gsoc: project: shouldi meta static analysis tool #365
Description
DFFML is hoping to participate in Google Summer of Code (GSoC) under the Python Software Foundation umbrella. You can read all about what this means at http://python-gsoc.org/. This issue, and any others tagged gsoc and project are not general bugs, but project ideas which one could choose to write a proposal for. Issue tagged as gsoc and project can also be used as an example for what the scope of an idea for a project proposal might look like.
Project Idea: shouldi Meta Static Analysis Tool
Project description:
We have a tool called shouldi. The goal here is to make shouldi into a better meta static analysis tool that can handle multiple languages (right now it just analyses Python). The end result will be a generic tool that we can point at any codebase which gives us a report back on what static analysis tools for the language of that codebase think about it.
Skills: Python, git
Difficulty level: Intermediate
Related Readings/Links:
Potential mentors: @pdxjohnny, @yashlamba
Getting Started:
You'll want to go through the shouldi tutorial and then start writing operations that run static analysis tools for various languages. Then you'll want to do #364. Check the project board for more issues.
What we want to see in your application:
Describe how you intend to solve the problem, and give us some "stretch goals", maybe
you'd want to attempt to get this working with C projects. Don't forget to include some time for building appropriate tests. Identify what static analysers you'll use, and explain how you'll aggregate and present their output in a useful format. The goal is to inform the user as to if there are potential security risks to the software they want to use.