Category Archives: Open Source Blog

News about Google’s open source projects and programs

Introducing TestParameterInjector: A JUnit4 parameterized test runner

 When writing unit tests, you may want to run the same or a very similar test for different inputs or input/output pairs. In Java, as in most programming languages, the best way to do this is by using a parameterized test framework.

JUnit4 has a number of such frameworks available, such as junit.runners.Parameterized and JUnitParams. A couple of years ago, a few Google engineers found the existing frameworks lacking in functionality and simplicity, and decided to create their own alternative. After a lot of tweaks, fixes, and feature additions based on feedback from clients all over Google, we arrived at what TestParameterInjector is today.

As can be seen in the graph below, TestParameterInjector is now the most used framework for new tests in the Google codebase:

Graph of the different parameterized test frameworks in Google

How does TestParameterInjector work?

The TestParameterInjector exposes two annotations: @TestParameter and @TestParameters. The following code snippet shows how the former works:


@RunWith(TestParameterInjector.class)

public class MyTest {


  @TestParameter boolean isDryRun;


  @Test public void test1(@TestParameter boolean enableFlag) {

    // This method is run 4 times for all combinations of isDryRun and enableFlag

  }


  @Test public void test2(@TestParameter MyEnum myEnum) {

    // This method is run 6 times for all combinations of isDryRun and myEnum

  }


  enum MyEnum { VALUE_A, VALUE_B, VALUE_C }

}


Annotated fields (such as isDryRun) will cause each test method to run for all possible values while annotated method parameters (such as enableFlag) will only impact that test method. Note that the generated test names will typically be helpful but concise, for example: MyTest#test2[isDryRun=true, VALUE_A].

The other annotation, @TestParameters, can be seen at work in this snippet:

@RunWith(TestParameterInjector.class)

public class MyTest {


  @Test

  @TestParameters({

    "{age: 17, expectIsAdult: false}",

    "{age: 22, expectIsAdult: true}",

  })

  public void personIsAdult(int age, boolean expectIsAdult) {

    // This method is run 2 times

  }

}


In contrast to the first example, which tests all combinations, a @TestParameters-annotated method runs once for each test case specified.

How does TestParameterInjector compare to other frameworks?

To our knowledge, the table below summarizes the features of the different frameworks in use at Google:

TestParameterInjector

junit.runners. Parameterized

JUnitParams

Burst

DataProvider

Jukito

Theories

Documentation

GitHub

GitHub

GitHub

GitHub

GitHub

GitHub

junit.org

Supports field injection





Supports parameter injection


Considers sets of parameters correlated or orthogonal

both are supported

correlated

correlated

orthogonal

correlated

orthogon

al

orthogonal

Refactor friendly

(✓)




Learn more

Our GitHub README at https://github.com/google/TestParameterInjector gives an overview of the possibilities of this framework. Let us know on GitHub if you have any questions, comments, or feature requests!

By Jens Nyman, TestParameterInjector team

1Parameters are considered dependent. You specify explicit combinations to be run.
2Parameters are considered independent. The framework will run all possible combinations of parameters

Student applications for Google Summer of Code 2021 are now open!

Student applications for Google Summer of Code (GSoC) 2021 are now open!

Google Summer of Code introduces students from around the world to open source communities. The program exposes students to real-world software development scenarios, helps them develop their technical skills, and introduces them to our enthusiastic and generous community of GSoC mentors. Since 2005, GSoC has brought over 16,000 student developers from 111 countries into 715 open source communities!
Google Summer of Code logo
Now in our 17th consecutive year, the GSoC program has made some exciting changes for 2021. Students will now focus on a 175-hour project over a 10-week coding period (entirely online) and receive stipends based on the successful completion of their project milestones. We are also opening up the program to students 18 years of age and older, who are enrolled in post-secondary academic programs (including university, masters, PhD programs, licensed coding schools, community colleges, etc.) or have graduated from such a program between December 1, 2020 and May 17, 2021.

Ready to apply? The first step is to browse the list of 2021 GSoC organizations and look for project ideas that appeal to you. Next, reach out to the organization to introduce yourself and determine if your skills and interests are a good fit. Since spots are limited, we recommend writing a strong proposal and submitting a draft early so you can communicate with the organization and get their feedback to increase your odds of being selected. We recommend reading through the student guide and advice for students for important tips on preparing your proposal. Students may register and submit project proposals on the GSoC site from now until Tuesday, April 13th at 18:00 UTC.

