Differences

This shows you the differences between two versions of the page.

--- gsoc:google-summer-code-2024-openprinting-projects [2024/02/07 18:39]
till
+++ gsoc:google-summer-code-2024-openprinting-projects [2024/02/16 22:32]
till
@@ Line 34: / Line 34: @@
   * [[https://podcast.asknoahshow.com/368?t=2837|Ask Noah: Till Kamppeter on how OpenPrinting improved printing with Linux/Unix]]
   * [[https://www.youtube.com/watch?v=m5QKJH9tDjQ|Linux Saloon: Till Kamppeter about how he got Snap enthusiast]]
+====Talk about OpenPrinting====
+  * [[https://fosdem.org/2024/schedule/event/fosdem-2024-1930-openprinting-we-make-printing-just-work-/|OpenPrinting - We make printing just work! Till Kamppeter, FOSDEM 2024, Brussels, Belgium]]
 ====Printer Drivers get Printer Applications====
@@ Line 211: / Line 215: @@
 Code License: Apache 2.0, MIT, GPL-2+ and LGPL-2+
+=====Integrating C-based OpenPrinting projects in OSS-Fuzz testing=====
+contributor full-size (350 hours), Level of difficulty: Intermediate
+[[https://google.github.io/oss-fuzz|OSS-Fuzz]] is a project aimed at finding vulnerabilities in open-source projects that are critical to the Internet infrastructure. It is powered by Google and was initiated in response to [[https://heartbleed.com|Heartbleed]], an OpenSSL vulnerability that could have been discovered with classic vulnerability discovery techniques. The codebases integrated into OSS-Fuzz are run multiple times with randomly crafted inputs in an approach called fuzzing.
+Most of OpenPrinting's code is written in C, which is susceptible to memory corruption bugs. OpenPrinting's projects do not use fuzzing, with a single exception: CUPS has a [[https://github.com/OpenPrinting/cups/blob/master/cups/fuzzipp.c|custom fuzzer]] run when testing the build, for a fixed number of iterations.
+Due to the compatibility of C projects with OSS-Fuzz, we would like to abandon the existing fuzzer and integrate the following C-based OpenPrinting projects into OSS-Fuzz (projects in priority order):
+  * CUPS
+  * libcups
+  * cups-local
+  * cups-sharing
+  * libcupsfilters
+  * cups-filters
+  * cups-browsed
+  * PAPPL
+  * cpdb-libs
+  * cpdb-backend-cups
+  * libppd
+  * pappl-retrofit
+The purpose is to use the Google Summer of Code timeframe to create a mature OSS-Fuzz integration that maximises the number of fuzzed projects and fuzzing efficiency, as measured by coverage and execution speed.
+The contributor should work on:
+  * Coordinating with OpenPrinting which projects have highest priority and also which functionality of them, to get the best from the limited GSoC time
+  * Creating Docker-based build environments
+  * Writing libFuzzer fuzz targets
+  * Creating a corpus of data
+  * Understanding and implementing the [[https://google.github.io/oss-fuzz/advanced-topics/ideal-integration/|OSS-Fuzz best practices]]
+  * Coordinating with the OpenPrinting developers to patch the vulnerabilities found by OSS-Fuzz
+  * Analysing the found vulnerabilities and interpreting their details to deduce vulnerability classes that can be mitigated in bulk.
+Mentors: Till Kamppeter, Project Leader OpenPrinting (till at linux dot com), George-Andrei Iosif, Security Engineer at Canonical (andrei at iosif at canonical dot com, further members of Canonical's Security Team TBD
+Desired knowledge: C, fuzzing
+Code License: Apache 2.0, MIT (licenses of the OpenPrinting projects)
 =====Replace QPDF by PDFio as PDF manipulation library in libcupsfilters (cfFilterPDFToPDF() filter function and others)=====

Wiki

User Tools

Site Tools

Differences

Page Tools