Good First Issues: 10 Beginner-Friendly Tasks for Backend & Frontend

[coderabbitai]

This issue contains a curated list of 10 good first issues for new contributors to OWASP Nest. Each task is estimated at 1-3 story points and is designed to be beginner-friendly while providing value to the project.

Backend Issues (5)

1. Add Return Type Hints to API Resolver Methods

Estimated effort: 1 point
Files: backend/apps/api/rest/v0/chapter.py, project.py, committee.py

Several static resolver methods in API schemas are missing return type hints. For example:

• resolve_key(obj) should be resolve_key(obj) -> str
• resolve_leaders(obj) should be resolve_leaders(obj) -> list[str]

This improves code clarity and helps with IDE autocomplete.

---

2. Replace print() with Proper Logging in Management Commands

Estimated effort: 2 points
Files: Various management commands in backend/apps/owasp/management/commands/

Multiple management commands use print() statements instead of proper logging:

• owasp_scrape_projects.py
• owasp_scrape_chapters.py
• owasp_scrape_committees.py
• owasp_enrich_projects.py
• slack_sync_messages.py

Replace these with appropriate logger calls (logger.info(), logger.debug(), etc.).

---

3. Add Docstrings to Sitemap View Methods

Estimated effort: 2 points
Files: backend/apps/sitemap/views/ (base.py, static.py, chapter.py, etc.)

Many methods in sitemap views lack docstrings:

• changefreq()
• location()
• items()
• lastmod()
• priority()

Add concise docstrings explaining what each method does and what it returns.

---

4. Add Validation Tests for Empty/Invalid Filter Inputs

Estimated effort: 2 points
Files: backend/tests/apps/api/rest/v0/

Add test cases that verify API endpoints handle edge cases correctly:

• Empty string filters
• Invalid date formats
• Out-of-range values
• SQL injection attempts in filter fields

Pick 2-3 endpoints to add these tests.

---

5. Extract Repeated Error Messages to Constants

Estimated effort: 1 point
Files: backend/apps/api/rest/v0/*.py

Multiple API endpoints have hardcoded error messages like "Project not found", "Chapter not found", etc. Extract these to constants at the module level or in a shared errors module for consistency and easier maintenance.

---

Frontend Issues (5)

6. Add Loading States to Data-Fetching Components

Estimated effort: 2 points
Files: frontend/src/components/

Identify 2-3 components that fetch data but don't show loading states. Add proper loading indicators using existing skeleton components from frontend/src/components/skeletons/.

---

7. Add Proper TypeScript Types Instead of 'any'

Estimated effort: 2 points
Files: Various TypeScript files in frontend/src/

Search for : any type annotations and replace them with proper types. Start with utility functions and type definitions to improve type safety.

---

8. Create Reusable Error Boundary Component

Estimated effort: 3 points
Files: New component in frontend/src/components/

Create a reusable React Error Boundary component that can wrap sections of the app to gracefully handle runtime errors. Include:

• Fallback UI with error message
• Optional retry functionality
• Error logging integration

---

9. Add Unit Tests for Frontend Utility Functions

Estimated effort: 2 points
Files: frontend/__tests__/unit/

Identify utility functions in frontend/src/utils/ or frontend/src/lib/ that lack unit tests. Write comprehensive tests covering:

• Happy path scenarios
• Edge cases
• Error conditions

---

10. Improve Accessibility with ARIA Labels

Estimated effort: 2 points
Files: Interactive components in frontend/src/components/

Audit 3-5 interactive components (buttons, links, forms) and add proper ARIA labels, roles, and descriptions to improve accessibility for screen readers. Focus on:

• Navigation elements
• Form inputs
• Action buttons
• Modal dialogs

---

Getting Started

1. Pick an issue that interests you
2. Comment on this issue indicating which task you'd like to work on
3. Review the contributing guidelines
4. Create a feature branch and submit a PR when ready
5. Run make check-test locally before submitting

For questions, feel free to ask in the comments or reach out to the maintainers!

Related PR: #2606
Requested by: @arkid15r

---

Additional Backend Issues (20)

11. Add Return Type Hints to Model Manager Methods

Estimated effort: 2 points
Files: backend/apps/owasp/models/managers/*.py, backend/apps/github/models/managers/*.py

Model managers like ActiveChapterManager, OpenIssueManager, etc., have methods missing return type hints:

• get_queryset() should return models.QuerySet
• Property methods like without_geo_data, assignable need type hints

Example:

def get_queryset(self) -> models.QuerySet:
    """Get queryset."""

