Introduction: What is Google Summer of Code (GSoC)?
Google Summer of Code (GSoC) is an annual program by Google that offers students and new contributors an opportunity to work on open-source projects with mentoring organizations from around the world. Participants contribute to real-world software, learn from experienced developers, and gain hands-on coding experience. Think of GSoC as the Olympics of open-source coding—except instead of medals, you get to build cool projects, collaborate with talented folks, and make a lasting impact on the tech community!
About the Project
For my GSoC project, I’m contributing to OWASP BLT (Bug Logging Tool), an exciting open-source project under the OWASP Foundation. The primary goal of BLT is to create a platform where users can report bugs, earn points, and hold companies accountable for their security. Companies and organizations can set up their own bug bounty programs, complete with prize pools, encouraging ethical hackers to find and report vulnerabilities.
The interesting part of this is the competitive nature and community-driven approach. Users gain rewards for finding bugs, while organizations benefit from a crowdsourced security review. Plus, BLT offers comprehensive documentation and supports easy setup.
My Journey to GSoC
I first stumbled upon Google Summer of Code (GSoC) through YouTube videos. The idea of contributing to impactful open-source projects while learning from experienced developers immediately piqued my interest. But, honestly, I never started out with the sole intention of getting into GSoC. It was more about following my passion for building things, and as it turned out, this passion led me to this amazing opportunity.
In my first year, I was drawn to the world of app development, so I jumped into Flutter, mainly because of its cross-platform capabilities. The ability to build for both Android and iOS with a single codebase was fascinating. I worked on some cool projects, gained experience through internships, and later transitioned into backend development, where I delved deep into Golang. This combination of frontend and backend skills naturally set the stage for my open-source journey. The simplicity and efficiency of Go pulled me into the world of backend systems, and soon I was diving into open-source projects and events. Contributing to open-source projects not only taught me a lot technically but also showed me the power of community and collaboration, which solidified my interest in this space.
Next up, let's dive into the pre-GSoC phase, where I started getting more serious about open-source contributions and planning for GSoC.
The Pre-GSoC Period
Around December, as GSoC applications were approaching, I began searching for projects that aligned with my interests. I reached out to several projects and their developer communities to inquire about opportunities for beginners to contribute. One project that stood out was OWASP BLT. The community and mentors were incredibly welcoming, taking time to guide me through my initial contributions. I started with small tasks, which allowed me to ease into the project while learning about its intricacies.
I set up the project locally, encountering some issues along the way, but the community was there to help me through every step. I eventually got a complete setup running and began familiarizing myself with the codebase. Although my initial contributions focused on the application part, particularly since it was built with Flutter, I soon realized that my involvement would extend beyond just that area. Spoiler alert: Flutter wasn’t the only technology I contributed to!
The Proposal Phase and GSoC Selection🎉
As I delved deeper into the codebase during the pre-GSoC period, I was fortunate to have a reference to the web version of OWASP BLT, which helped me identify various gaps in the application. I tailored my proposal to address these gaps, focusing on areas that needed improvement. This required expanding my knowledge beyond Flutter to include backend systems, specifically Django, with which I was initially unfamiliar. Fortunately, the community and mentors were incredibly supportive throughout this learning curve.
I want to extend my heartfelt gratitude to Donnie, Swapnil Shinde, and Arkadii Yakovets, whose guidance and trust in my abilities were invaluable. Their support played a crucial role in shaping my proposal and bolstering my confidence. Thanks to their mentorship and encouragement, I was able to demonstrate that I could be a strong fit for GSoC.
The day the results were announced was nerve-wracking. Initially, I feared the worst and thought I hadn’t made the cut. But then, after a tense moment of waiting and a final check, I discovered that I had been selected! The relief and excitement were overwhelming, and I am profoundly grateful for this incredible opportunity.
Designed by Freepik
GSoC Contributions
My GSoC journey was a deeply enriching experience, marked by significant contributions and learning. One of the aspects I particularly appreciated was how our proposal was divided into manageable tasks and issues, which were meticulously tracked by our mentors. This structured approach facilitated a smooth development process and ensured that each milestone was met effectively.
During the Community Bonding period, I focused on setting up the latest changes and familiarizing myself with the backend project. I spent time understanding the Django Rest Framework with the guidance of our mentors, who were exceptionally patient and helpful in addressing all my queries. This foundational period was crucial in preparing me for the contributions ahead.
Before diving into the specifics, a quick disclaimer: The details provided here are a summary of my contributions. For a comprehensive view, including all relevant PRs and issues, please refer to the BLT proposal page.
