pear:gsoc:2009

This is an old revision of the document!


Ideas for the Google Summer of Code 2009

Here you'll find a couple of ideas for Google Summer of Code 2009 projects.

Before you submit your proposal, you are encouraged to contact the possible mentors for the project you are applying. If the project hasn't any mentor assigned or if you are submitting an off-list project, please contact one of our mailing lists to discuss the proposal before submitting it -- PEAR-DEV.

Please make sure you read the PEAR Coding Standards when applying.

Your proposal should match our Ideas Template, if you are a student and submitting an idea of your own then you should also include:

  • Name and e-mail
  • Availability: How many hours per week can you spend working on this? What other obligations do you have this summer?
  • Bio: Who are you? What makes you the best person to work on this project? What is your experience with PHP and technologies required for this project ?

PHP_CodeSniffer XSS and SQL security analyzer

Possible mentor: David Coallier

Implement a Cross Side Scripting and SQL Injection security analyzer to find security threats in your “sniffed” code. This being a driver (extension) of PEAR::PHP_CodeSniffer. This tool will generate reports about the threat level, list all the files/lines and variables that are affected and propose solutions to the variable. It will be very helpful to any PHP Developer and will be thoroughly used in the Q&A of PEAR and PEAR2 in general (Commercial tools and outdated tools already exist that serve the same purpose and what this tool would do is bring a new and more advanced aspect to security -- Chorizo, securityscanner, etc)

Deliverables

Midterm

At midterm we are expecting the security scanner to be able to identify cross site scripting and sql injection vulnerabilities. The results should be as accurate as existing solutions if not better.

Final

For the final review we'd expect the reporting functions to be fully reporting all security vulnerabilities by type and a trace of the problem ($x = $_GET['x']; function getName($a) { echo $a; } getName($x);) should trace that the vulnerability has happened because the output was not escaped properly or the input hasn't been filtered).

Replace PEAR's Spreadsheet_Writer_Excel

Possible mentors: Daniel O'Connor

http://pear.php.net/package/Spreadsheet_Excel_Writer is a popular, widely used PEAR package. It is a port of the Perl version. It has 0 test coverage, and is out of sync with the Perl version. It attracts the highest number of bugs.

Either:

  • Investigate re-writing this package from the ground up, with wide test coverage.
  • Investigate alternative spreadsheet authoring classes for suitability of being in PEAR (and reach out to the authors to bring it into the fold)
  • Investigate and document a plan to port over bug fixes and patches.

Base Package for Amazon Web Services and package for Amazon EC2

Possible mentor: Michael Gauthier

Implement a common base class for the Amazon Web Services API. Update the Services_Amazon_S3 and Services_Amazon_SQS packages to depend on the base class. Implement a new package Services_Amazon_EC2 that covers the Amazon EC2 API. These packages will make development of cloud-computing applications easier for PHP.

Deliverables

Midterm

At midterm, the base package should be implemented and ready as a PEAR proposal. Patches to update the existing Amazon SQS and S3 packages should be ready.

Final

For the final review, the base package should be accepted in PEAR. The EC2 package should be fully implemented and should cover all the functionality of the EC2 API. A PEAR proposal Services_Amazon_EC2 should be ready to propose.

Google APIs package

Possible mentor: David Coallier

With the new APIs being developed by Google, we need to have updated packages to make use of the performant API from the ability to draw maps to the ability to do ajax searches, get feeds, draw graphs using the visualization API, etc.

See http://code.google.com/apis/ajax/

Deliverables

Midterm

At midterm the student is expected to have tests for each component of the APIs and be advanced in the end user documentation using the PHD documentation tool

Final

The student should be done with the base class and the API child classes for Maps, Ajax Search, Ajax Feed, Visualization API, Language API and Libraries APIs. Each classes should be fully tested and documented and working.

pear/gsoc/2009.1236693805.txt.gz · Last modified: 2017/09/22 13:28 (external edit)