---

12. Add __repr__ Methods to Model Classes

Estimated effort: 2 points
Files: backend/apps/github/models/*.py, backend/apps/owasp/models/*.py

Many models lack __repr__ methods, making debugging difficult. Add __repr__ to models like:

• Repository
• Issue
• PullRequest
• Label
• Milestone
• Release

Example:

def __repr__(self) -> str:
    return f"<Issue(id={self.id}, title='{self.title[:50]}')>"

---

13. Add Docstrings to Model Mixin Methods

Estimated effort: 2 points
Files: backend/apps/github/models/mixins/*.py, backend/apps/owasp/models/mixins/*.py

Mixin classes have property methods lacking docstrings. Focus on:

• backend/apps/github/models/mixins/repository.py
• backend/apps/github/models/mixins/user.py
• backend/apps/owasp/models/mixins/project.py

Add docstrings explaining what each property returns and its purpose.

---

14. Add Input Validation to Management Command Arguments

Estimated effort: 2 points
Files: backend/apps/github/management/commands/*.py, backend/apps/owasp/management/commands/*.py

Add validation for command arguments in management commands:

• Check if required environment variables exist
• Validate date formats
• Validate numeric ranges
• Provide helpful error messages when validation fails

Pick 2-3 commands to improve.

---

15. Extract API Error Messages to Constants Module

Estimated effort: 1 point
Files: backend/apps/api/rest/v0/*.py, new backend/apps/api/rest/v0/errors.py

Create a centralized errors module with constants for all API error messages:

# errors.py
CHAPTER_NOT_FOUND = "Chapter not found"
PROJECT_NOT_FOUND = "Project not found"
INVALID_FILTER = "Invalid filter parameter"

Update all API endpoints to use these constants.

---

16. Add Missing Tests for Utility Functions

Estimated effort: 3 points
Files: New tests in backend/tests/apps/common/

Add comprehensive tests for utility functions in:

• backend/apps/common/utils.py (functions like convert_to_camel_case, convert_to_snake_case, clean_url)
• backend/apps/github/utils.py
• backend/apps/slack/utils.py

Cover edge cases, empty inputs, and error conditions.

---

17. Add Verbose Names to Model Meta Classes

Estimated effort: 1 point
Files: backend/apps/owasp/models/*.py, backend/apps/github/models/*.py

Add verbose_name and verbose_name_plural to model Meta classes for better admin display:

class Meta:
    verbose_name = "GitHub Repository"
    verbose_name_plural = "GitHub Repositories"

Focus on models that appear in Django admin.

---

18. Implement Custom Validators for Model Fields

Estimated effort: 2 points
Files: New validators in backend/apps/core/validators.py or app-specific validators

Create custom validators for common patterns:

• URL validation for GitHub URLs
• Email domain validation
• Slack channel name validation
• GitHub username format validation

Apply them to relevant model fields.

---

19. Add Query Optimization with select_related/prefetch_related

Estimated effort: 3 points
Files: backend/apps/api/rest/v0/*.py

Identify N+1 query issues in API endpoints and add appropriate select_related() or prefetch_related() calls. Use Django Debug Toolbar or query logging to find inefficient queries.

Focus on endpoints that access related objects (foreign keys, many-to-many relationships).

---

20. Add Docstrings to Admin Class Methods

Estimated effort: 1 point
Files: backend/apps/*/admin/*.py

Add docstrings to admin class methods like:

• Custom list display methods
• Custom filters
• Custom actions
• get_queryset() overrides

Example:

def custom_display_field(self, obj):
    """Display custom formatted field in admin list view."""
    return format_value(obj.field)

---

21. Create Shared Base Test Classes

Estimated effort: 2 points
Files: New backend/tests/base.py or backend/tests/mixins.py

Extract common test setup/teardown logic into base classes or mixins:

• Database setup patterns
• Mock API client setup
• Common fixture creation
• Assertion helpers

Refactor 3-5 test files to use these base classes.

