[Mifos-developer][Gsoc2017]Integrating TOIF static analysis with Apache Fineract

2017-04-18 Thread Thisura Philips 
Hi all,

I have done a POC for the $ubject at github

[1]. The change set it shown at here
 [2]. Please
review this and let me know your ideas to improve the integration. As of
now I have done the following things.


   -

   Added toif directory into fineract-provider which includes
   - report (folder which includes the TOIF reports)
  - housekeeping
  - toifscan.py
   -

   Added two TOIF adapters for Findbugs and JLint
   -

   Added gradle task to manually run after gradle build. Later we can add
   it as a task which will run automatically run after build.

(Only 6 reports files for scanning two classes attached since there are lot
of files after scanning)


Going forward, we can do the following improvements.


* Move the reports in the report folder(mentioned above) into
build/reports/toif.

* Run the gradle task "toif", at the end of the build.


Please let me know your ideas to improve the integration.



[1] https://github.com/ThisuraThejith/incubator-fineract/tree/develop-TOIF
[2] https://github.com/ThisuraThejith/incubator-fineract/pull/1

Thanks & Regards
-- 
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)

Re: Does the changes in apache fineract platform necessary to fix FINERACT issues

2017-04-10 Thread Thisura Philips 
[Adding mifos list]

On Tue, Apr 11, 2017 at 12:34 AM, Thisura Philips 
wrote:

> Hi Markus,
>
> There is a limitation in implementing this in the backend. In the
> database, we are storing only the "classification_enum" in the
> "acc_gl_account"
> Classification Enum has the following values for respective account types.
>   ASSET - 1
>   LIABILITY - 2
>   EQUITY - 3
>   INCOME - 4
>   EXPENSE - 5
> The values can't be used to reflect the ascending order of names.
> Therefore ORDER BY "classification_enum" won't work in the sql query.
> There fore we have two options.
>   1. Write a sorting function to sort the result set based on the
> classification_enum and then on gl_code.
>   2. Change the classification_enum values to reflect the
> ascending order of account types and add ORDER BY classification_enum ASC,
> gl_code ASC
> The changed enums will look like follows.
>ASSET - 1
>LIABILITY - 5
>EQUITY - 3
>INCOME - 4
>EXPENSE - 2
> What is the best option? From the maintenance point of view, I think the
> first option is better. But from the performance point of view, the second
> option is better.
>
> I have sent this PR
> <https://github.com/apache/incubator-fineract/pull/330> to order the
> results according to gl_code. But there is no use of that if we can't have
> the same with classification_enum as the first preference is given to
> classification_enum.
>
> Your ideas will be a great help to resolve this issue.
>
> Thanks and Regards.
>
> On Mon, Apr 3, 2017 at 11:20 AM, Thisura Philips 
> wrote:
>
>> Hi Markus,
>>
>> Exactly, it should be independent from the client.
>> At the moment account in charts of accounts are ordered using orderBy
>> directive.
>> I will send the response from the platform ordering them as expected in
>> this issue. <https://issues.apache.org/jira/browse/FINERACT-389>
>>
>> Cheers!
>>
>> Thanks & Regards.
>>
>> On Mon, Apr 3, 2017 at 10:56 AM, Markus Geiß 
>> wrote:
>>
>>> Hey Thisura,
>>>
>>> features like the one you've mentioned should find their place within
>>> the platform.
>>>
>>> Just imagine we have not only the community-app but also an android app
>>> plus additional UIs we even don’t know about.
>>>
>>> It is best practice to implement those kind of changes within the
>>> backend, so you don’t need to reimplement them with every client.
>>>
>>> Cheers
>>>
>>> Markus
>>>
>>> -Original Message-
>>> From: Thisura Philips [mailto:ttcphil...@gmail.com]
>>> Sent: Thursday, March 30, 2017 05:12 AM
>>> To: dev@fineract.incubator.apache.org
>>> Subject: Does the changes in apache fineract platform necessary to fix
>>> FINERACT issues
>>>
>>> Hi devs,
>>> Just a little bit of misunderstanding.
>>> Let's take an example. The ticket at [1] <https://issues.apache.org/jir
>>> a/browse/FINERACT-389> requests to arrange the accounts that fall under
>>> one account type in order of their GL codes.
>>> This could be done easily with the changes at [2] <
>>> https://github.com/openMF/community-app/pull/2157>. But this change is
>>> in community-app.
>>>
>>> My question is, whether the fix is correct. Do we need to correct these
>>> at the platform level? Or is the suggested fix in [2] <
>>> https://github.com/openMF/community-app/pull/2157>.
>>>
>>> [1] https://issues.apache.org/jira/browse/FINERACT-389
>>> <https://issues.apache.org/jira/browse/FINERACT-389>
>>> [2] https://github.com/openMF/community-app/pull/2157
>>> <https://github.com/openMF/community-app/pull/2157>
>>>
>>> Thanks and regards.
>>>
>>> --
>>> T.T.C Philips (BSc.Eng (Undergrad))
>>> Computer Science and Engineering,
>>> Sri Lanka Institute of Information Technology(SLIIT)
>>>
>>
>>
>>
>> --
>> T.T.C Philips (BSc.Eng (Undergrad))
>> Computer Science and Engineering,
>> Sri Lanka Institute of Information Technology(SLIIT)
>>
>>
>>
>>
>
>
> --
> T.T.C Philips (BSc.Eng (Undergrad))
> Computer Science and Engineering,
> Sri Lanka Institute of Information Technology(SLIIT)
>
>
>
>


