GSoC: First week of oficial development

This post will be a simple report of the first official development week on GsoC program. Kiskadee is almost ready for the first release, missing only a documentation review, and a CI configuration with Jenkins. The next image shows the current architecture of Kiskadee [1]:

In this first release, Kiskadee already is able to monitor a Debian mirror, and the juliet [2] test suite. For this two targets, two plugins were implemented. We will talk briefly of each Kiskadee component.

Plugins

In order to monitor different targets, Kiskadee permits integrate plugins in it's architecture. Each plugin will tell Kiskadee how some target must be monitored, and how the source code of this target will be downloaded.

We have defined a common interface that a plugin must follow, you can check this on Kiskadee documentation [3] .

Monitor

The monitor component is the entity that controls which monitored packages needs to be analyzed. The responsibilities of the monitor are

  • Dequeue packages queued by plugins.
  • Check if some dequeued package needs to be analyzed.
    • A package will be analyzed if it does not exists in the database, or if it exists but have a new version.
    • Save new packages and new package versions in database.
  • Queue packages that will be analyzed by the Runner component.

We are using the default python implementation for queue, since the main purpose of this first release is to guarantee that Kiskadee can monitor different targets, and run the analysis.

Runner

The runner component is the entity that trigger the analysis on the packages queued by monitor. This trigger is made using docker. In this release we are calling the container directly, and running the static analyzer inside of it, passing the source code as a parameter. For now we only have support to Cppcheck tool. After we run the analysis, we parse the tool output using Firehose tool [4], and saving this parsed analysis on the database. We also updates the package status, informing that a analysis was made.

The next post will be a roadmap, to the next Kiskadee release.

[1]https://pagure.io/kiskadee
[2]https://samate.nist.gov/SRD/testsuite.php
[3]https://pagure.io/docs/kiskadee/
[4]https://github.com/fedora-static-analysis/firehose