From 87590f07de1a5e9038d199ff66da5822e86277e3 Mon Sep 17 00:00:00 2001 From: Ariel Adams Date: Wed, 24 Feb 2021 13:14:42 -0600 Subject: [PATCH 1/4] Fix #198, Fix Contributions Spelling Error in PR Template --- .github/pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index d2822101b..37000bc8c 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -21,7 +21,7 @@ A clear and concise description of how this contribution will change behavior an **Additional context** Add any other context about the contribution here. -**Code contibutions** +**Code contributions** The cFS repository is provided to bundle the cFS Framework. It is utilized for bundling submodules, continuous integration testing, and version management and does not contain any software. Code contributions should be directed to the appropriate submodule. **Contributor Info - All information REQUIRED for consideration of pull request** From 97cabe779319903124ce0775aa72530130e7ed52 Mon Sep 17 00:00:00 2001 From: "Gerardo E. Cruz-Ortiz" <59618057+astrogeco@users.noreply.github.com> Date: Mon, 1 Mar 2021 15:33:51 -0500 Subject: [PATCH 2/4] cFS Bundle Integration Candidate: 2021-03-02 Combines: - nasa/cFE#1196 - nasa/osal#835 - nasa/elf2cfetbl#72 Includes: - nasa/cfe#1154 - nasa/cfe#935 - nasa/cfe#1179 - nasa/cfe#1140 - nasa/cfe#1178 - nasa/cfe#1197 - nasa/osal#834 - nasa/osal#826 - nasa/osal#827 - nasa/osal#829 - nasa/osal#824 - nasa/elf2cfetbl#71 --- cfe | 2 +- osal | 2 +- tools/elf2cfetbl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cfe b/cfe index 672b2dc4f..605cdd29f 160000 --- a/cfe +++ b/cfe @@ -1 +1 @@ -Subproject commit 672b2dc4f76aa8535eb6b327b73f273c4cf87bb5 +Subproject commit 605cdd29f5e6f3af984204ea1521e1702ed57693 diff --git a/osal b/osal index 98a251618..3b53af0db 160000 --- a/osal +++ b/osal @@ -1 +1 @@ -Subproject commit 98a251618c4f54e343ff9e2e52d55671cf26a91e +Subproject commit 3b53af0db4c08ade41caf87dfb76e5a04ad4ab61 diff --git a/tools/elf2cfetbl b/tools/elf2cfetbl index 6762b1c3b..1813214d6 160000 --- a/tools/elf2cfetbl +++ b/tools/elf2cfetbl @@ -1 +1 @@ -Subproject commit 6762b1c3b455665dae57e35f14a50fe327830391 +Subproject commit 1813214d648e796468f35091acf20783cfb25f0a From 458b80d44b4ffc1a3e2f023ca8b5244fde46bdb2 Mon Sep 17 00:00:00 2001 From: Ariel Adams Date: Tue, 23 Feb 2021 12:43:53 -0600 Subject: [PATCH 3/4] Fix #196, Add Testing Tools to the Security Policy --- SECURITY.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 56 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b1c395c05..716cdf1db 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,12 +2,64 @@ ## Reporting a Vulnerability -For general cFS vulnerabilities please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose). +For general cFS vulnerabilities, please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose). Please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. -Please use the "Bug Report" template and provide as much information as possible. Apply appropraite labels for each report. For security related reports, tag the issue with the "security" label. +For security related vulnerabilities, follow the general cFS vulnerabilites instructions and tag the issue with the "security" label. + +## Testing + +**Disclaimer: nasa/cFS is not responsible for any liability incurred under the [Apache License 2.0](https://github.com/nasa/cFS/blob/main/LICENSE).** + +Testing is an important aspect our team values to improve the cFS bundle. Several tools are used for testing: + +### CodeQL + +The [cFS CodeQL GitHub Actions workflow](https://github.com/nasa/cFS/actions/workflows/codeql-build.yml) is available to the public. To review the results, fork the cFS repository and run the CodeQL workflow. + +CodeQL is ran for every push and pull-request on all branches of cFS in GitHub Actions. + +For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-action. + +### LGTM + +LGTM [results](https://lgtm.com/projects/g/nasa/cFS?mode=list) are available to the public. Since suppression comments are not used, many warnings and errors may not be accurate. Therefore, the results may contain false positives and other inapplicable warnings and errors. + +LGTM is ran for every pull-request on all branches of cFS. + +For more information about LGTM, visit https://lgtm.com/. + +### Cppcheck + +The [cFS Cppcheck GitHub Actions workflow and results](https://github.com/nasa/cFS/actions/workflows/static-analysis.yml) are available to the public. To view the results, select a workflow and download the artifacts. + +Cppcheck is ran for every push on the main branch and every pull request on all branches of cFS in Github Actions. + +For more information about Cppcheck, visit http://cppcheck.sourceforge.net/. + +### CodeSonar + +CodeSonar results are not available to the public. + +CodeSonar is typically ran on a “once per release” sort of schedule. + +For more information about CodeSonar, visit https://www.grammatech.com/codesonar-cc. + +### Fuzz