-- 
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)

Re: Does the changes in apache fineract platform necessary to fix FINERACT issues

2017-04-10 Thread Thisura Philips 
Hi Markus,

There is a limitation in implementing this in the backend. In the database,
we are storing only the "classification_enum" in the "acc_gl_account"
Classification Enum has the following values for respective account types.
  ASSET - 1
  LIABILITY - 2
  EQUITY - 3
  INCOME - 4
  EXPENSE - 5
The values can't be used to reflect the ascending order of names. Therefore
ORDER BY "classification_enum" won't work in the sql query.
There fore we have two options.
  1. Write a sorting function to sort the result set based on the
classification_enum and then on gl_code.
  2. Change the classification_enum values to reflect the ascending
order of account types and add ORDER BY classification_enum ASC, gl_code ASC
The changed enums will look like follows.
   ASSET - 1
   LIABILITY - 5
   EQUITY - 3
   INCOME - 4
   EXPENSE - 2
What is the best option? From the maintenance point of view, I think the
first option is better. But from the performance point of view, the second
option is better.

I have sent this PR <https://github.com/apache/incubator-fineract/pull/330> to
order the results according to gl_code. But there is no use of that if we
can't have the same with classification_enum as the first preference is
given to classification_enum.

Your ideas will be a great help to resolve this issue.

Thanks and Regards.

On Mon, Apr 3, 2017 at 11:20 AM, Thisura Philips 
wrote:

> Hi Markus,
>
> Exactly, it should be independent from the client.
> At the moment account in charts of accounts are ordered using orderBy
> directive.
> I will send the response from the platform ordering them as expected in
> this issue. <https://issues.apache.org/jira/browse/FINERACT-389>
>
> Cheers!
>
> Thanks & Regards.
>
> On Mon, Apr 3, 2017 at 10:56 AM, Markus Geiß  wrote:
>
>> Hey Thisura,
>>
>> features like the one you've mentioned should find their place within the
>> platform.
>>
>> Just imagine we have not only the community-app but also an android app
>> plus additional UIs we even don’t know about.
>>
>> It is best practice to implement those kind of changes within the
>> backend, so you don’t need to reimplement them with every client.
>>
>> Cheers
>>
>> Markus
>>
>> -Original Message-
>> From: Thisura Philips [mailto:ttcphil...@gmail.com]
>> Sent: Thursday, March 30, 2017 05:12 AM
>> To: dev@fineract.incubator.apache.org
>> Subject: Does the changes in apache fineract platform necessary to fix
>> FINERACT issues
>>
>> Hi devs,
>> Just a little bit of misunderstanding.
>> Let's take an example. The ticket at [1] <https://issues.apache.org/jir
>> a/browse/FINERACT-389> requests to arrange the accounts that fall under
>> one account type in order of their GL codes.
>> This could be done easily with the changes at [2] <
>> https://github.com/openMF/community-app/pull/2157>. But this change is
>> in community-app.
>>
>> My question is, whether the fix is correct. Do we need to correct these
>> at the platform level? Or is the suggested fix in [2] <
>> https://github.com/openMF/community-app/pull/2157>.
>>
>> [1] https://issues.apache.org/jira/browse/FINERACT-389
>> <https://issues.apache.org/jira/browse/FINERACT-389>
>> [2] https://github.com/openMF/community-app/pull/2157
>> <https://github.com/openMF/community-app/pull/2157>
>>
>> Thanks and regards.
>>
>> --
>> T.T.C Philips (BSc.Eng (Undergrad))
>> Computer Science and Engineering,
>> Sri Lanka Institute of Information Technology(SLIIT)
>>
>
>
>
> --
> T.T.C Philips (BSc.Eng (Undergrad))
> Computer Science and Engineering,
> Sri Lanka Institute of Information Technology(SLIIT)
>
>
>
>


