[GSoC 2026] Inquiry regarding the Admin API Fuzzing project
12 views
Skip to first unread message
Laksh Jain
Feb 22, 2026, 10:47:54 PM (2 days ago) Feb 22
to qubes...@googlegroups.com
Hello Qubes OS Team,
My name is Laksh Jain, currently an undergraduate student at IIT
Roorkee(India) and also a member of the academic CTF team here -
InfosecIITR and I am reaching out because I am very interested in
contributing to Qubes OS, specifically to the Admin API Fuzzing
project. I am looking to get involved through Google Summer of Code,
and this project caught my eye.
I have a strong background in playing CTFs, specifically focusing on
web vulnerabilities, .I am eager to apply this security mindset to
building robust fuzzing tools for the Qubes Admin API.
I have a few quick questions to help me hit the ground running:
1.Who are the primary mentors or maintainers currently overseeing the
Admin API Fuzzing project?
2.Are there any specific repositories, architecture documentation, or
past discussions you recommend I read first to understand the current
state of the Admin API?
3.Are there any "good first issues" or smaller tasks related to this
project that I could tackle to get familiar with the codebase?
Thank you for your time and for the work you do on Qubes OS. I look
forward to contributing!
Best regards,
Laksh Jain
My name is Laksh Jain, currently an undergraduate student at IIT
Roorkee(India) and also a member of the academic CTF team here -
InfosecIITR and I am reaching out because I am very interested in
contributing to Qubes OS, specifically to the Admin API Fuzzing
project. I am looking to get involved through Google Summer of Code,
and this project caught my eye.
I have a strong background in playing CTFs, specifically focusing on
web vulnerabilities, .I am eager to apply this security mindset to
building robust fuzzing tools for the Qubes Admin API.
I have a few quick questions to help me hit the ground running:
1.Who are the primary mentors or maintainers currently overseeing the
Admin API Fuzzing project?
2.Are there any specific repositories, architecture documentation, or
past discussions you recommend I read first to understand the current
state of the Admin API?
3.Are there any "good first issues" or smaller tasks related to this
project that I could tackle to get familiar with the codebase?
Thank you for your time and for the work you do on Qubes OS. I look
forward to contributing!
Best regards,
Laksh Jain
Marek Marczykowski-Górecki
8:34 AM (10 hours ago) 8:34 AM
to Laksh Jain, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, Feb 20, 2026 at 01:13:46AM +0530, Laksh Jain wrote:
> Hello Qubes OS Team,
Hello!
> My name is Laksh Jain, currently an undergraduate student at IIT
> Roorkee(India) and also a member of the academic CTF team here -
> InfosecIITR and I am reaching out because I am very interested in
> contributing to Qubes OS, specifically to the Admin API Fuzzing
> project. I am looking to get involved through Google Summer of Code,
> and this project caught my eye.
>
> I have a strong background in playing CTFs, specifically focusing on
> web vulnerabilities, .I am eager to apply this security mindset to
> building robust fuzzing tools for the Qubes Admin API.
>
> I have a few quick questions to help me hit the ground running:
>
> 1.Who are the primary mentors or maintainers currently overseeing the
> Admin API Fuzzing project?
I guess that would be me :) There may be secondary mentor later if
needed.
> 2.Are there any specific repositories, architecture documentation, or
> past discussions you recommend I read first to understand the current
> state of the Admin API?
The two most relevant places are:
- - documentation: https://doc.qubes-os.org/en/latest/developer/services/admin-api.html
- - implementation: https://github.com/QubesOS/qubes-core-admin/blob/main/qubes/api/admin.py
Fuzzing target needs to be well defined here, because not every
exception is a failure - for example invalid parameters are supposed to
result in an exception (during early validation, not later execution!).
It's kinda related to
https://github.com/QubesOS/qubes-issues/issues/10345 which tries to
cleanup exceptions used there.
> 3.Are there any "good first issues" or smaller tasks related to this
> project that I could tackle to get familiar with the codebase?
