GSoC’23 Project Proposal / Bug Logging Tool

Personal Details

Name - Harshit Seksaria
Email - harshitseksaria9@gmail.com
Mobile - +91 8955182473
Timezone - IST (GMT +0530)
Institute - Indian Institute of Technology, Guwahati
Degree - Bachelor of Technology in Computer Science and Engineering
Expected Year of Graduation - 2025
Slack - Harshit
GitHub - letsintegreat
LinkedIn - Harshit Seksaria | LinkedIn

About Me

Hey there, I am Harshit Seksaria. I am currently a sophomore at Indian Institute of Technology (IIT), Guwahati, pursuing a B.Tech in Computer Science & Engineering. I am an open-source enthusiast with a keen interest in development, specifically mobile development and sports programming.

I have always looked at the skill of development in a way that could create value for folk and drastically reduce manual work. This becomes evident in the projects I have worked on - (i) a portal for my college peers, to benchmark their academic performance and for self-assessment, which received more than 600 registrations, (ii) a discord bot for a competitive open-source event - Codepeak, which crawls the GitHub website to identify merged PRs and award points to the participants in a google spreadsheet. The impact of this bot was that it nullified the amount of manual work for mentors to maintain the spreadsheet after every contribution.

Skills

• Well versed in Android Development - Kotlin, Flutter, and Dart.
• Fluent in the following backends - Firebase, Django, and Appwrite.
• Experienced with using APIs.
• Proficient in version control with Git & GitHub including actions/workflows.
• Experienced with Python for various domains like web scraping, automation, etc.
• Decent working experience in Figma.
• Proficient in Database Management using SQL.
• Proficient in C / C++.

Open Source History

Being an open-source enthusiast, I have been following it, making regular contributions, and participating in various open-source events for a long time now. Following is the list of open-source events I have been a part of.

• Google Code In 2018 - Participated and contributed to different projects, and successfully completed 4 tasks during the event.
• Codepeak 2021 (Participant) - Codepeak is an annual month-long open source competition co-organized by IIT Guwahati and IIT Patna. Ranked 2nd among 2500+ participants.
• Hacktoberfest 2022 - Got 8 PRs merged in projects tagged with hacktoberfest during the month-long event.
• Codepeak 2022 (Mentor) - Mentored for a project in the event.

Statement of Motivation

What is your motivation for participating in Google Summer of Code?

I have always been intrigued by how open source can turn an idea into a working entity that is used by hundreds of thousands of people around the globe. I myself have grown up consuming different open-source softwares. Even as a developer, a significant portion of the tech stacks I use consists of open source services. I firmly believe that open source is not getting the recognition it deserves. By participating in GSoC, I want to further hone my understanding of open source and get a taste of how developing is done in a professional setting. Mentorship is also something that contributes to my motivation for GSoC, it would be great to learn right from someone who has been a part of this field for so long.

Why did you choose OWASP, and why this project idea?

During the orientation of the Coding Club of our college, they wanted to give us an introductory flavor of cybersecurity. For that purpose, OWASP Juice Shop was used to demonstrate SQL Injection. This is how I was exposed to OWASP. Since then, I have used different tools of OWASP while studying cybersecurity. If I can get a chance to contribute to OWASP, this is something I would not want to miss.

The reason for choosing BLT is simple - mobile development is my passion, and I am fluent in Flutter / Dart, which happens to be the stack of this project. I also have experience in working with Figma, and as this project requires some design work, it seems to be the best fit for me.

Related Experience

What kind of projects have you worked on in the past? What technologies did you use?

README file is maintained for each project. Refer to it for project description, screenshots/video demonstrations.

Dues: An android app to keep track of your dues with your friends. You can maintain a separate account book for each of your friends. Any change in amount would reflect in both the accounts, yours and your friend's. Tech Stack - Flutter, and Firebase. The UI is made on Figma by me!

Tagify: Tagify enables the user to create and manage groups with ease. It lets the user find the right set of people and communicate relevant information with them. Tech Stack - Flutter, and Firebase.

Ertope: A portal for college students to compare academic performance with peers. Institute email login and verification of email were implemented to prevent abuse. Tech Stack - Flutter, and Firebase.

Diary: A personal diary app for those who love documenting their lives. Diary is secured with the mobile's screen lock. Fingerprint and facial recognition are also functional. Tech Stack - Flutter, and Firebase.

Contributions on OWASP

Below is the list of contributions I have made to BLT.

