164a165 > Wget 166a168,265 >
GNU Wget is a free software package for retrieving files using > HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is > a non-interactive commandline tool, so it may easily be called from > scripts, cron jobs, terminals without X-Windows support, etc. >
> >
> Brief Explanation: GNU Wget requires a FTP Server implementation that
> implements all the relevant features from RFC 959 for testing Wget as a FTP
> Client. While we have a couple of ideas on how this can be done, the student
> is also expected to come up with their own ideas.
>
>
> Expected Results: At the end of the project, we expect a functioning
> FTP Test Suite that integrates with the already existing set of Python3 based
> HTTP Tests. We should be able to test Wget for not only standards compliant
> responses but for erroneous responses as well.
>
>
> Knowledge Prerequisites: This will largely depend on the specific path
> chosen by the student. However, we expect that a basic knowledge of Python
> and C will be required along with the ability to understand technical
> documentation.
>
> Brief Explanation: This project requires the student to implement two
> different, but small features to GNU Wget which will eventually help in
> reducing the time taken for recursive downloads in Wget. The two features
> are:
> 1. if-modified-since Headers: Currently, when a file already exists on disk,
> Wget first sends a HTTP HEAD request and based on the response, sends a
> second HTTP GET request to the server. By parsing the "if-modified-since"
> header, this can be reduced to simply one GET request. A good starting point
> for this is RFC 7232 section 3.3.
>
> 2. TCP Fast Open: RFC 7413 describes a mechanism to reduce the number of Round
> Trips required to open a TCP Connection. This has been implemented in the
> Linux Networking Stack and since a large number of web servers are hosted on
> Linux systems, Wget may be able to get better performance during small file
> transfers or on connections with a high Round Trip Time.
>
>
> Expected Results: At the end of the project, we should have support
> for the "if-modified-since" headers and TFO in Wget. Simultaneously, the
> relevant server side extensions need to be made to the test suite and tests
> written for the above features.
>
>
> Knowledge Prerequisites: The student will have to be confortable
> reading and understanding techinical documentation and implementing them
> in C. A rudimentary knowledge of Python is desired but not mandatory.
>
> Brief Explanation: This project deals with improving Wget's security.
> It is composed of three smaller sub-projects which may act as milestones for
> the student:
> 1. HTTP Strict Transport Policy (HSTS): This HTTP Header extension is
> described by RFC 6797. It is a way for the server to instruct the client to
> use HTTPS for certain domains irrespective of what the use requested.
>
> 2. HTTP Secure Cookie Management: RFC 6265 states that a server may mark a
> cookie as "secure", in which case a User-Agent (UA) should send the cookie
> back to the server if and only if the connection to the server is
> over a secure transport. Currently, Wget ignores the secure cookie field
> and always sends all cookies back to the server.
>
> 3. FTPS: FTPS is an extention of the FTP protocol over secure SSL/TLS
> connections. Not to be confused with SFTP which is FTP-like protocol
> over SSH2. Wget already implements FTP and SSL/TLS separately. This
> project would require understanding how FTPS works and implementing the
> required changes in Wget. A good starting point is RFC 2228 and RFC 4217.
>
>
> Expected Results: By the end of the project, Wget should understand
> the HSTS requests and follow the directives of the local HSTS database. It
> should also obey the "secure" cookie parameter in HTTP responses. Finally,
> we should be able to use Wget to download a file via FTP over a secure
> connection. For HSTS and secure cookie management, the relevant test cases
> are also expected.
>
>
> Knowledge Prerequisites: A good understanding of C will be required
> for this project since it deals with some of the deepest portions of Wget's
> source code. Apart from that, some amount of Python will be helpful for
> writing the test cases, but it is not mandatory.
>
Contact: address@hidden (to subscribe, see the list-info page).
> Mentors: Giuseppe
> Scrivano, Darshit Shah,
> Tim Ruehsen