GenApp (NSF OAC-1740097) is a tool for rapidly generating science gateways. The goal of GenApp is to provide a graphical frontend for command line scientific applications. This is accomplished by creating JSON configuration files which specify input and output parameters for the scientific application, as well as parameters for the GUI elements of the resulting graphical frontend.
The most used GenApp-generated science gateway (SASSIE2), which is focused on the small-angle scattering field, has over 500 registered users and 16K jobs submitted through the gateway in 2017. GenApp-generated gateways are running on dedicated local resources as well as cloud resources, primarily NSF Jetstream at this time, but such functionality has also been tested on AWS.
As vulnerabilities present in GenApp may lead to vulnerabilities in the generated gateway applications, it is imperative to address any security issues which may be in the GenApp framework, to protect the integrity of the gateway applications and the computing platforms they use. CTSC will review GenApp's design and architecture in attempt to identify potential security issues and recommend remediations. CTSC will also use code analysis tools and web-based scanning tools on both the GenApp frontend-generation engine as well as the several web frontends created by the GenApp framework.
The CTSC-GenApp engagement began January 2018 and is scheduled to conclude by the end of June 2018.