Testing + +The application used to fuzz test cFS and its results are not available to the public. + +The latest version of cFS is fuzzed nightly using a continuous integration pipeline. + +For more information about AFL used by the Fuzzing cFS application, visit https://github.com/google/AFL. + +## Security Reports + +To submit security reports or findings, email us at cfs-program@lists.nasa.gov. ## Additional Support -For additional support, email us at cfs-program@lists.nasa.gov. For help using OSAL and cFS, [subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. +For additional support, submit a GitHub issue. You can also email the cfs community at cfs-community@lists.nasa.gov. + +You can subscribe to the mailing list [here](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. -If you wish to report a cybersecurity incident or concern please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov. +If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov. From 42cdfe803bf603fe06102791100724996a76202c Mon Sep 17 00:00:00 2001 From: Ariel Adams Date: Thu, 18 Feb 2021 18:16:41 -0500 Subject: [PATCH 4/4] Fix #194, Create Contributing.md Co-authored-by: Gerardo E. Cruz-Ortiz <59618057+astrogeco@users.noreply.github.com> Co-authored-by: Chris Knight --- CONTRIBUTING.md | 152 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 152 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..769ae34e2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,152 @@ +# Core Flight System Contributing Guide + +So you'd like to contribute to cFS? Below are some guidelines for contributors to follow. Contributions come in all shapes and sizes. We appreciate your help with documentation, unit tests, framework code, continuous-integration, or simply reporting bugs and improvement ideas. We can't promise that we'll accept every suggestion or fix every bug in a timely manner but at the very least we'll respond to you. + +## Table of Contents +[Code of Conduct](#code-of-conduct) + +[Getting Started](#getting-started) + +[Ways to Contribute](#ways-to-contribute) +* [Report Bugs](#report-bugs) +* [Feature Requests](#feature-requests) +* [Security Vulnerabilities](#security-vulnerabilities) +* [Pull Requests](#pull-requests) +* [Discussions and Questions](#discussions-and-questions) + +## Code of Conduct + +### Our Pledge +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. + +### Our Standards +Examples of behavior that contributes to creating a positive environment include: +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others’ private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +### Our Responsibilities +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. + +### Scope +This Code of Conduct applies within all project spaces, and it also applies when an individual is representing the project or its community in public spaces. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +### Enforcement +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at cfs-program@lists.nasa.gov. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project’s leadership. + +### Attribution +This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +## Getting Started +Before you begin, search through the open issues in each submodule to ensure that your ticket is relevant, not redundant, nor in conflict with other tickets: +* [cFS Bundle Issues](https://github.com/nasa/cfs/issues) +* [cFE Issues](https://github.com/nasa/cfe/issues) +* [OSAL Issues](https://github.com/nasa/osal/issues) +* [PSP Issues](https://github.com/nasa/psp/issues) + +### Apps +* [ci_lab Issues](https://github.com/nasa/ci_lab/tree/296d12cde4f90d112d1578cb584ddae200a2d282) +* [sample_app Issues](https://github.com/nasa/sample_app/issues) +* [sample_lib Issues](https://github.com/nasa/sample_lib/issues) +* [sch_lab Issues](https://github.com/nasa/sch_lab/tree/882846bb778432c8780555b9d4bef45535584174) +* [to_lab Issues](https://github.com/nasa/to_lab/tree/031de3dde3f5265e98d7cd2bc154d93bee8520b0) + +### Tools +* [cFS-GroundSystem Issues](https://github.com/nasa/cFS-GroundSystem/issues) +* [elf2cfetbl Issues](https://github.com/nasa/elf2cfetbl/tree/6762b1c3b455665dae57e35f14a50fe327830391) +* [tblCRCTool Issues](https://github.com/nasa/tblCRCTool/tree/b02864ba56b12e00ab152225e3e8f9d6c039d48c) + +If your bug or feature hasn't been reported or requested before, create a new issue in the appropriate repository. If it you find a similar issue, please add a comment on it with your experience or input. + +Please ensure that your name is associated with your github profile before contributing. + +## Ways to Contribute + +### Discussions and Questions +For questions or help, submit a GitHub isssue or email us at cfs-program@lists.nasa.gov. + +[Subscribe to our mailing list](https://lists.nasa.gov/mailman/listinfo/cfs-community) that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc. + +### Report Bugs +#### Before Submitting a Bug +1. Perform a cursory search to see if the bug has already been reported. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one. +2. Determine which repository the bug should be reported in. If you are not sure, place the [issue in NASA/cFS](https://github.com/nasa/cFS/issues/new?assignees=&labels=&template=bug_report.md&title=). + +#### Reporting a Bug +If you run into a bug with the project: +1. Open an issue using the bug report template. +2. Describe the issue. +3. Describe the expected behavior if the bug did not occur. +4. Provide the reproduction steps that someone else can follow to recreate the bug or error on their own. +5. If applicable, add code snippets or references to the software. +6. Provide the system the bug was observed on including the hardware, operating system, and versions. +7. Provide any additional context if applicable. +8. Provide your full name or GitHub username and your company organization if applicable. + +#### Once a bug is submitted: +1. The project team will label the issue. +2. A team member will try to reproduce the issue with your provided steps. If the team is able to reproduce the issue, the issue will be left to be implemented by someone. + +### Feature Requests +#### Before Submitting a Feature Request +1. Review the cFS README.md file to see if your feature is in the major future work. +2. Perform a cursory search to see if the feature has already been requested. If it has and the issue is still open, add a comment to the existing issue instead of opening a new one. +3. Determine which repository the feature should be reported in. If you are not sure, [place the issue in NASA/cFS](https://github.com/nasa/cFS/issues/new?assignees=&labels=&template=feature_request.md&title=). + +#### Submitting a Feature Request +1. Open an issue using the feature request template. +2. Describe the feature. +3. Describe the solution you would like. +4. Describe alternatives you've considered. +5. Provide any additional context if applicable. +6. Provide your full name or GitHub username and your company organization if applicable. + +#### Once a feature request is submitted: +1. The project team will label the issue. +2. The project team will evaluate the feature request, possibly asking you more questions to understand its purpose and any relevant requirements. If the issue is closed, the team will convey their reasoning and suggest an alternative path forward. +3. If the feature request is accepted, it will be marked for implementation. + +### Security Vulnerabilities +Please view our [Security Policy](https://github.com/nasa/cFS/security/policy) for more information. + +### Pull Requests +#### Ready to Add Your Code? + +Follow GitHub's fork-branch-pull request pattern. +1. Fork the relevant cFS component (eg. cfe, osal, psp). +2. Create a new branch in your fork to work on your fix. We recommend naming your branch `fix-ISSUE_NUMBER-`. +3. Submit a pull request to the nasa `main` branch. We recommend creating your pull-request as a "draft" and to commit early and often so the community can give you feedback at the beginning of the process as opposed to asking you to change hours of hard work at the end. +4. Add commits to your branch. Please follow commit message convention: `Fix ISSUE_NUMBER, 50-ish-character-long summary of commit content`. +5. Sign and email the appropriate Contributor License agreement down below to GSFC-SoftwareRelease@mail.nasa.gov and copy cfs-program@lists.nasa.gov. + - Corporate Contributor License agreement : https://github.com/nasa/cFE/blob/main/docs/GSC_18128_Corp_CLA_form_1219.pdf + - Individual Contributor License agreement : https://github.com/nasa/cFE/blob/main/docs/GSC_18128_Ind_CLA_form_1219.pdf + +#### Create a Pull Request +1. For the title, use the title convention `Fix #XYZ, SHORT_DESCRIPTION`. +2. Describe the contribution. First document which issue number was fixed using the template "Fix #XYZ". Then describe the contribution. +3. Provide what testing was used to confirm the pull request resolves the link issue. +4. Provide the expected behavior changes of the pull request. +5. Provide the system the bug was observed on including the hardware, operating system, and versions. +6. Provide any additional context if applicable. +7. Provide your full name or GitHub username and your company or organization if applicable. + +#### Once a Pull Request Ready for Review +1. Verify the commit message and PR title use the template `Fix #XYZ, SHORT_DESCRIPTION`. +2. Verify there is only one commit message. Squash or amend the commit messages if necessary. +3. Verify that the PR passes all checks. +4. The project team will label the issue and evaluate the pull request in the weekly configuration control board (CCB) meeting. For more information, visit [The cFS CCB Process.](https://github.com/nasa/cFS/wiki/The-cFS-CCB-Process) +5. If the pull request is accepted, it will be merged into cFS. +