Merged pull requests

1. Add a null check on profile pic #141
2. Remember me feature #145
3. Upgrade flutter in Build and Test workflow #147
4. Replace png with svg #149
5. Issue 152 onboarding #155
6. Fix an issue with header #160
7. Implement Stats API #162
8. Implemented Update profile picture feature #164
9. Start Bug Hunt button #168
10. Remember guest login #185
11. Performance optimization while reopening the app #192
12. Fix invalid score issue #195
13. [New Feature] Check for duplicate #206
14. Remove all instances of the last app name, changed to BLT #215
15. Add url check api for checking for duplicate #1097
16. Add fields to response to /api/v1/issues/ POST request #1103
17. Fix issue with reporting bug #235
18. Refactor start bug hunt to a new tab #238
19. Fixed a bunch of null errors #239
20. Update two images #243
21. Schedule job to run at 12AM daily #259
22. Add a page to change password #261
23. Prevent changing state if the widget has been disposed #268
24. Add receiving shared intent logic #269
25. Schedule job #1166
26. Add app screenshots #4
27. Added sentry to the project #274
28. Contributors API #1190
29. Added contributors list in about us page #284

Reported issues

1. "Null check operator used on a null value" when trying to open the profile page. #140
2. Add "Remember me" option while logging in #142
3. Use SVG assets instead of PNG #148
4. Distorted image in IssuesPage #150
5. Add Onboarding Screens #152
6. Change profile picture #156
7. Issues are not showing #157
8. Null check operator used on a null value #159
9. Save the state of guest login #177
10. Performance issue while reopening the app as a logged in user. #191
11. Incorrect score on profile page. #194
12. Create an API for current statistics #1007
13. Bug: Link is not clickable after finding a duplicate issue #1095
14. API for domain_check #1096
15. Bug: response of a successful POST request on /api/v1/issues/ doesn't have screenshots field. #1102
16. Why is start bug hunt buried in the report tab? #236
17. Add a page to change the password. #260
18. setState() called after dispose() #267
19. Tagging issues like GitHub #276
20. Contributors Page #279
21. Design issues in Category field #283
22. Contributors data API #1189

Project Details

Overview

My focus in the project is going to be the flutter app for BLT. The app lags behind the website by a huge margin. There’s only a little part of the backend that we can access with the app right now, whereas the website is filled with information. There are only a few ways users can interact with the app. The goal is to deliver an app that covers almost every piece of information stored in the backend so that there is no need to use the website on a mobile device. I am proposing a duration of 350 hours for the following changes.

Implementation

Let us now break down everything that will be delivered by the end

1. Fix the screen for company details.
2. Redesign the issue page in order to show every piece of information we have regarding the issue.
3. Ability to surf profiles of other users.
4. Redesign the profile page in order to show every piece of information we have regarding the user.
5. Use deep linking in order to open specific web URLs right into the app.
6. Fix the report bug feature and add anonymous reporting.
7. Dark theme!
8. Cache network images locally.
9. Integrate Firebase and fcm-django to enable notifications in the flutter app.
10. Company side screens and integration with the backend.

1. Fix the screen for company details

We have a screen for company details (company_details.dart). The open and closed issues list are not functioning, and an error message is hard coded -

Update GET /api/v1/domain/{id}

The current response does not include the list of open and closed issues for the requested domain. I will overwrite the retrieve method of Domain viewset, to generate that list along with the other fields sent as a response in scoreboard.

Update company_details.dart

Once the API is ready, I will update the CompanyDetailPage class to take a domain id as a parameter and will implement a FutureBuilder to fetch the data from the newly created API, and as a result, I will fix the open and closed issues list. This change will be helpful when we integrate deep linking in step 5.

2. Redesign the issue page in order to show every piece of information we have regarding the issue

Right now the issue page doesn’t have much to offer. Information to include in the redesign which is not yet implemented -

• URL
• Number of views
• Bug type
• Domain
• Reporter
• Option to close the issue if user is the owner
• Option to see and add comments
• Option to bookmark the issue

Update GET /api/v1/issues/{id}

The following changes need to be made -

• domain and user fields just have the id, instead, I will return the entire domain and user model in those fields so that information about them can be shown right on the issues page.
• New field - comments - I will filter all the objects of the Comment model to create a list of comments an issue has. On the generated list, I will add another filter to include only those comments which are not replies. This list will be shown on the issues detail page. Apart from this, for every comment in the final list, I will add another bool field hasChildren.

