June 9 2023 Weekly Check-In

Owned by Ed Cable
Last updated: Jun 23, 2023
5 min read

Date

Jun 9, 2023

Attendees

 

  • Yash Sancheti

  • Abhinav Sinha

  • Abhishek Gururani

  • Aditya Gupta

  • Radha Thakare

  • Kerlyn

Recording

https://us02web.zoom.us/rec/share/3C16OwqKio5NpPV2PB1AP7ivpxsPn-uZGxkt7OkcC3qtg2BgT5FzaIGVK5LMNoK8.eL6kg5IbYzO10Uzc?pwd=QyMaEB0OrI31UaOp5_qvUWwJMZTGL4RD



Discussion items

Time







Time







45 minutes

updates & blockers





Introductions

Check-Ins

For each student please create a new Level 2 entry and enter the following. 

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

Google Summer of Code

Radha Thakare

  • What did you accomplish this past week?

I have worked on transcription of scripts for internationalization also I have gone through Modular UI components links.

  • What will you do this upcoming week?

I will complete transcription scripts and will start work on modularity of components.

  • What obstacles are impeding your progress?

Nothing

  • Would you like help from some mentor for this task? 

Yeah, will ask when required.

Pushpendra Kumar

  • What did you accomplish this past week?

    • I changed the RestAPIs Services of Product and Organization Modules with autogenerated Typescript.

  • What will you do this upcoming week?

    • I will complete the account transfers, accounting, and centers.

  • What obstacles are impeding your progress?

    • I wanted to start making PRs, but I don’t know where I need to make PR.

  • Would you like help from some mentor for this task? 

    • Yeah sure, it will be helpful.

Pratyush Singh

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

Abhishek Gururani

  • What did you accomplish this past week?

    • Finished migration of Mifos-Mobile from ButterKnife to ViewBinding.

    • Reviewed and updated existing migration PRs.

    • Did meet with fellow contributor regarding the next task : Migrating the API layer from Self-Service Fineract to OpenBanking APIs.

    • What blocker -

    • Question from Victor - undrestand how working on the back-end. - waht working on back-end etc.

    • Ed: set up call with Victor

  • What will you do this upcoming week?

    • Will work on documenting the entire migration procedure in GitHub Pages.

    • Will look forward to getting started with migrating the API layer from Self-Service Fineract APIs to OpenBanking APIs.

  • What obstacles are impeding your progress?

    • To better get started with migrating the API layer we first need to understand how the current back-end is working.

    • My research on OpenBanking APIs suggest that only 30 percent of Self-Service Fineract APIs have relevant OpenBanking APIs, which means only 30% of the layer could possibly be changed.

  • Would you like help from some mentor for this task? 

    • Yes, it’ll be great.

Meghna Bajoria

  • What did you accomplish this past week?

    • Blocker trying to get chatbot to run from previous developer - update from Raza 2 to Raza 3 - reached out to Aleks - wasn’t in working state from previous GSOC developer -

    • Discussion on Monday to start projects from scratch - what framework will decide upon.

  • What will you do this upcoming week?

    • Will be deciding next steps after the meeting.

  • What obstacles are impeding your progress?

    • The project looks broken after the changes made by the previous contributor.

  • Would you like help from some mentor for this task? 

    • Yes-meeting has been scheduled

Yash Sancheti

  • What did you accomplish this past week?

    • Phase 1: Troubleshooting

      During this phase, I dedicated my time to resolving a few bugs that were preventing a successful build of my Fineract project. By careful debugging and analysis, I managed to identify and correct these errors.

    • Phase 2: Research and Learning

      I focused on learning, specifically focusing on Insecure Direct Object References (IDOR). I read some writeups on it that helped me.

    • Phase 3: Meet with Mentor

      This was a regular weekly meeting with my mentor that happens on Tuesday. We discussed about the project and the work done till now. He gave me some tips as well which I have noted. I have given him access to my notion workspace so he can track my progress and work.

    • Phase 4: Testing for Security Issues

      During this phase, I started with testing for authentication issues in the application. I found a high severity vulnerability as well and next week I will try to escalate it further and if I can chain it to other bugs.

    • Phase 5: Further Testing and Identification of Vulnerabilities

      I started testing for Broken Access Control and Cross-Site Scripting (XSS) vulnerabilities.

    • Phase 6: Escalation and Remediation of Vulnerability

      I was working on remediation of a vulnerability that I found earlier. But I failed to load the build war file as it gave me 404 error. I will try it again and fix this issue.

    • Phase 7: Utilizing AI for Analysis

      I used a a very cool burp suite extension that leverages the power of AI to detect security vulnerabilities. It sends web traffic to an OpenAI model. It gave me 300+ insights and I will manually analyze them this weekend. I will also get to know if AI can really automate a security job.

  • What will you do this upcoming week?

    • I will work on Phase 6, Phase 5, Phase 4 and test for OWASP top 20.

  • What obstacles are impeding your progress?

    • none

  • Would you like help from some mentor for this task? 

    • nope

Kerlyn

  • What did you accomplish this past week?

    • Wrap up Phase 1 of the project which involved analyzing the DAST reports (the DAST tools I used were OWASP Zap and Wapiti).

    • For Phase 2 of the project which involves manual pentesting Mifos X, I began with performing authentication and authorization testing on my test environment.

    • I discovered two medium vulnerabilities, one related to authentication and another related to authorization.

    • Had a session with my Mentor and he suggested I document my work online so he can review them every week. He also gave other tips on the direction in which the project should move towards.

    • Setup notion and began the documentation of work done till now.

    •  

  • What will you do this upcoming week?

    • Complete documentation on notion and share it with my mentor.

    • Have a session with the mentor to review the documentation and give pointers on how to better relate the findings to developers.

    • Perform data validation testing, that is cross-site scripting, SQL injections, command injection, etc.

  • What obstacles are impeding your progress?

    • None

  • Would you like help from a mentor for this task? 

    • Not at the moment

Elijah Okello

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

Abhinav Sinha

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

Rachit Gupta

  • What did you accomplish this past week?

    • Reviewing PRs - reviewed 18 and closed issues linked to those PRs

    • Own PR to submit some of the PRs and solve merge conflicts

    • Started migration from java to kotlin

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

    • Blocker discussed with mentors with Chirag and Rajan - what want to achieve June 12

  • Would you like help from some mentor for this task? 

Mifos Summer of Code

Deepthi

  • What did you accomplish this past week?

    • Focuse on making PPI vision user-friendly and make it run - currently crashing. Remaking it be more user-friendly - did UI redesign

  • What will you do this upcoming week?

    • Will distribute the work and evenly

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

    • Do need a mentor

    • Have Android folks review UI - get into discussion on databases.

Arshad Patel

  • What did you accomplish this past week?

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

Aditya Gupta

  • What did you accomplish this past week?

    • Resolving PRs

  • What will you do this upcoming week?

    • Java to kotlin migration

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

Lakhwinder Singh Sarao

  • What did you accomplish this past week?

    • studying and reviewing 3PPI APIs

    • Creating project from before - some things have been replicated and updated - facing some issues with Kotlin multi-platform issues.

      • Invent

  • What will you do this upcoming week?

  • What obstacles are impeding your progress?

  • Would you like help from some mentor for this task? 

    • Ed to schedule call with Rajan and Avinash to troubleshoot kotlin MP issues

    • Ed to get clarity from Karin on oothers

Other Discussion