Here are some highlights of my contributions:
Project 1: User Interface (UI) for Companies List
Planning and Design: I began by reviewing existing designs from the web platform and created UI mockups in Figma. After several iterations and mentor reviews, I finalized the designs. Issue #2265
Development and Testing: I set up the Flutter project, implemented the company’s list page UI, and integrated the relevant APIs. I then conducted unit testing to ensure everything functioned as expected. Issue #2268 PR #406
Project 2: Company Scoreboard
Planning and Analysis: I outlined the structure and data fields needed for the scoreboard and determined how companies would be ranked and visualized. Issue #2316
Development and Testing: I implemented the scoreboard UI in Flutter, integrated it with APIs, and verified the ranking logic. PR #406
Project 3: Visual Representation for Issues
Planning and Design: I defined the visual data to be represented graphically and designed charts or graphs in Flutter for issue representation. Issue #2318 Issue #2319
Development and Testing: I implemented the visual representation using suitable Flutter libraries, integrated APIs to fetch issues and plot data, and conducted user testing to refine the visualizations. PR #409 Issue #2321
Project 4: Integrate APIs for Tracking Open and Closed Issues
API Design and Development: I designed API endpoints in Django REST Framework (DRF) for issue tracking, created serializers to structure data for APIs, and implemented views for API logic. Issue #2323
Integration and Testing: I used the http package in Flutter to call APIs, handled API errors with try-catch blocks, and tested API calls for data correctness and performance. PR #404 PR #2090 Issue #2326 Issue #2327
Project 5: Support Projects with Donations
Payment Gateway Integration: Initially implemented Stripe for donations but faced issues with private key data from OWASP. I then re-wrote the implementation to redirect users to a donation page via JavaScript injection, which was both challenging and rewarding. Issue #2334
UI Design and Testing: Designed the donation feature UI, integrated the payment gateway, and set up APIs for donor notifications. Testing ensured the payment process handled all scenarios correctly and that users were properly notified. Issue #2335 PR #413
Project 6: Chatbot Integration
Chatbot Implementation: Implemented the chatbot API for the Flutter app, designed its flow, and handled user interactions. Initially faced issues with the API functionality, which required troubleshooting to ensure proper operation. Successfully integrated the BLT Bot to handle queries related to the BLT project.
Project 7: Integrating the Bug Hunt Feature
- API Development and Integration: Created APIs for the bug hunt feature and integrated them into the Flutter app, ensuring error handling with try-catch blocks. Developed pages to list, search, and display details of previous bug hunts. Issue #2424 PR #417
Project 8: Integrating the Projects and Contributors Feature
API Creation and Data Replication: Developed APIs to fetch updated project and contributor information using GitHub APIs and replicated this data to reduce frequent API calls. Implemented new UI sections in the Flutter app for projects and contributors. Issue #2460 PR #420
Django Command for Data Update: Created a Django management command to update the database with the latest contributor data from GitHub repositories. This command ensures that the data remains current and accurate. PR #2660 PR #2496
Project 9: Issue Labeling Feature
Initial Attempts: Initially, we experimented with creating a model for automatic issue labeling. However, due to insufficient dataset size, and challenges with a generative AI approach, this method did not yield optimal results. We then pivoted to a manual labeling approach, where tags are applied during issue reporting. Issue #2343 PR #2637
Implementation: Implemented a manual labeling feature for issues, ensuring that appropriate tags are added as issues are reported. This solution ensures accurate and relevant labeling. Issue #2344 PR #433
Project 10: Continuous Integration and Testing
CI/CD Setup: Configured CI/CD workflows on GitHub to automate testing processes, ensuring code changes are continuously integrated and tested efficiently. PR #428
Unit and Integration Testing: Developed and implemented unit tests , wrote integration tests for API calls and data handling, and ensured tests addressed edge cases and various data scenarios. PR #416 PR #412
Apart from the main projects detailed above, I also addressed various additional issues related to migrations and other aspects of the OWASP BLT project. For a complete overview of my contributions and additional work, please refer to the leaderboard section here.
Challenges and Learnings
One of the primary challenges I faced was working with Django, a framework I had no prior experience with. Learning Django from scratch while implementing critical features was initially daunting, but with the guidance of my mentors, I was able to overcome this challenge and successfully deliver the required functionalities.
Additionally, I encountered several other challenges throughout the project:
API Integration and Error Handling: Integrating multiple APIs smoothly and handling errors effectively using try-catch blocks required careful attention to detail. I learned how to build robust and scalable API integrations in both Django and Flutter.
Complex UI/UX Design: Implementing complex user interfaces, such as visual representation for issues and the company scoreboard, required a good understanding of Flutter and its state management. Through iterative designs and continuous testing, I improved my skills in crafting responsive and user-friendly interfaces.
Database and Data Replication: Working on replicating data to reduce API calls taught me the importance of optimizing backend processes for performance, especially when handling large datasets.
General Problem Solving: Encountering and solving unexpected bugs, especially during testing phases, sharpened my debugging skills and enhanced my overall understanding of both frontend and backend development.
This project provided an invaluable learning experience across multiple aspects of full-stack development, and I’m grateful for the support and insights gained along the way.
Conclusion
As I conclude my Google Summer of Code 2024 journey, I want to extend my heartfelt thanks to my mentors—Donnie, Swapnil Shinde, and Arkadii Yakovets—for their invaluable support and guidance. Your mentorship was instrumental in navigating the complexities of the OWASP BLT project and achieving our goals.
I am also deeply grateful to the Google Summer of Code team for providing this platform, which has allowed me to grow both technically and personally. The experience has been incredibly rewarding and has further fueled my passion for open-source development.
Thank you to everyone who supported me along the way. Your encouragement and feedback were crucial to my success, and I look forward to continuing my contributions to the open-source community.