Create GET /api/v1/replies/{id}

If a comment has hasChildren field true, we can pass its id to this api to get its immediate replies.

Create POST /api/v1/issue/save/{id}

To save (bookmark) an issue. And toggle if already bookmarked.

Create POST /api/v1/issue/close/{id}

To mark an issue as closed, accessible only to the owner of the issue.

Create comment_replies.dart

This screen will take a comment id, and will populate its immediate replies using /api/v1/replies/{id}, each reply can have its own reply, for each the same screen will be used recursively.

Update issue_detail.dart

This page will take an issue ID, instead of Issue model, and with the help of freshly made APIs, update the issue details page to show everything we have -

• Fetched Issue URL, number of views and bug type will be added directly to the UI
• For domain, we will show a card showing some information about the domain, it will be clickable to redirect the user to company details page, made in step 1.
• Add a button to add / remove the issue from saved list.
• If the reporter is the current user, show an option to close this issue. Clicking this will send a POST request to the API just created.
• At the very end of the page, a list of comments will be shown. For each comment, if its hasChildren field is true, a button to see its replies will be rendered. Clicking on that button will redirect to comment_replies.dart.
• For reporter, if the issue was not reported anonymously, we will have another card, showing some stats about the user, again it will be clickable to redirect to profile page of that user, which brings me to my next step.

3. Ability to surf profiles of other users

As mentioned, right now user can only see their own profile. With this point, I aim to generalize the profile page to allow details of other users to be populated.

Update GET /api/v1/profile/{id}

Right now this request only works if the user is requesting their own profile details. I will update this request to allow data to be fetched for others’ profiles as well. However the POST / PUT counterpart of this endpoint shall retain the restriction.

4. Redesign the profile page in order to show every piece of information we have regarding the user

Just like the issue page, the profile page also shows limited information. The following changes will be made to show all the data neatly.

Update GET /api/v1/profile/{id}

One more field will be added to list all the issues opened by the requested user. Another field having the list of users following the requested user.

Create POST /api/v1/profile/follow/{id}

This will be used to follow a profile, and toggle if already followed.

Update profile.dart

I will update this page to take a user ID, instead of user model, and fetch the details from /api/v1/profile/{id}. The following additionals will be made to the profile page -

• List of opened issues - another list will be shown consisting of issues opened by the user
• List of following - currently only the count of following is shown in the page, a list of the users will be shown, each of which will be clickable to open a new page with its details.
• List of followers - List of followers will be shown.
• Option to follow/unfollow - If the requested profile is not of the user, an option to follow/unfollow will be shown.

5. Use deep linking in order to open specific web URLs right into the app

Once we have all the above-mentioned information right in the app, I am going to use deep linking to open links like

• https://www.owasp.org/BLT/profile/letsintegreat/
• https://www.owasp.org/BLT/issue/2087/
• https://www.owasp.org/BLT/domain/bugheist.com/

in the app to show the requested information. If the user was logged in, they will also be able to interact with the pages, e.g. like a bug, follow a user. These links will also be launched in the app for non-logged-in users, but they won’t be able to interact until they log in. This feature will drastically improve UX for mobile users!

6. Fix the report bug feature and add anonymous reporting

Right now the report bug is broken in the mobile app. I aim to fix it and add an option for anonymous reporting. When the user is not logged in, the bug will automatically be reported anonymously.

Update report_bug.dart

When the user is logged in, a checkbox will be shown to opt to report the bug anonymously, in that case, an anonymous user will be passed to the API.

7. Dark theme!

Isn’t this the most desired feature of any app?! Design the dark theme color scheme for the app, and implement a theme manager. Add an option to switch between themes, and store the last selected theme locally.

Create theme_provider.dart

This will store ThemeData for light and dark modes, and also the ThemeMode. We will add these themes right to the MaterialApp.

Update all files

I need to remove every instance of hardcoded color, and replace it with a variable, so that themes can be added out of the box.

8. Cache network images locally

On every reload of the app, almost all the previously shown images are supposed to be rendered again. It takes a lot of time to load all the resources. We can cache these resources locally and re use them. Load time will drop significantly and UX will be improved.

Use cached_network_image package

cached_network_image is an amazing package to our aid!

9. Integrate Firebase and fcm-django to enable notifications in the flutter app

Using Firebase cloud messaging, add logic to receive notifications in the flutter app.