-- 
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)

Fwd: [Mifos-developer] Application for GSOC 2017( Static Analysis of Apache Fineract )

2017-04-09 Thread Thisura Philips 
[Adding fineract dev.]
-- Forwarded message --
From: Thisura Philips 
Date: Mon, Apr 10, 2017 at 12:04 AM
Subject: Re: [Mifos-developer] Application for GSOC 2017( Static Analysis
of Apache Fineract )
To: Nikhil Pawar 
Cc: Mifos software development 


Hi Nikhil,

I have attended all the 293 vulnerabilities reported as on 8/4/2017. Here
<https://docs.google.com/spreadsheets/d/1uLk3YPcjnXk7RqF8etsTzIuN59CDU6sgBxpZul__1V4/edit?usp=sharing>
[1]
I have created a spreadsheet by attending all the vulnerabilities.
Some of them are false positives. The true vulnerabilities should be
prioritized and fixed.  I will open a thread for critical vulnerabilities
to discuss and find a solution.

As the next step I will work on two things.

1. Scan the codebase using OWASP LAPSE
2. Integrating TOIF

Please let me know if we have a better plan,


[1] https://docs.google.com/spreadsheets/d/1uLk3YPcjnXk7RqF8etsTzIuN59CDU
6sgBxpZul__1V4/edit?usp=sharing

On Sun, Apr 2, 2017 at 11:37 PM, Nikhil Pawar  wrote:

> Hello Thisura,
>
> This looks good. All the best.
>
> Regards,
> Nikhil
>
>
> ----------
> *From:* Thisura Philips 
> *To:* Mifos software development 
> *Cc:* Nikhil Pawar 
> *Sent:* Sunday, 2 April 2017 8:30 AM
> *Subject:* Re: [Mifos-developer] Application for GSOC 2017( Static
> Analysis of Apache Fineract )
>
> Hi Nikhil,
>
> I updated the document with the tools and rough plan of scanning modules.
> Could you please check that and let me know whether it is ok?
>
> Thanks and Regards.
>
> On Sun, Apr 2, 2017 at 11:07 AM, Thisura Philips 
> wrote:
>
> Hi Nikhil and Sendhoro,
>
> Thank you very much for the feedback. I will do the needful.
>
>
>
> On Sun, Apr 2, 2017 at 10:42 AM,  wrote:
>
> Hi Thisura,
>
> Sounds great with additional comment from Nikhil!
>
> Regards
> Sendoro
>
>
> On 2017-04-01 15:29, Thisura Philips wrote:
> > Hi Nikhil,
> >
> > I have created draft proposal at [1]. Sorry for waiting this late to
> > give the draft. Kindly go through that and let me know any things need
> > to be updated, if you have some time. Highly appreciate your
> > suggestions to make it a better proposal.
> >
> > [1]
> > https://docs.google.com/docume nt/d/1q5Z1mWjoi8bTsV6pMzAXPlth
> mcYCTBDE9Ee_bzRt95Q/edit?usp=s haring
> <https://docs.google.com/document/d/1q5Z1mWjoi8bTsV6pMzAXPlthmcYCTBDE9Ee_bzRt95Q/edit?usp=sharing>
> > [27]
> >
> > Best Regards
> >
> > On Fri, Mar 31, 2017 at 12:47 AM, Thisura Philips
> >  wrote:
> >
> >> Hi Nikhil,
> >> Understood the fact. I am really excited to start working on these.
> >> Sorry about not bouncing back with the proceedings. Spent a little
> >> bit time getting familiar with code.
> >> I have sent few PRs and played with community app, debugged the code
> >> to get my handson with OpenMF and Fineract.
> >> Will be spending creating a proposal (as the closing date is coming)
> >> and will get back to work after submitting the proposal.
> >> Thanks again for your great help.
> >>
> >> Best Regards,
> >>
> >> On Sat, Mar 25, 2017 at 11:37 PM, Nikhil Pawar 
> >> wrote:
> >>
> >> Hello Thisura,
> >>
> >> Good Work. Currently there are no tickets logged as nobody did
> >> static analysis on the code.
> >> Once you have the findings, you should prioritize them and do deeper
> >> analysis.
> >> In our case, findings in 5th point are of course of higher priority,
> >> so we should take a second look at them and rule out in case of
> >> false positive. Suppose you find them as true positive, you should
> >> open a ticket and fix them.
> >>
> >> Regarding, your question of including sonarqube as build plugin,it
> >> has already been done along with PMD and findbugs.
> >>
> >> Regards,
> >> Nikhil
> >>
> >> -
> >> FROM: Thisura Philips 
> >> TO: "nickr...@gmail.com" 
> >> CC: Mifos Software Development
> >>  >
> >> SENT: Wednesday, 22 March 2017 1:57 PM
> >> SUBJECT: Re: [Mifos-developer] Application for GSOC 2017( Static
> >> Analysis of Apache Fineract )
> >>
> >> Hi Nikhil,
> >>
> >> The summarized vulnerabilities are as follows. The fifth one seems
> >> to be more or less false positive. We can surely improve the
> >> reported vulnerabilities with the proposed solution. What do you
> >> think?
> >>
> >> *
> >> Mutable fields sh

