BugLog
Abstract
Ever struggled with bug reporting? You have to reproduce the issue, screen record it, hunt down console logs, and document system details—a tedious process that takes up precious development time. BugLog eliminates this hassle with a Chrome extension that automatically captures the last minute of user actions and all relevant logs with a few clicks. No more having to reproduce bugs or write long bug reports! After capturing all information a developer would need, BugLog securely shares reports through your choice of systems: either a default platform where bugs are accessible only to authorised team members via secure URLs, or your own custom backend for complete control. By focusing on security, interoperability, and extensibility, BugLog ensures sensitive debugging information remains protected while seamlessly integrating with your existing workflow, turning a frustrating documentation task into a one-click solution.
Author
Name: Cameron Badman
Student number: 47223961
Functionality
Accounts and Groups
- Users should be able to create a group
- Users should be able to create a account before posting a bug report, BUT not for recording one
- Users should be able to assign others users based off email to a group
- Reports assigned to group should be able to be accessed from users of group
- Company groups have a permission system for read, write, delete, and create
Report Interface
- An interface for all reports
- Basic reading
- Changing(comments on report)
- Deleting reports,
- Archiving reports
- A comment section for a bug where developers can describe intended behaviour
Backend
- System for processing, storing, and retrieving bug reports
- Documentation for how to setup a secure connection between 2 parties
- Authentication system using OAuth2
- Rate limiting system
- Encryption using AES and TLS
Chrome Extension
- One-click recording initiation with appropriate user warnings
- Automatic tab-specific capture of
- Network activity
- Page logs
- Runtime logs
- Performance
- console logs
- etc
- Recording termination with comment entry and destination selection
- Link generation for sharing (either secure BugLog URL or UUID for custom backends)
- Integrations for Github, Jira, and Asana, in custom Backend
Below is an example of this Frontend process of a user testing their application with the extension
flowchart LR
A[User clicks BugLog extension] --> B[Start recording]
B --> C[User finds/reproduces bug]
C --> D[Stop recording]
D --> E[Add comments]
E --> F[Select destination]
F -->|BugLog platform| G[Generate secure URL]
F -->|Custom backend| H[Generate UUID]
Scope
The MVP for this product has 4 primary parts
Accounts and Groups
- Basic CRUD operations to groups (create, read, update, delete)
- Basic CRUD operations for users
- Group creator has privileges to add/remove members
- Group-based access control for reports(report are only accessible to group members)
Report Interface
- Interface for viewing all reports accessible to the user
- Basic reading functionality to review capture data
- Comment editing for bug description (issue details, intended behaviour)
- Report deletion and archiving capabilities
Backend
- Basic RESTful API supporting report storage and retrieval
- Simple authentication system with JWT tokens
- API documentation for a custom backend integration
- Basic data validation and sanitation
- Basic encryption using AES and TLS 1.3 when needed
Chrome Extension
- One-click tab-specific screen recording (only record the last minute)
- Automatic tab-specific capture of:
- Network activity
- Page logs
- Runtime logs
- Performance
- console logs
- Link generation for sharing(either just the UUID or the BugLog site URL)
Quality Attributes
The key quality attributes most important for this project are Security, Interoperability, and Extensibility. These were chosen for multiple reasons, but primarily because this is a development tool.
Security
Security is the most important attribute for BugLog because the tool inherently captures and transmits sensitive debugging information. Bug reports frequently have the potential to contain confidential information. Without robust security measures, development teams simply won’t adopt a tool that has the potential to leak critical information. Security breaches in BugLog could expose unreported vulnerabilities, giving malicious actors a road map to exploit systems before patches are implemented, directly impacting the core value of this application.
Interoperability
Interoperability is vital as BugLog must function as a tool in existing development ecosystems. The extension needs to capture data from Chrome environments and transmit it to various destinations including:
- The BugLog internal platform
- Custom backends
- Potential task tracking systems
Without this integration capability, adoption would be significantly limited as the ecosystems for services is diverse. Developers potentially will need a unique workflow for their specific use case, and limiting this will be a major liability.
Extensibility
Extensibility ensures BugLog can adapt to changing requirements and technologies over time. The browser extension landscape is constantly evolving with new logs, systems, and browser versions. Organizations may require support for new metrics or logging capabilities that don’t exist in today’s design.
Evaluation
Besides implementation of the MVP, the core attributes must also be achieved. If there is a trade-off between attributes in the future, security should be taken as the top priority.
The evaluation will be based on:
Security
Security will be evaluated through:
- Ensuring that security best practices are enforced for all endpoints and systems
- Ensuring all transmitted and stored data uses industry standard Encryption (AES for data at rest and TLS 1.3 for transit)
- Ensuring all necessary transmitted and stored data uses industry-standard encryption
- Access control tests to verify access to reports for unauthorised users
- Audit log completeness of security-relevant operations
- SonarQube finding no issues with the application
This would ensure:
- All sensitive data is transmitted over secure connections (HTTPS)
- Users cannot access reports from groups they don’t belong to
- Authentication mechanisms resist common attack methods
- Proper audit logging captures security-relevant events
Interoperability
Interoperability will be evaluated through:
- Verification of proper documentation on the JSON information sent when sending a report to different sources
- Ensure development of reference implementations for how to securely connect to the extensions
- Ensure examples work as intended
- Use of clear and strict contracts on both sides of the API
- Provide a large amount of integration tests to ensure the strict contracts are enforced
- Testing data exchange between the Chrome extension and mock third-party systems
This ensures there is a clear understanding of how the systems work and how potential usage of the application and extension can be implemented.
Extensibility
Extensibility will be evaluated through:
- Ensuring components are split into library-specific and unspecific code pieces, with core logic using as few rapidly-evolving libraries as possible
- Well-defined interfaces that minimise code changes when adding new bug tracking system integrations
- Open source architecture with documented extension points to enable community contributions
- SonarQube finding no code smells or issues with the application
- Ensure usage of a extensible backend DB solution for future metrics
- <20% afferent coupling between core components on sonarQube
This would ensure that Extensibility can be maximised in an evolving codebase.