---

22. Add Type Hints to Utility Functions

Estimated effort: 2 points
Files: backend/apps/common/utils.py, backend/apps/*/utils.py

Add complete type hints to all utility functions:

• Parameter types
• Return types
• Optional parameters with proper None handling

Example:

def format_date(date: datetime | None, format_str: str = "%Y-%m-%d") -> str | None:
    """Format date to string."""

---

23. Add Database Indexes to Frequently Queried Fields

Estimated effort: 2 points
Files: Model files and new migration files

Add db_index=True to fields frequently used in filters/queries:

• created_at, updated_at (if not already indexed)
• Foreign key lookups
• Fields used in API filters

Create migrations for the index additions.

---

24. Implement Model Property Caching with cached_property

Estimated effort: 2 points
Files: backend/apps/owasp/models/*.py, backend/apps/github/models/*.py

Replace @property with @cached_property for expensive operations that don't change during the object lifecycle:

• Properties that make database queries
• Properties with expensive calculations
• Properties that call external APIs

Example:

from django.utils.functional import cached_property

@cached_property
def contributor_count(self) -> int:
    """Get contributor count (cached)."""
    return self.contributors.count()

---

25. Add Validation Tests for Model clean() Methods

Estimated effort: 2 points
Files: backend/tests/apps/*/models/

Add tests for model clean() methods to verify:

• Valid data passes validation
• Invalid data raises ValidationError
• Error messages are correct
• Field-specific validation works

Pick 3-5 models with clean() methods to test.

---

26. Extract Magic Numbers to Named Constants

Estimated effort: 1 point
Files: backend/apps/github/models/mixins/*.py, backend/apps/owasp/models/mixins/*.py

Extract hardcoded numbers to named constants at module level:

# At module level
ISSUES_LIMIT = 6
RELEASES_LIMIT = 6
TOP_CONTRIBUTORS_LIMIT = 6

# In method
def get_top_contributors(self):
    return self.contributors[:TOP_CONTRIBUTORS_LIMIT]

---

27. Add Missing ordering to Model Meta Classes

Estimated effort: 1 point
Files: backend/apps/*/models/*.py

Add default ordering to models that don't have it specified:

class Meta:
    ordering = ["-created_at"]

This ensures consistent ordering across queries and admin interface.

---

28. Implement Custom Model Managers for Common Queries

Estimated effort: 3 points
Files: New manager files in backend/apps/*/models/managers/

Create custom managers for repeated query patterns:

• Recent items (created in last N days)
• Popular items (by some metric)
• Featured items
• Searchable items

Example:

class RecentManager(models.Manager):
    """Manager for recent items."""
    
    def get_queryset(self) -> models.QuerySet:
        """Get items from last 30 days."""
        return super().get_queryset().filter(
            created_at__gte=timezone.now() - timedelta(days=30)
        )

---

29. Add Response Schema Validation Tests for API Endpoints

Estimated effort: 3 points
Files: backend/tests/apps/api/rest/v0/

Add tests that verify API response schemas match the defined Ninja schemas:

• Response field presence
• Field types
• Required vs optional fields
• Nested object structures

Pick 3-5 endpoints to add comprehensive schema validation tests.

---

30. Implement Rate Limiting Decorator for API Endpoints

Estimated effort: 3 points
Files: New backend/apps/api/decorators/rate_limit.py, apply to endpoints

Create a rate limiting decorator similar to the cache decorator:

@rate_limit(requests=100, window=60)  # 100 requests per minute
def list_projects(request):
    ...

Include tests and apply to public API endpoints.

---

Implementation Notes

• All tasks should include updating or adding tests
• Follow existing code style and patterns in the repository
• Run make check-test locally before submitting PR
• Reference this issue (Good First Issues: 10 Beginner-Friendly Tasks for Backend & Frontend #2628) in your PR description
• Each task can be done independently
• Feel free to ask questions in the comments before starting

[SiddharthJiyani]

Can I work on this issue?

[arkid15r]

@coderabbitai create a separate issue based on this

Add Docstrings to Sitemap View Methods

Files: backend/apps/sitemap/views/*

Many methods in sitemap views lack docstrings:

changefreq()
location()
items()
lastmod()
priority()

Add concise docstrings explaining what each method does and what it returns.

[arkid15r]

@coderabbitai, update this issue with 20 more ideas of good first issues for OWASP Nest backend

[arkid15r]

@coderabbitai, create a single issue with 20 ideas of good first issues for OWASP Nest backend