You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@fineract.apache.org by Thisura Philips <tt...@gmail.com> on 2017/07/24 03:37:06 UTC
Re: [Mifos-developer][Gsoc2017]Integrating TOIF static analysis with
Apache Fineract
Hi Mark,
As I have mentioned, I have done the integration with apache-fineract. I
have faced with the following problems.
Please see the updated PR at
https://github.com/ThisuraThejith/incubator-fineract/pull/2
1) The task takes more than half an hour at times to complete.
2) The result is a set of xml format files. We need to find out a way to
show the results graphically. That will help the developers to identify the
security vulnerabilities easily.
Currently, I have integrated it as a gradle task. Since it takes a lot of
time to complete, didn't include in the build task.
It would be nice if we can discuss on the above improvements and start
working on that.
Thanks & Regards
On Wed, May 17, 2017 at 10:54 PM, Mark Reynolds <ma...@bu.edu> wrote:
> Thisura,
>
> Yes, we can move ahead with the plan.
>
>
> On Mon, May 15, 2017 at 8:11 AM, Ed Cable <ed...@mifos.org> wrote:
>
> > Mark,
> >
> > Can you please review the previous email of Thisura's so he can proceed
> > ahead.
> >
> > Ed
> >
> > On Sun, May 14, 2017 at 9:47 PM, Thisura Philips <tt...@gmail.com>
> > wrote:
> >
> >> Hi all,
> >>
> >> Shall we move on with the above plan? Any suggestions from the community
> >> are highly appreciated.
> >>
> >>
> >>
> >>
> >> On Wed, Apr 19, 2017 at 7:00 AM, Thisura Philips <tt...@gmail.com>
> >> wrote:
> >>
> >> >
> >> > Hi all,
> >> >
> >> > I have done a POC for the $ubject at github
> >> > <https://github.com/ThisuraThejith/incubator-
> fineract/tree/develop-TOIF
> >> >
> >> > [1]. The change set it shown at here
> >> > <https://github.com/ThisuraThejith/incubator-fineract/pull/1> [2].
> >> Please
> >> > review this and let me know your ideas to improve the integration. As
> of
> >> > now I have done the following things.
> >> >
> >> >
> >> > -
> >> >
> >> > Added toif directory into fineract-provider which includes
> >> > - report (folder which includes the TOIF reports)
> >> > - housekeeping
> >> > - toifscan.py
> >> > -
> >> >
> >> > Added two TOIF adapters for Findbugs and JLint
> >> > -
> >> >
> >> > Added gradle task to manually run after gradle build. Later we can
> >> add
> >> > it as a task which will run automatically run after build.
> >> >
> >> > (Only 6 reports files for scanning two classes attached since there
> are
> >> > lot of files after scanning)
> >> >
> >> >
> >> > Going forward, we can do the following improvements.
> >> >
> >> >
> >> > * Move the reports in the report folder(mentioned above) into
> >> > build/reports/toif.
> >> >
> >> > * Run the gradle task "toif", at the end of the build.
> >> >
> >> >
> >> > Please let me know your ideas to improve the integration.
> >> >
> >> >
> >> >
> >> > [1] https://github.com/ThisuraThejith/incubator-fineract/tree/
> >> develop-TOIF
> >> > [2] https://github.com/ThisuraThejith/incubator-fineract/pull/1
> >> >
> >> > Thanks & Regards
> >> > --
> >> > T.T.C Philips (BSc.Eng (Undergrad))
> >> > Computer Science and Engineering,
> >> > Sri Lanka Institute of Information Technology(SLIIT)
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> >> --
> >> T.T.C Philips (BSc.Eng (Undergrad))
> >> Computer Science and Engineering,
> >> Sri Lanka Institute of Information Technology(SLIIT)
> >>
> >
> >
> >
> > --
> > *Ed Cable*
> > President/CEO, Mifos Initiative
> > edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
> > <(484)%20477-8649>
> >
> > *Collectively Creating a World of 3 Billion Maries | *http://mifos.org
> > <http://facebook.com/mifos> <http://www.twitter.com/mifos>
> >
> >
>
--
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)
Re: [Mifos-developer][Gsoc2017]Integrating TOIF static analysis with
Apache Fineract
Posted by Thisura Philips <tt...@gmail.com>.
Hi Mark,
I have sent the PR of integration of TOIF in to apache-fineract at
https://github.com/apache/fineract/pull/397/.
Please review it and let me know what to be updated.
Currently the task doesn't run after the build, due to time concerns. It
takes a bit of time to complete.
Any one interested can run the task by the command "./gradlew toif". This
will generate the reports in apache-fineract/build/reports/toif folder.
