Caleb Brown

icon location Wollongong, Australia

Results 97 comments of Caleb Brown

Rebuild criticality score project to improve its reliability and scalability.

I hope to have parts of the rewrite being pushed to a public branch by the end of April. Ideally we'd hold off on further PRs until then.

[worker] gracefully terminate when a SIGTERM is received

I think there are layers to this, some of which can be good for a first issue. 1. Not grabbing another message in the worker loop when SIGTERM has been...

Consolidate sandbox images and inject analyze script at runtime

This needs some more thought. One challenge is handling packages that depend on a specific version of Node, PHP, Python, etc. Perhaps more decoupling between the sandboxes + dynamic analysis...

Apply the logging labels "ecosystem", "package" and "version" across all logging during an analysis run.

Other related thoughts: - as well as logging `ecosystem`, `package` and `version` we should also log `message id` across all logs. A pubsub message is useful as a context ID...

Record DNS answers to queries that it sends

Code locations: - https://github.com/ossf/package-analysis/blob/main/internal/dnsanalyzer/dnsanalyzer.go (data capture) - https://github.com/ossf/package-analysis/blob/main/internal/analysis/analysis.go (process the output into a result)

Add CONTRIBUTING.md file

Hi @clairecharles, you're more than welcome to work on this. A new contributors perspective is great for making sure it covers everything it should. Let us know if you have...

Loader is failing with JSON issues.

```shell $ gsutil ls -l 'gs://ossf-malware-analysis-results/**' > allpackagewithsizes.out $ cat allpackagewithsizes.out | sort -n | tail 64417903 2022-02-02T22:19:07Z gs://ossf-malware-analysis-results/pypi/pqrs/0.8.0.json 65228324 2022-03-03T16:52:06Z gs://ossf-malware-analysis-results/pypi/foodx-devops-tools/0.13.1.post1.json 65338726 2022-02-23T17:42:14Z gs://ossf-malware-analysis-results/pypi/foodx-devops-tools/0.13.1.json 65628551 2022-02-11T16:28:02Z gs://ossf-malware-analysis-results/pypi/ansible-kernel/1.0.0.json 125303369 2022-03-03T19:58:44Z...

Loader is failing with JSON issues.

This failure is somewhat silent. We probably should call. `.Wait()` on the job and log the errors it returns to avoid having to dig through BigQuery job logs to find...

Loader is failing with JSON issues.

Might be able to push the job id onto a pubsub queue and have it checked periodically to examine the outcome of the job.

More robust mechanism for getting strace events from gVisor

There are a few issue it seems: 1. empty paths are not handled correctly. 2. paths with commas are not handled correctly. Another slightly different example demonstrating the comma issue:...