search

rayhanur-rahman / SLIC-Ansible

6 stars 3 forks source link

Make code executable for reprodicble research #15

Closed akondrahman closed 5 years ago

akondrahman commented 5 years ago

Now that the work is done, it is time to make the repo public. Add step by step instructions on how people can use your tool. Make it clear that the corresponding paper is under review.

akondrahman commented 5 years ago

The instructions in the README must be clear, see https://github.com/akondrahman/IacSec/blob/master/README.md for reference.

rayhanur-rahman commented 5 years ago

Alright, I am working on it.

On Wed, Jul 3, 2019, 21:25 Akond A. Rahman notifications@github.com wrote:

Assigned #15 https://github.com/brokenquark/SLIC-Ansible/issues/15 to @brokenquark https://github.com/brokenquark.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/brokenquark/SLIC-Ansible/issues/15?email_source=notifications&email_token=ACOEEJEA4OWHYDLRUF6RVI3P5TAHLA5CNFSM4H5GHZH2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOSKA3RZY#event-2457975015, or mute the thread https://github.com/notifications/unsubscribe-auth/ACOEEJEIYKN5H2PMQK4CHULP5TAHLANCNFSM4H5GHZHQ .

akondrahman commented 5 years ago

@brokenquark

Your instructions in README.md doesn't make sense. It has too many dependencies, which makes it hard to download and use.

The instruction The src/repodownloader.py will download github repositories given the repo name and user name which is given in the repoList/repo-ansible.csv directory. After the downloading, the script will check the crietria mentioned in the paper and if the criteria are fulfilled, the repo will be kept, otherwise the repo will be deleted. implies that people has to download repos first. What if they have their repos already, and all they want to do is run the tool against their repos? This needs to be addressed

Along similar lines, the instruction The src/AnsibleSmellDetector.py will take the file location (which is stored in ymlPaths directory as a cvs file) of the ansible playbooks and outputs the smell occurrence and smell types in csv format which will be stored as csv file in rq1 folder. throws an error ([Errno 2] No such file or directory: '../yml directory list/ymlPathsostk.txt').

The tool should be independent enough so that people can pass directory names and the tool will find security smells automatically, and spit out a CSV file. That is what we reported in the paper. This is what I want:

  1. after cloning the repo on my hard-drive, I cd into src/
  2. modify AnsibleSmellDetector.py to set the repo directory
  3. run python AnsibleSmellDetector.py
  4. the tool splits out a CSV with location specified

SLIC works for Chef and Puppet in the above-mentioned order. Ansible should also work the same for consistency.

For questions please let me know.

rayhanur-rahman commented 5 years ago

vai, I made changes to the code and description. Please, have a look.

akondrahman commented 5 years ago

I got what I needed. Thanks for the hard work. Closing the issue.