You can find more information on our website, which includes a full timeline of important dates, GSoC videos, FAQ’s and Program Rules.

Good luck to all of the student applicants!

By Romina Vicente, Project Coordinator for Google Open Source Programs Office

Student applications for Google Summer of Code 2021 are now open!

Student applications for Google Summer of Code (GSoC) 2021 are now open!

Google Summer of Code introduces students from around the world to open source communities. The program exposes students to real-world software development scenarios, helps them develop their technical skills, and introduces them to our enthusiastic and generous community of GSoC mentors. Since 2005, GSoC has brought over 16,000 student developers from 111 countries into 715 open source communities!
Google Summer of Code logo
Now in our 17th consecutive year, the GSoC program has made some exciting changes for 2021. Students will now focus on a 175-hour project over a 10-week coding period (entirely online) and receive stipends based on the successful completion of their project milestones. We are also opening up the program to students 18 years of age and older, who are enrolled in post-secondary academic programs (including university, masters, PhD programs, licensed coding schools, community colleges, etc.) or have graduated from such a program between December 1, 2020 and May 17, 2021.

Ready to apply? The first step is to browse the list of 2021 GSoC organizations and look for project ideas that appeal to you. Next, reach out to the organization to introduce yourself and determine if your skills and interests are a good fit. Since spots are limited, we recommend writing a strong proposal and submitting a draft early so you can communicate with the organization and get their feedback to increase your odds of being selected. We recommend reading through the student guide and advice for students for important tips on preparing your proposal. Students may register and submit project proposals on the GSoC site from now until Tuesday, April 13th at 18:00 UTC.

You can find more information on our website, which includes a full timeline of important dates, GSoC videos, FAQ’s and Program Rules.

Good luck to all of the student applicants!

By Romina Vicente, Project Coordinator for Google Open Source Programs Office

Season of Docs announces the successful 2020 long-running projects

And, that’s a wrap! Season of Docs has announced the 2020 program results for long-running projects. You can view a list of successfully completed technical writing projects on the website along with their final project reports.

15 technical writers successfully completed their long-running technical writing projects. During the program, technical writers spent a few months working closely with an open source community. They brought their technical writing expertise to improve the project's documentation while the open source projects provided mentors to introduce the technical writers to open source tools, workflows, and the project's technology.

Congratulations to the technical writers and organization mentors on these successful projects!

What’s next?

Program participants should expect an email in the next few weeks about how to get their Season of Docs 2020 t-shirt!

If you were excited about participating, please do write social media posts. See the promotion and press page for images and other promotional materials you can include, and be sure to use the tag #SeasonOfDocs when promoting your project on social media. To include the tech writing and open source communities, add #WriteTheDocs, #techcomm, #TechnicalWriting, and #OpenSource to your posts.

If you’re interested in participating in a future Season of Docs, we’re currently accepting organization applications for the 2021 program. Be sure to sign up for the announcements email list to stay informed!

By Kassandra Dhillon and Erin McKean, Google Open Source Programs Office

Google Summer of Code 2021 Mentoring Orgs announced!

Google Summer of Code Header

Today, we are pleased to welcome 202 open source projects as our Google Summer of Code (GSoC) 2021 mentoring organizations. While many of the organizations have participated in GSoC in previous years, we are excited to welcome 31 organizations for their first summer mentoring GSoC students.

For a complete list of the accepted organizations visit the program website where each organization has their own page with details about their org and the all important list of Project Ideas that they wish for students to work on this summer.

Are you a student interested in participating in GSoC this year?
Student applications will open on Monday, March 29, 2021 at 19:00 UTC and the deadline to submit your application is Tuesday, April 13, 2021 at 19:00 UTC.

The most successful applications come from students who start preparing now. 
So remember to prepare early! Here are some proactive tips for students to accomplish before the application period begins:
  • Watch our short videos: What is GSoC? and Being a GSoC Student
  • Check out the Student Guide and Student Advice doc
  • Review the list of accepted organizations and reach out to the two or three that interest you the most now. All contact information for orgs is available on their organization page on the program site.
  • Now is the perfect time to read the Project Ideas of the orgs you are interested in and start asking questions of the mentors so you can understand the project and write a quality proposal as part of your application.
You can find more information on our website which includes a full timeline of important dates. We also highly recommend perusing the FAQ and Program Rules and watching some of our other videos with more details about GSoC for students and mentors.