• Connect the flutter app with firebase, to uniquely identify each device by means of FCM Device ID.
• Connect the backend with firebase and implement fcm-django, create routes for client devices to register/deregister themselves.
• Create a new settings page on figma, and implement it in Flutter. The page will contain the following settings -
  • Change password
  • Change profile (STC)
  • Toggle theme
  • Notification preferences
    • New bugs posted
    • New bug hunts
    • Comments (comments on issues posted by you or replies on comments posted by you)
    • Likes on your issues
    • List of domains subscribed
• On the domain page, add a button to subscribe to its bugs, and add the logic on frontend and backend.
• Add logic for sending notifications for new bugs, new bug hunts, comments, and likes to respective users in the backend.

10. Company side screens and integration with the backend.

I aim to pave the way for future contributions to create a company side of the app. I am proposing the following designs for the company side and integrations to the backend in order to lay the foundation -

Create company_home.dart, company_bugs.dart, and company_leaderboard.dart

During my course of action, I would refine these designs on figma as per the suggestions by the mentors, and then implement them on flutter.

Integration with backend

Only the following integrations with the backend are part of my proposal -

• List of admins.
• Button to add a new admin to the company.
• Bug type tally (Bar chart)
• List of open bugs
• List of closed bugs
• Entire leaderboard page

APIs to be created in the backend

• Returns the list of users having admin privileges in requestee’s company
• Grants the given user admin privileges in requestee’s company
• Returns the list of open bugs across all the domains in the company
• Returns the list of closed bugs across all the domains in the company
• Returns the list of top bug hunters across all the domains in the company

Timeline

Pre GSoC Period
Before May 4	Learn more about deep linking. Go through the backend and get familiar with it. Try to implement deep linking in a dummy project. Ask questions
Community Bonding Period
May 4 - May 28	Interact with mentors and community members. Take feedback on figma designs and make changes.
Coding Period
May 29 - June 1	Fix the screen for company details.
June 2 - June 15	Redesign the issue page in order to show every piece of information we have regarding the issue.
June 16 - June 17	Ability to surf profiles of other users.
June 18 - June 24	Redesign the profile page in order to show every piece of information we have regarding the user.
June 25 - June 30	Use deep linking in order to open specific web URLs right into the app.
July 1 - July 5	Fix the report bug feature and add anonymous reporting.
July 5 - July 13	Buffer week to complete any task left for midterm evaluation. Start working on dark theme designs
Evaluation Phase 1
July 14 - July 17	Dark theme!
July 18 - July 20	Cache network images locally.
July 21 - July 31	Integrate Firebase and fcm-django to enable notifications in the flutter app.
Aug 1 - Aug 13	Company side screens and integration with the backend.
Aug 14 - Aug 21	Buffer week to complete any task left for final evaluation.

Deliverables

Mid-term Deliverables

• Domain/Company page with functioning open and closed issues lists.
• A redesigned issues page with every piece of information that we have.
• Surf others’ profiles in the app.
• A redesigned profile page with every piece of information that we have.
• Configure and set up the app to open BLT web links right into the flutter app.
• Report bugs anonymously.

End-term Deliverables

• Dark theme!
• Improved performance by caching network images locally.
• Receive notifications for multiple channels in the flutter app.
• Company side designs implemented in flutter, and integration with the backend.

Availability

I will be available for approximately 30 hours per week in the month of May, June, and July because of my semester break. Starting around 25th July, I will be able to do little work for 1-2 weeks because of my intern season tests and interviews. Post that I will again be available.

Why me?

As I have already worked on a number of improvements for the BLT flutter app, I already know these waters well and it won’t be difficult for me to get familiar with the rest of the codebase. I have also worked on various flutter projects to gain enough experience to tackle any bottleneck I might face during the project. I also have amazing googling skills, which is undoubtedly the best weapon one can have in a battle of development. I am always ready to learn new tech if the need so be.

After GSoC

Being an open source enthusiast, completion of GSoC is not going to stop me from contributing code to open source for the greater cause. In the span of three months, I will get to know the BLT project inside out and I would love to collaborate with others in ideating, and bringing new features to life. I would also love to guide newcomers in this field who might stumble upon this project to help them ease their journey of open source.

References

• https://github.com/OWASP/BLT-Flutter
• https://github.com/OWASP/BLT/
• Figma Designs
• https://owasp.org/www-community/initiatives/gsoc/gsoc2023ideas
• https://owasp.org/www-community/initiatives/gsoc/gsoc_sat
• https://owasp.org/www-project-bug-logging-tool/