Please review the housekeeping.txt, which has the information about the
organization and let me know if any updates are needed.
Hope to integrate a mechanism to visualize these findings.
Thanks and regards
On Mon, Jul 24, 2017 at 9:07 AM, Thisura Philips <tt...@gmail.com>
wrote:
> Hi Mark,
>
> As I have mentioned, I have done the integration with apache-fineract. I
> have faced with the following problems.
> Please see the updated PR at https://github.com/ThisuraThejith/incubator-
> fineract/pull/2
>
> 1) The task takes more than half an hour at times to complete.
> 2) The result is a set of xml format files. We need to find out a way to
> show the results graphically. That will help the developers to identify the
> security vulnerabilities easily.
>
> Currently, I have integrated it as a gradle task. Since it takes a lot of
> time to complete, didn't include in the build task.
>
> It would be nice if we can discuss on the above improvements and start
> working on that.
>
> Thanks & Regards
>
> On Wed, May 17, 2017 at 10:54 PM, Mark Reynolds <ma...@bu.edu> wrote:
>
>> Thisura,
>>
>> Yes, we can move ahead with the plan.
>>
>>
>> On Mon, May 15, 2017 at 8:11 AM, Ed Cable <ed...@mifos.org> wrote:
>>
>> > Mark,
>> >
>> > Can you please review the previous email of Thisura's so he can proceed
>> > ahead.
>> >
>> > Ed
>> >
>> > On Sun, May 14, 2017 at 9:47 PM, Thisura Philips <tt...@gmail.com>
>> > wrote:
>> >
>> >> Hi all,
>> >>
>> >> Shall we move on with the above plan? Any suggestions from the
>> community
>> >> are highly appreciated.
>> >>
>> >>
>> >>
>> >>
>> >> On Wed, Apr 19, 2017 at 7:00 AM, Thisura Philips <ttcphilips@gmail.com
>> >
>> >> wrote:
>> >>
>> >> >
>> >> > Hi all,
>> >> >
>> >> > I have done a POC for the $ubject at github
>> >> > <https://github.com/ThisuraThejith/incubator-fineract/tree/
>> develop-TOIF
>> >> >
>> >> > [1]. The change set it shown at here
>> >> > <https://github.com/ThisuraThejith/incubator-fineract/pull/1> [2].
>> >> Please
>> >> > review this and let me know your ideas to improve the integration.
>> As of
>> >> > now I have done the following things.
>> >> >
>> >> >
>> >> > -
>> >> >
>> >> > Added toif directory into fineract-provider which includes
>> >> > - report (folder which includes the TOIF reports)
>> >> > - housekeeping
>> >> > - toifscan.py
>> >> > -
>> >> >
>> >> > Added two TOIF adapters for Findbugs and JLint
>> >> > -
>> >> >
>> >> > Added gradle task to manually run after gradle build. Later we can
>> >> add
>> >> > it as a task which will run automatically run after build.
>> >> >
>> >> > (Only 6 reports files for scanning two classes attached since there
>> are
>> >> > lot of files after scanning)
>> >> >
>> >> >
>> >> > Going forward, we can do the following improvements.
>> >> >
>> >> >
>> >> > * Move the reports in the report folder(mentioned above) into
>> >> > build/reports/toif.
>> >> >
>> >> > * Run the gradle task "toif", at the end of the build.
>> >> >
>> >> >
>> >> > Please let me know your ideas to improve the integration.
>> >> >
>> >> >
>> >> >
>> >> > [1] https://github.com/ThisuraThejith/incubator-fineract/tree/
>> >> develop-TOIF
>> >> > [2] https://github.com/ThisuraThejith/incubator-fineract/pull/1
>> >> >
>> >> > Thanks & Regards
>> >> > --
>> >> > T.T.C Philips (BSc.Eng (Undergrad))
>> >> > Computer Science and Engineering,
>> >> > Sri Lanka Institute of Information Technology(SLIIT)
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> T.T.C Philips (BSc.Eng (Undergrad))
>> >> Computer Science and Engineering,
>> >> Sri Lanka Institute of Information Technology(SLIIT)
>> >>
>> >
>> >
>> >
>> > --
>> > *Ed Cable*
>> > President/CEO, Mifos Initiative
>> > edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
>> > <(484)%20477-8649>
>> >
>> > *Collectively Creating a World of 3 Billion Maries | *http://mifos.org
>> > <http://facebook.com/mifos> <http://www.twitter.com/mifos>
>> >
>> >
>>
>
>
>
> --
> T.T.C Philips (BSc.Eng (Undergrad))
> Computer Science and Engineering,
> Sri Lanka Institute of Information Technology(SLIIT)
>
>
>
>
--
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)