Re: Does the changes in apache fineract platform necessary to fix FINERACT issues

2017-04-02 Thread Thisura Philips 
Hi Markus,

Exactly, it should be independent from the client.
At the moment account in charts of accounts are ordered using orderBy
directive.
I will send the response from the platform ordering them as expected in
this issue. <https://issues.apache.org/jira/browse/FINERACT-389>

Cheers!

Thanks & Regards.

On Mon, Apr 3, 2017 at 10:56 AM, Markus Geiß  wrote:

> Hey Thisura,
>
> features like the one you've mentioned should find their place within the
> platform.
>
> Just imagine we have not only the community-app but also an android app
> plus additional UIs we even don’t know about.
>
> It is best practice to implement those kind of changes within the backend,
> so you don’t need to reimplement them with every client.
>
> Cheers
>
> Markus
>
> -Original Message-
> From: Thisura Philips [mailto:ttcphil...@gmail.com]
> Sent: Thursday, March 30, 2017 05:12 AM
> To: dev@fineract.incubator.apache.org
> Subject: Does the changes in apache fineract platform necessary to fix
> FINERACT issues
>
> Hi devs,
> Just a little bit of misunderstanding.
> Let's take an example. The ticket at [1] <https://issues.apache.org/
> jira/browse/FINERACT-389> requests to arrange the accounts that fall
> under one account type in order of their GL codes.
> This could be done easily with the changes at [2] <
> https://github.com/openMF/community-app/pull/2157>. But this change is in
> community-app.
>
> My question is, whether the fix is correct. Do we need to correct these at
> the platform level? Or is the suggested fix in [2] <
> https://github.com/openMF/community-app/pull/2157>.
>
> [1] https://issues.apache.org/jira/browse/FINERACT-389
> <https://issues.apache.org/jira/browse/FINERACT-389>
> [2] https://github.com/openMF/community-app/pull/2157
> <https://github.com/openMF/community-app/pull/2157>
>
> Thanks and regards.
>
> --
> T.T.C Philips (BSc.Eng (Undergrad))
> Computer Science and Engineering,
> Sri Lanka Institute of Information Technology(SLIIT)
>



-- 
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)

[Mifos-deeloper][GSOC] Two factor authentication

2017-03-30 Thread Thisura Philips 
Hi all,

Though it is bit late to come in to the discussion, I feel this project
also a very important one to improve the security of the system. I have
personally worked with WSO2 Identity Server, and has an understanding about
the core of the Identity Server. I am familiar with SMSOTP and EmailOTP
concepts. Importantly I have experience with SAML, OAuth2 protocols. I have
setup user scenarios of two factor authentication along with these
protocols rather than just with basic authentication, using WSO2 Identity
Server.

I went through the document at [1]. According to that the main requirements
are basically as follows.

* Improve the existing SMS integration
* Generating, sending, validating OTP
* Let the admin configure the OTP system parameters
* Add a layer in between current authentication

I will come up with UI wireframes shortly. Please let me know any important
facts regarding this to get my hands on with the project.


[1]
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=67641984

Thanks and regards.
-- 
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)

Does the changes in apache fineract platform necessary to fix FINERACT issues

2017-03-29 Thread Thisura Philips 
Hi devs,
Just a little bit of misunderstanding.
Let's take an example. The ticket at [1]
 requests to arrange
the accounts that fall under one account type in order of their GL codes.
This could be done easily with the changes at [2]
. But this change is in
community-app.

My question is, whether the fix is correct. Do we need to correct these at
the platform level? Or is the suggested fix in [2]
.

[1] https://issues.apache.org/jira/browse/FINERACT-389

[2] https://github.com/openMF/community-app/pull/2157


Thanks and regards.

-- 
T.T.C Philips (BSc.Eng (Undergrad))
Computer Science and Engineering,
Sri Lanka Institute of Information Technology(SLIIT)