This is a GSOC Project Proposal For the Idea: Improving static analysis tools for MediaWiki

Profile Information

Name: Arindam Padhy

Email: arindamadri1995@gmail.com

irc nick: d3m3nt3r

Location: India

Time Zone: UTC+5:30

Typical working hours: 9PM to 3AM before 23rd April, 3PM to 6PM after 23rd April (Indian Standard Time)

Synopsis:
We currently have a phpcs standard, except it isn't widely used aside from a few extensions. It's been running against core for over a year now, but still isn't voting.

At the same time, we can make phpcs more useful by adding more MediaWiki-specific sniffs. Some quick ideas I had seen on the phabricator:

Usage of $dbr->query() directly instead of the $dbr->select() wrapper
Using wfMessage() when $this->msg() is usable
Using globals ($wgUser, $wgRequest) when their context equivalents could be used instead ($this->getUser(), $this->getRequest())
Modifying certain globals ($wgUser, $wgResourceModules, etc) inside a $wgExtensionFunction where it is either too early or late to do so

I will make phpcs more useful by adding a number of MediaWiki-specific sniffs.

Possible Mentors:

1. Legoktm
2. Addshore

Solution:
My project will completely focus on making the possible changes to the static analysis tools.Throughout the project I would require a lot of help from my mentors so that i could finish the project in the best possible manner. I will deal with making changes to functions,server variables, variables,sessions etc.

Timeline:

Before 27th april: Request to mediawiki people for a gerrit repository for the extension. Setting up of basic design of the solution

27th April to 25th May: Interaction with the community members , discussing about present problems if being faced by the members in the phpcs standard.

25th May: Official Coding Begins for GSOC

25th May to 1st June: Deciding what changes are to be made and how to be made.

1st June to 25th June : Coding for the standard begins.

26th June to 29th June : Work on the code to check for various errors and making other changes.

30th June to 31st June : Cleaning up of code and Finalizing minute details before test run

1st July to 5th July : Testing up the standard on different browsers if the updated standard is working on different browsers or not.

6th July to 13th July: Review by mentor and other media wiki members for making any changes if required to the code snippet and adding anything leftout.

13th July to 15th July : Changes made to the code snippet if any required after the implementation

16th July to 19th July: Testing and Removing of any further bugs if found

20th July : Improving Documentation and finalizing Code

Participation:
The project is basically designed to make changes to the phpcs standard and add more mediawiki specific sniffs.changes which could be thought of are :
1.Making changes in sql tables through php
2.Php sessions
2.Shortening of Web requests to a single variable
3.Introduction of More Functions for detection or comparison Parts in the program

Following and a few other topics will be focused upon.I will be building the standard in such a way that the size of the main functions becomes a slow as possible.
Now coming to each part one by one , the first part which deals with the server variables.I will design functions that will process queries or changes on multiple tables directly through the php script without even using sql.

Secondly, PHP sessions is an important field to concentrate on .Whenever user wants sessions he has to start a session but for even closing a session he has to start a session.I will make the changes so that the user doesn't have to specifically start the session while using sessions.

The next two parts mainly deals with the aim of this project. This will be achieved by usage of more functions for even small purposes so that time complexity becomes less.Changes can be like testing whether it is a php file or not then allowing it to pass further.Showing possible errors while writing the code and which are not possible showing them afterwards .In short improving the error reporting system and making it more user friendly.Setting up of cookie will be made simpler a when ever the user wants to set up a cookie he just needs to use $wgcookie. Avoiding Sql injection by running of simpler commands. These along with many other ideas will be implemented in my project.During the entire course of time I will require support from both my mentors and even from the wiki media members.

Source Code
Source code will be pushed on a gerrit repository as soon as I get one

About Me

I'm Arindam Padhy second year undergraduate student of Computer Science branch at INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY (IIIT) ,BHUBANESWAR , INDIA
My major interest is in web languages(php,javascript,html).
I have done a few networking projects by using php.
I have a huge interest in dealing with malicious things like malware,viruses,spams and my major interest is always in network security.I had already taken training under Hewlett-Packard officials last
summer on Network Management and Security after which i was certified by them.
Apart from this I have been involved in making websites secure by dealing with all the possible security issues.
I have designed Websites for my school,college festivals.

How did you hear about the program?
I heard about GSOC from my friends.

Will you have any other time commitments, such as school work, another job, planned vacation, etc., during the duration of the program?

By 23rd april my 2nd year final examination will begin an it will last till 10th may.During that time I have to be focused on my exam.After that my summer vacations will begin and i have 3months summer
vacation ending at august.As soon as my summer vacation begins i will be able to give full commitment to my project and i assure you to follow my timeline strictly without any deliberate delays.

We advise all candidates eligible to Google Summer of Code and FOSS Outreach Program for Women to apply for both programs. Are you planning to apply to both programs and, if so, with what
organization(s)?

No, I would only like to apply for GSOC 2015.

What does making this project happen mean to you?

This is my first experience as a gsoc participant and i would try to contribute to my fullest as this project is requiring one of my favourite languages =.

How would you like to contribute to mediawiki after GSOC 2015?

Even after the end of GSOC 2015 I would like to contribute to media wiki in all possible manners that I will be useful for,making further changes to the security related issues,improving this standard more and more by applying new changes furthermore if required.

Past Experience

This would be my first experience with media wiki, but i had a few previous experiences with phpmyadmin where i had tried on the project for user interface development.I had already begun my work on
that but unfortunately I was not selected.

But still I finished my work and implemented the patch on my machine.Basically it was a work on server variables.

As i had already mentioned my major interest is security and malware testing.In coming future I will be trying to a certificate for doing a project by CISCO.

I have started using mediawiki since last year and have been planning to work on this project since then.

Projects that I have worked on:
1.Security issues on Linux systems
2.Worked on the security of the open source academic information system of my college know as hibiscus[1]
3.Malware Testing

[[ URL | [1]=https://hib.iiit-bh.ac.in/Hibiscus/Login/?client=iiit ]]