs required. I found part two of this project to be very hard. I started off with the idea that I was going to take some tester code that our professor has provided for us and dissect the
Read more