Google Summer of Code 2021: Final Presentations
Google Summer of Code has ended a few weeks ago. Students have finalized their projects, end writing documentations and summaries after the program. The question is who was the winner and who unfortunately had to face a loss.
In the previous article, we have written about Barłomiej who end his whole project, wrote the necessary documentation and publish a summary which is one of the requirements to get the 2nd part of the stipend. For now, we should be able to read everyone’s summary, so let’s check who get the money.
Starting with Kate Belson who worked on Security Issues in OpenMRS. Here is a link to her project: https://wiki.openmrs.org/display/projects/GSoC+2021%3A+Patch+Security+Vulnerabilities+Identified+by+NCSU. She is a young, ambitious developer, but she probably had the most issues with the tasks. A lot of things were new to her, she needed to learn many things and do a lot of things for the first time. She has worked hard on her project and even somebody had to help her with something, she achieved almost all of her personal and professional objectives:
- Patch XSS Vulnerabilities — COMPLETED (worked on 3 patches)
- Implement Authorisation Checks — INCOMPLETED (but something I’m keen to work on after GSoC)
- Handle HTTP 500 Errors — INCOMPLETED (but something I’m keen to work on after GSoC)
- Look at Other Security Issues — COMPLETED (worked on RubyGems dependency issues and password security issues)
- Learn how to use Git and GitHub — COMPLETED
- Learn how to use a Java SDK — COMPLETED
- Gain experience on an Open Source Project — COMPLETED
- Learn how to patch XSS vulnerabilities — COMPLETED
- Work with a team member on a PR — COMPLETED
Not only Kate Belson was working on security in OpenMRS. Parth Kanakiya had a project called OpenMRS Security Patches. His aim was to improve/fix security issues in OpenMRS modules. Security plays a crucial role in protecting users and data from angry attacks. The project had 3 objectives:
- Patch critical XSS vulnerabilities → Patched 10-12 XSS vulnerabilities
- Implement authorization checks where they are lacking
- Implement safe exception handling for HTTP 500 errors → Handled and fixed 1-2 HTTP 500 errors
As Parth said, all the objectives have been achieved, but work with security issues is a never-ending story and in the future, some more work needs to be done with that.
Nsereko Joshua was the last student who worked on Security Issues in OpenMRS. The goal of the project was to solve as many vulnerabilities as possible on the OpenMRS Vulnerability Issue Tracker. The project has only 2 objectives:
- Work on at least one issue from the vulnerability issue tracker per week — ACHIEVED
- Fix at least 10 issues on the vulnerability sheet for the whole coding period – ACHIEVED
And both were achieved. Also, 26 of 32 pull requests were merged, so the project was quite successful. There are much more issues reported in Vulnerability Tracker that need work in the future. Unfortunately, security issues are reported every day, many of them are in the Not Stated State. As you can see, there is much more work on security issues than students have done. If you would like to help Security Team you can reach Isaac Sears or Sharif Magembe who were mentors for those projects.
OpenMRS 3.0 RefApp
Jayasanka is the next GSOC 2021 student who we take under a loupe. He worked on project called: E2E Automated Tests for the OpenMRS 3.0 RefApp which you can find here: https://wiki.openmrs.org/display/projects/GSoC+2021%3A+E2E+Automated+Tests+for+the+OpenMRS+3.0+RefApp. Action Items for his projects maybe don’t look impressive, but the most important is the impact of his work which will be very soon visible because his work was strictly connected with a new OpenMRS 3.0 which will be alive very, very soon. Action Points are:
- Initiating a cypress project with cucumber
- Write E2E tests for the following workflows,
– Search and Registration
– User settings
– Clinical visit
– Create GitHub workflows for the tests
- Update the dashboard with workflow badges
- Identify and report bugs of the RefApp 3.x frontend
- Create the developer documentation
- Conducted research on creating a dockerized environment to run the tests in GitHub Actions.
To better visualize what he was doing and how it influences on new OpenMRS product, Jayasanka created a video:
Medhavi Srivastava worked on a project called Support for Extended Operations in FHIR. The main objective of this project was to add support for some extended operations in the FHIR2 module of OpenMRS. FHIR2 already had extensive support for searching, but with this project, the goal was to create operations that already had logic built to reduce the searching overhead of OpenMRS clients. In project objectives were points like:
$lastnoperation on Observation
$lastn-encountersoperation on Observation
$everythingoperation on Patient
$everythingoperation on Patient
All primary goals were achieved, the second goal which was to implement the type-level and instance-level
$everything operation on Encounters, which is yet to be complete. To improve the functionality of
$lastn-encounters we can look into adding some kind of support for specifying patients by more than just patient id, like we see in
search that a patient can be specified using
given name etc.