A big congratulations—and thank you—to all of our mentor organizations! We look forward to working with all of you during Google Summer of Code 2021.

By Stephanie Taylor, Google Open Source

Season of Docs 2020: 5 Technical communication learnings as an open source contributor

Open source contributions have always intrigued me as they are a good way for developing skills needed in the real world. When I stumbled upon Season of Docs (SoD) 2020, while watching Amruta Ranades technical writing videos, I was thrilled to find an opportunity that serves as a bridge between technical writers and different open source organizations. I was intrigued by how there is an open source software or tool addressing different industry needs (eg: HR, video editing, education, robotics, etc), and how the lack of good documentation moderates the user adoption.

Figure 1: Open source projects are resourceful for developing new skills and building new industry connections

This blog post summarizes my technical communication learnings while working as an open source contributor with CircuitVerse.

Documentation audit is key: To prepare my technical writer application, I audited available documentation of five organizations for the following factors:

  • What documentation is available?
  • Who is the target audience?
  • Does it cover all the functionality?
  • Does it cover end-user needs?
  • Is the documentation any good?
Based on my findings, I further narrowed down my choice to two organizations. While preparing the SoD proposal for CircuitVerse(CV), I drafted a content proposal plan that included a mixed bag of video prototypes, tutorials and existing content improvement and remapping to illustrate my ability to understand real world problems and tech integration capabilities. You can find my final project proposal, which got me selected as a participant for Season of Docs 2020 with CircuitVerse here.*

*A special shout out to Audrey Tavares (a past-participator of SoD 2019, Oppia) for answering my queries and guiding me through the process.

Know your audience: When SoD concluded in December 2020, I had produced a series of video tutorials and rewritten the complete documentation for the CV simulator. You can find the complete project report here.

Audience analysis is key to the success of a documentation project. Do your research and ask enough questions to understand your audience and discover vital facts.

In my case, I concluded from my initial findings that the primary audience were students, but the mentors corrected me that the primary audience are educators. This provided a cue for the team that the message is not clear and we revised the content layout to cater to the primary audience.

Secondly, avoid assumptions, and be prepared with agreeing to disagree––conflicts can be healthy!

Write documentation for an evolving platform: Documentation empowers users to feel confident about the product and build trust. One of the key pain points of working on open source documentation is that the platform is continuously upgraded with new features and functionalities. So how do you strike a balance?

While the CV videos had some UI discrepancies, I focused on making sure that the user guide content (that is live) is detailed enough, and gives users clear instructions on how to accomplish a task. I learned that videos play a key role in demonstrating a workflow while the text documentation must be detailed and updated frequently.

Build up developer and documentation tools proficiency: Contributing to open source projects expands one’s familiarity with real world practices, including working with different tools like Adobe Camtasia, GitHub and Markdown. While my comfort level with GitHub grew, I learned better practices for working with Markdown for a large data set. I used the Docs to Markdown add-on for Google Docs to transpose the content in markdown before uploading it to GitHub.

Focus on fluid communication skills while working with subject matter experts: The SoD opportunity allowed me to experience working in a distributed, collaborative environment across borders and geographies––replicates the traditional corporate world.

While my mentors were receptive to my suggestions, I made an effort to keep them apprised about the progress and missing deadlines of the project. For instance, I improvised the documentation deliverable midway with their consent. I realized that it was important to have good, clear documentation available for the available popular topics before adding new content.

When my mentors and I were in doubt, we reached out to the CV Slack community for user feedback on different aspects.

Warming up as an Open Source Contributor
Although my project with CircuitVerse has been successfully completed, I look forward to my continued journey with CircuitVerse, and continued open source contributions with other organizations in 2021. If this is your first time applying for Season of Docs, refer the FAQ for technical writers to gather more insights into the program. You can also give a shout out to the extremely helpful program admins at [email protected] or post your queries on the Season of Docs Slack channel.

Guest Post by Pragati Chaplot Jain – Season of Docs Participant

SoD and technical documentation in an open source organization

Featured image


Documentation in open source organizations is a complicated job because there are so many new edits and issues occurring daily, that without a dedicated team, they become challenging to manage. Since open source organizations mostly rely on volunteers it is not unusual for a small task to take longer than if full-time team members were dedicated to it. Time is of the essence when improving documentation; since as contributors continue to add value to the organization, chances are there will be more work content to continuously work through. Season of Docs (SoD) aims to aid with documentation in an effective way.