Yes! Take a look at
https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22C%3A%20core%22%20label%3A%22good%20first%20issue%22,
some examples that may fit this project:
https://github.com/QubesOS/qubes-issues/issues/7186
https://github.com/QubesOS/qubes-issues/issues/8702
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmmdqM0ACgkQ24/THMrX
1ywSuQf+Ku8I+4JSv50IR+k+P9latnH+YnDqyf36QOV3dZfUrbtmd8HWwWjTnN1c
48vYhZWMjhPbpxqmRDYZgXbe8SAxyHCxMzkDDdovTfAtVAzUhI+SAAL5YQZa6eVv
yO+ALmWUeioM0OF7w4pWJr3QVNSSrxpRNbgwSCi/6FpceDAoUmQJUzfvbpJB8J/I
TMsHj4jfmnFb3s6qiZ9PpRF6XtZcPvcfrpUtzrOSKlYcHVZv/xbviz9VCgRN4LZv
4J4tIrOSgw7vTR2H0KG+2EYStFOUEi4Yxlyz1Rmw1lMSmCVOEpy2S5Zt73nFi7PV
OkB5LNm+5bkB7QjOSvUxyh7clv7qmQ==
=BhXu
-----END PGP SIGNATURE-----
Hash: SHA256
On Fri, Feb 20, 2026 at 01:13:46AM +0530, Laksh Jain wrote:
> Hello Qubes OS Team,
Hello!
> My name is Laksh Jain, currently an undergraduate student at IIT
> Roorkee(India) and also a member of the academic CTF team here -
> InfosecIITR and I am reaching out because I am very interested in
> contributing to Qubes OS, specifically to the Admin API Fuzzing
> project. I am looking to get involved through Google Summer of Code,
> and this project caught my eye.
>
> I have a strong background in playing CTFs, specifically focusing on
> web vulnerabilities, .I am eager to apply this security mindset to
> building robust fuzzing tools for the Qubes Admin API.
>
> I have a few quick questions to help me hit the ground running:
>
> 1.Who are the primary mentors or maintainers currently overseeing the
> Admin API Fuzzing project?
needed.
> 2.Are there any specific repositories, architecture documentation, or
> past discussions you recommend I read first to understand the current
> state of the Admin API?
- - documentation: https://doc.qubes-os.org/en/latest/developer/services/admin-api.html
- - implementation: https://github.com/QubesOS/qubes-core-admin/blob/main/qubes/api/admin.py
Fuzzing target needs to be well defined here, because not every
exception is a failure - for example invalid parameters are supposed to
result in an exception (during early validation, not later execution!).
It's kinda related to
https://github.com/QubesOS/qubes-issues/issues/10345 which tries to
cleanup exceptions used there.
> 3.Are there any "good first issues" or smaller tasks related to this
> project that I could tackle to get familiar with the codebase?
https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22C%3A%20core%22%20label%3A%22good%20first%20issue%22,
some examples that may fit this project:
https://github.com/QubesOS/qubes-issues/issues/7186
https://github.com/QubesOS/qubes-issues/issues/8702
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmmdqM0ACgkQ24/THMrX
1ywSuQf+Ku8I+4JSv50IR+k+P9latnH+YnDqyf36QOV3dZfUrbtmd8HWwWjTnN1c
48vYhZWMjhPbpxqmRDYZgXbe8SAxyHCxMzkDDdovTfAtVAzUhI+SAAL5YQZa6eVv
yO+ALmWUeioM0OF7w4pWJr3QVNSSrxpRNbgwSCi/6FpceDAoUmQJUzfvbpJB8J/I
TMsHj4jfmnFb3s6qiZ9PpRF6XtZcPvcfrpUtzrOSKlYcHVZv/xbviz9VCgRN4LZv
4J4tIrOSgw7vTR2H0KG+2EYStFOUEi4Yxlyz1Rmw1lMSmCVOEpy2S5Zt73nFi7PV
OkB5LNm+5bkB7QjOSvUxyh7clv7qmQ==
=BhXu
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages