Nedílnou součástí moderních metod vývoje softwaru je princip Continuous Integration, kdy je cílem co nejdůkladněji otestovat změny v softwaru co nejdříve. Ne vždy je ale z časových nebo finančních důvodů pouštět kompletní testovací sadu u každého pull requestu, zejména pokud je projekt rozsáhlý, nebo pokud jsou testy časově náročné. Smyslem této práce je vývoj algoritmu, který bude vyhodnocovat změny v projektu mezi jednotlivými revizemi na základě změn ve zdrojovém kódu, a jeho uplatnění při pouštění testů. Analýza změn provedených např. v rámci pull requestu může u projektů, které obsahují velké množství časově náročných testů, odfiltrovat nepotřebné testy a zajistit tak, […]
October 10, 2019
PCS is a configuration tool for High-availability clusters with a client-server architecture written (mostly) in Python. It is required to add a feature of asynchronous execution of tasks. To do so, mechanism for executing and managing synchronous tasks in asynchronous manner is required. Also, this mechanism should be possible to integrate to an existing HTTP server (which is using tornado, asynchronous programming).
October 9, 2019
Assistive Technology Service Provider Interface (AT-SPI) is a platform-neutral framework for providing bi-directional communication between assistive technologies (AT) and applications. It is the de facto standard for providing accessibility to free and open desktops, like GNU/Linux or OpenBSD, led by the GNOME Project. Besides of providing unified access for screen readers and other tools for visually impaired, illiterate, or having learning disability (e.g. text-to-speech systems, sound icons and Braille devices) AT-SPI can be used also for testing purposes.
October 8, 2019
SSSD is a system daemon written in C language that provides identity, authorization and authentication services for users stored in remote databases. It can connect to various kinds of LDAP servers through modules called data providers. SSSD is currently able to fetch data from pure LDAP but also from FreeIPA and Active Directory. We would like to explore Azure AD and write a new data provider that would communicate with it.
September 30, 2019
SSSD is a system daemon written in C language that provides identity, authorization and authentication services for users stored in remote databases. It leverages unit test in C and integration tests in Python to ensure code quality. We would like to improve code coverage in several areas of the code and also enhance our internal testing frameworks.
SSSD is a system daemon written in C language that provides identity, authorization and authentication services for users stored in remote databases. It consists of multiple processes that communicate with each other via D-Bus protocol. Each process runs its own D-Bus server, so called message bus, at this moment. We would like to switch to a schema when only one message bus is running and routes messages to other processes that would connect to it as clients. However, before implementing this change in upstream, we need to be sure that there will be no performance impact on SSSD from additional […]
The goal of the project is to fill the gap in testing of the source repository of the Relax-and-Recover disaster recovery tool by automating the recovery process and deploying a Continuous Integration (CI) setup that will automatically test all the proposed changes to the source repository.
September 26, 2019
Research VRP problems and do benchmarking on public data-sets for quick comparison between chosen open source engines.
November 2, 2018
Jenkins has a queuing mechanism to checkout jobs and a mechanism for cancelling builds in queue. Sometimes there is a need to move a job in a queue up or down. Jenkins already has many mechanisms for prioritizing jobs, but not individual builds. Also, all currently existing solutions, however very flexible and sophisticated, are more heavy-weight than necessary. The student should research and hack how Jenkins queue is working, and enable two simple arrows UP+DOWN (for moving in queue) to currently existing X (remove from queue). The result should be a working Jenkins plugin, ensuring that short jobs can overtake frozen queue during […]
October 3, 2018
Most cryptographic libraries support running in Federal Information Processing Standard (FIPS) 140-2 mode. For cryptographic operations to be FIPS 140 compliant, only certain algorithms and key sizes can be used. For example, use of RSA keys 1536 bit long is not allowed. Some libraries require the application using it to know about those limitations and not initiate them in FIPS mode while others will refuse to perform operations with FIPS 140-non-compliant cryptographic primitives. The goal of the work is to learn the NIST FIPS140-2 requirements for applications, and check and compare the behavior of different libraries when operating under FIPS […]
The new Transport Layer Security (TLS) version, 1.3, changed the way old features should be handled and added new features to the ones that can be implemented by libraries. The goal of the work is to study cryptographic features used in the real world and to implement some selected features in the GnuTLS library.
Google is providing infrastructure for continuously running fuzzing tests against open source libraries called OSS-Fuzz. The goal is to design and implement a test harness for testing the Datagram Transport Layer Security (DTLS) server and client from GnuTLS so that it can be tested using OSS-Fuzz.
Current libraries that implement Transport Layer Security (TLS) need to implement multiple versions of the protocol, many separate features (sometimes dozens) and support multiple configurations. This complexity means that it is very hard to manually create tests that provide high degree of test coverage (especially if the interactions between features are unexpected). The tlsfuzzer project addresses this problem, by testing several features, corner cases and lesser used features of TLS implementations. There are however, some features missing.
There are various application libraries implementing the Transport Layer Security (TLS) protocol. Implementations like GnuTLS, NSS, OpenSSL, Go and Java perform only limited amount of interoperability testing, usually with just one or two other libraries. The goal of the thesis is to create the necessary test harnesses for the Go and Java implementations, designing a test suite between them and the other three implementations, and making it possible to run those tests automatically (in Continuous Integration environment).
September 20, 2018
Transport Layer Security (TLS) version 1.3 brought support for Rivest–Shamir–Adleman Signature Scheme with Appendix – Probabilistic Signature Scheme (RSASSA-PSS) algorithm. Support for this algorithm requires support for new key type and new signature type (in X.509 certificates). Specification of the signatures and limitations of the keys themselves is much more complex than any other algorithm (like the RSA signatures specified in the Public-Key Cryptography Standard (PKCS) #1 version 1.5 or the Elliptic Curve Digital Signatures (ECDSA)), with every signature including 4 variables and the public key that made the signature can have additional 4 variables specifying the key limitations.
Many of the features and ciphersuites in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) servers are not considered secure and safe to enable. To verify that they are not supported by a server, it is necessary to be able to advertise them in the first message send by the client in the TLS handshake – the Client Hello. The cipherscan tool, does just that in order to discover the supported ciphersuites in a server. As a back-end it uses the openssl application. Unfortunately, as OpenSSL project is deprecating insecure old features it is also adding new features, causing […]
Currently, there is no efficient way how to get notified about customer cases in Quality Engineering department. Quality Engineers would be interested in how the product is used in real life, to be able to adjust testing scenarios accordingly and provide better services for end customers. Employees have to go manually through the list of reported cases and find what they need. In order to make their work easier, it would be useful to implement a web-based application that would send reports with information about cases to subscribed users according to certain criteria. This way, they would get fresh information […]
September 6, 2018
Jenkins has a queuing mechanism to checkout jobs before execution and shutdown mode when queue is frozen and system just waits for all jobs to be finished. When the queue is full of short jobs and the last running job is very long job, this becomes very inefficient. The student should research and hack how Jenkins is estimating time of individual jobs, how the queue is organized, how the shutdown mode works. The result should be a working Jenkins plugin, ensuring that short jobs can overtake frozen queue during the shutdown time of long running tasks, and deployed on https://plugins.jenkins.io/ If done together with https://research.redhat.com/diplomas/jenkins-queue-overrunning/ […]
The side-effects of virtualization to benchmarks are long time known. However virtualization technologies are advancing, and their footprint is smaller and smaller. In this thesis, student should investigate how individual virtualization technologies: full (kvm, vbox, oVirt) or shared kernel (Docker, chroot, mock) or nested and mixed, are affecting performance and stability of various Java benchmark types – CPU, time, network, bytecode, IO. Support for virtualization is seen also in JDK itself, so more then one Java can come to play. We will provide Student with banchmarks, pros and cons of thirs setup, VMs and images and other virtualization know-how, hardware, and […]
ManageIQ is an open-source management platform that delivers insight, control, and automation functionality allowing enterprises to manage hybrid IT environments. The ManageIQ application collects information about various entities such as Virtual Machines, Hosts, Containers, etc., with numerous attributes and relationships.
May 2, 2018
(draft to be updated after meeting with student) Design a configurable GUI application for the GNU Debugger The aim is not to replace IDE functionality, but to allow users use the GUI for specific things, like tracing, use watchpoint connected to configurable graphs etc.