SoD creates an environment where freelance technical writers can work with an open source organization for 3–5 months. The technical writers can get paid and the organizations get a dedicated individual to take care of their documentation —a win-win for everyone.

I had the opportunity to work with ESLint under SoD 2020, where I was able to learn quite a lot, with the aim to improve and organize the Configuration Documentation of ESLint. From understanding the work of ESLint and the structure of the existing documentation to managing a short-term project and collaborating with other volunteers, the project was filled with learning experiences. The best aspect was that I realized the worth of my contribution, but also felt appreciated all along. Often, technical documentation and communication are not given much attention but with SoD it was different.

The Positives

A different perspective

A freelance technical writer, in most cases, is a person who is not a part of the organization. An external perspective with the existing documentation can point out some issues which may otherwise go unnoticed. Additionally, since the freelance writer is entirely dedicated to the task they’re able to solely focus on that task.

Collaborative environment

One of the best things about open source organizations is the level of collaboration. While working in such an environment, where everyone is so willing to help and to give valuable input, a freelance contributor does not feel alienated at all. There is a lot of valuable feedback and the work of a technical writer is both respected and appreciated.

Some Challenges

As in any other project, documentation in an open source organization is not free of some hiccups.

Understanding the content

Freelance technical writers have limited time to get acquainted with the objectives and the content of the open source organization, making things a little hard if the writers have not previously interacted with (or heard of) the organizations they are working with. Reflecting on my own experience, I feel that this was a major concern for me since I had no previous experience with linting software.

Thanks to the 'community bonding period' however, which lasts for almost a month before the project officially begins, the freelance writers can get some understanding of the organization and the content.

Time

Since most of the contributors are working voluntarily, their engagements can prolong the process of review and feedback, which can make meeting the project deadline feel challenging at times

Overcoming the Challenges

It doesn't matter if you're working under the SoD umbrella, contributing to strengthen your portfolio, or trying to gain more practical experience, the following tips can be helpful.
  • Communication is key. It is important to convey your concerns regarding time, commitments, and other engagements so that the expectations are met.
  • Ask questions! You won’t know everything about the project.
  • Be flexible. Your project might change after you start working on it, and things don't always go as you planned.
  • Use the 'community bonding period' to interact with your mentor and other collaborators, indulge in small tasks, and get to know the people and the organization.
  • Value the work and feedback of others. Everyone who is a part of the community is trying to add some value to the organization.
SoD serves as an excellent platform in bringing technical writers and open source organizations closer.

Guest Post by Khawar Latif Khan – Season of Docs Participant

Basis Universal Textures – Khronos Ratification and Support

In 2019, Google partnered with Binomial to open source the Basis Universal texture codec with the goal to make high-quality textures more efficient for network transmission and graphics processing unit (GPU) memory usage. The Basis Universal texture format is 6-8 times smaller than JPEG on the GPU, yet has similar storage size as JPEG—making it a great alternative to current GPU compression methods that are inefficient and don’t operate cross platform. The format is intended for a variety of use cases: games, virtual and augmented reality, maps, photos, small videos, and more.

the Basis Universal texture codec
Over the past year, several exciting developments have been made to make Basis Universal more useful. A new high-quality mode was introduced, allowing the codec to use the highest quality formats modern GPUs support, finally bringing the web up to modern GPU texture standards—with cross platform support. Additionally, the Basis encoder now has an option to build a WebAssembly version, allowing for innovative web applications to take advantage of outputting to the super-compressed format. Lastly, the Khronos Group has announced and ratified the Basis Universal texture extension to glTF format, allowing for compressed assets that can be shipped and displayed everywhere in a KTX 2.0 container. This will have profound impacts on how models are distributed via the web and advance applications like eCommerce, making it easy to take advantage of 3D content on any platform.

In addition to these new features, developers worldwide have been making it easier to take advantage of Basis Universal. <model-viewer> has just added support for glTF files with universal textures, making it as easy as two lines of JavaScript to have beautiful, interactive 3D models on your page and in the coming months, the <model-viewer> editor will add support for encoding to universal textures. Additionally, 3D engines like Three.js, Babylon.js, Godot, Archilogic, and Playcanvas have added support for Basis Universal, with more engine support coming. Basis Universal is already in applications many use every day.

