[GSoC 2026] Interest in Idea #7: Automated Code Hygiene & Security Hardening

[Zh D]

Hi @asmorkalov and Gursimar Singh,

I'm Zihan Dai, a CS student at the University of Melbourne. I'm interested in Idea #7 (Automated Code Hygiene & Security Hardening) for GSoC 2026.

I recently had PR #28502 merged in OpenCV (erode/dilate docs fix), and I've just submitted two more PRs directly related to code hygiene:

- #28699: Replace System.exit(-1) with proper exceptions in HighGui.java (library code should never kill the JVM)

- #28698: Fix resource leaks in Android Utils.java (unclosed streams in exportResource/loadResource)

I also have 8 merged PRs across Apache Beam, ShardingSphere, Iceberg, and OpenCV, mostly focused on resource leak fixes and error handling.

I've reviewed the current CI infrastructure and identified gaps in sanitizer coverage (commented-out ASan lane in OCV-PR-Linux.yaml, no live UBSan/MSan/TSan, no repo-level clang-tidy config). The CVE history shows malformed-input bugs clustering in imgcodecs, objdetect, core/persistence, and wechat_qrcode - these would be the right first targets for static analysis and sanitizer coverage.

I'd love to discuss the project scope and approach further. A couple of questions:

1. The commented 24.04_asan lane in OCV-PR-Linux.yaml - was it disabled due to flaky dependencies/runtime cost, or simply unfinished?

2. Should this project focus on sanitizers + clang-tidy, or also move CodeQL from nightly-only into PR signal?

Looking forward to your feedback.

Zihan Dai

GitHub: https://github.com/PDGGK