We look forward to seeing Basis Universal adoption soar as it has never been easier to distribute 3D assets. Check out the code and demo on GitHub, let us know what you think, and how you plan to use it!

By Stephanie Hurlburt, Binomial and Jamieson Brettle, Chrome Media

A new resource for coordinated vulnerability disclosure in open source projects

One of the joys of open source is the freedom it gives you to create: contributors get to build the projects they want how they want; it’s up to them. Of course, blank slates don’t come with directions, which makes more niche areas of software development and management a challenge for contributors. Vulnerability disclosure is one of those areas.

Google doesn’t restrict its open source work to one team, instead we teach any and all Googlers about open source: how to release, how to contribute, how to use, and, in general, how to be a good open source citizen. This approach scales well, and gives people the knowledge to be lifelong open source community members. This includes sharing knowledge about open source security, a topic that isn’t new, but is finally getting the industry attention it deserves.

The intimidating blank slate and a lack of time for contributors to develop policies means many open source projects have no documented vulnerability reporting information, much less a plan for how to handle and disclose a reported vulnerability. We recently updated our guidance for coordinated vulnerability disclosure in open source projects that come out of Google and have published it in hopes that other projects will find this helpful for their project security practices.

The new guide has three sections:
It’s a myth that if a project hasn’t received a vulnerability report yet, it doesn’t need a disclosure policy. It’s also a myth that you need to be “a security person” to implement a vulnerability disclosure policy. A successful coordinated vulnerability disclosure frequently comes down to good process management and clear, thoughtful communication. You don’t have to be an expert in operating systems capabilities to understand how a reporter manipulated it to cause an account privilege escalation through your project. A predetermined policy, some templates, and a well-executed runbook will take you through discovering, patching, and disclosing most kinds of vulnerabilities.

Coordinated Vulnerability Disclosure in Open Source Projects

Vulnerability disclosure is part of Fix in the Know, Prevent, Fix framework we proposed recently for open source vulnerability management. In today’s industry, with all of our supply chain dependencies, improving open source project security in even one project can have a multiplying effect. Vulnerability disclosure is a key aspect of that overall security posture. Our hope is that projects will take this guide, remix and adapt to their projects, and share their changes with others so we can collectively increase our open source security.

By Anne Bertucio, Google Open Source

Updates on the Tsunami Security Scanning Engine


Several months ago, we open sourced the Tsunami security scanner: a false-positive-free infrastructure scanning engine focusing on high severity, actively exploited vulnerabilities. Today, we are releasing the first major update for Tsunami.

In the last few months, we have done a lot of work in the background to prepare Tsunami for the next step and focused on the following:
  • Vulnerability research: In order to keep Tsunami's detection capabilities up-to-date, we kicked-off various projects to research the exploitation of vulnerabilities in the wild. We will soon publish more information about our initiatives in this space—stay tuned.
  • New detection capabilities: Based on our research, we have added 15 new detector plugins to Tsunami for actively exploited vulnerabilities.
  • Continuous Integration pipeline for our open-source builds: We set up a CI/CD pipeline that automatically mirrors and tests changes between our internal version management system and the open source repository. This will enable us to easily merge internal and external contributions.
  • Test bed for end-to-end testing: This summer we hosted an intern (Yuxin Wu), who built and open-sourced a test bed for Tsunami. The test bed can automatically deploy arbitrary versions of off-the-shelf software based on docker images. We are using the test bed to automatically check whether a Tsunami detector is working for all vulnerable versions of a software and keeps functioning for future versions.
  • Web application fingerprinting: We added Web application fingerprinting capabilities to Tsunami. Tsunami, now detects popular off-the-shelve Web applications. This information can be used by Tsunami for more precise and less intrusive vulnerability verification. Furthermore, it enables security teams to build a software inventory based on Tsunami scans. We'll keep working on refining our fingerprinting approach and extending our fingerprinting database.

Today, we are releasing the new detectors and the fingerprinting capabilities. You can find the new detectors and the web fingerprinter in our plugin repository.

If you are adopting Tsunami within your organization and if you have questions or would like to contribute, feel free to contact us at any time at [email protected].

By Guoli Ma, Claudio Criscione & Sebastian Lekies, Vulnerability Management Team