microsoft / ModSecurity
Source Code Overview

Analysis scope, overview of main, test, generated, deployment, build, and other code.

Source Code Analysis Scope
Files includes and excluded from analyses
t
in
txt
m4
xsd
lua
TXT
vcxproj
filters
mk
gitattributes
wxs
  • 28 extensions are included in analyses: t, c, h, bat, in, txt, m4, cpp, xsd, lua, py, TXT, vcxproj, filters, yml, mk, pl, gitattributes, ps1, sh, xml, md, json, html, yaml, cc, gitignore, wxs
  • 8 criteria are used to exclude files from analysis:
    • exclude files with path like ".*/[.][a-zA-Z0-9_]+.*" (Hidden files and folders) (4 files).
    • exclude files with path like ".*[.]m4" (stuff autogenerated by autoconf - still C deps) (8 files).
    • exclude files with path like ".*/dependencies/.*" (Dependencies) (10 files).
    • exclude files with path like ".*/target/.*" (Compiled files) (1 file).
    • exclude files with path like ".*/git[-]history[.]txt" (Git history) (1 file).
    • exclude files with path like ".*/git[-][a-zA-Z0-9_]+[.]txt" (Git data exports for sokrates analyses) (0 files).
    • exclude files with path like ".*/sokrates_conventions[.]json" (Sokrates scoping conventions) (1 file).
    • exclude files with path like ".*[.]txt" (Text files) (7 files).
Overview of Analyzed Files
Basic stats on analyzed files
Intro
For analysis purposes we separate files in scope into several categories: main, test, generated, deployment and build, and other.

  • The main category contains all manually created source code files that are being used in the production.
  • Files in the main category are used as input for other analyses: logical decomposition, concerns, duplication, file size, unit size, and conditional complexity.
  • Test source code files are used only for testing of the product. These files are normally not deployed to production.
  • Build and deployment source code files are used to configure or support build and deployment process.
  • Generated source code files are automatically generated files that have not been manually changed after generation.
  • While a source code folder may contain a number of files, we are primarily interested in the source code files that are being written and maintained by developers.
  • Files containing binaries, documentation, or third-party libraries, for instance, are excluded from analysis. The exception are third-party libraries that have been changed by developers.

main64044 LOC (63%) 121 files
test36344 LOC (35%) 97 files
generated0 LOC (0%) 0 files
build and deployment436 LOC (<1%) 11 files
other395 LOC (<1%) 6 files
Main Code
All manually created or maintained source code that defines logic of the product that is run in a production environment.
in
vcxproj
filters
txt
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*".
  • 121 files match defined criteria (64,044 lines of code, 100.0% vs. main code):
    • 51 *.c files (38,984 lines of code)
    • 44 *.h files (12,898 lines of code)
    • 8 *.in files (6,944 lines of code)
    • 6 *.cpp files (3,270 lines of code)
    • 3 *.vcxproj files (670 lines of code)
    • 3 *.filters files (435 lines of code)
    • 1 *.pl files (346 lines of code)
    • 1 *.cc files (238 lines of code)
    • 3 *.txt files (229 lines of code)
    • 1 *.ps1 files (30 lines of code)
  • " *.c" is biggest, containing 60.87% of code.
  • " *.ps1" is smallest, containing 0.05% of code.


*.c38984 LOC (60%) 51 files
*.h12898 LOC (20%) 44 files
*.in6944 LOC (10%) 8 files
*.cpp3270 LOC (5%) 6 files
*.vcxproj670 LOC (1%) 3 files
*.filters435 LOC (<1%) 3 files
*.pl346 LOC (<1%) 1 files
*.cc238 LOC (<1%) 1 files
*.txt229 LOC (<1%) 3 files
*.ps130 LOC (<1%) 1 files
Test Code
Used only for testing of the product. Normally not deployed in a production environment.
t
in
lua
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*/[Tt]ests/.*".
    • files with paths like ".*_test[.].*".
    • files with paths like ".*[-]tests[-].*".
    • files with any line of content like ".*/simpletest/.*".
  • 97 files match defined criteria (36,344 lines of code, 56.7% vs. main code):
    • 80 *.t files (34,104 lines of code)
    • 8 *.in files (914 lines of code)
    • 1 *.c files (750 lines of code)
    • 1 *.pl files (434 lines of code)
    • 2 *.py files (93 lines of code)
    • 4 *.lua files (48 lines of code)
    • 1 *.html files (1 lines of code)
  • " *.t" is biggest, containing 93.84% of code.
  • " *.html" is smallest, containing 0% of code.


*.t34104 LOC (93%) 80 files
*.in914 LOC (2%) 8 files
*.c750 LOC (2%) 1 files
*.pl434 LOC (1%) 1 files
*.py93 LOC (<1%) 2 files
*.lua48 LOC (<1%) 4 files
*.html1 LOC (<1%) 1 files
Build and Deployment Code
Source code used to configure or support build and deployment process.
mk
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]git[a-z]+".
    • files with paths like ".*/[.]gitattributes".
    • files with paths like ".*/[.]gitignore".
    • files with paths like ".*[.]mk".
    • files with paths like ".*[.]sh".
    • files with paths like ".*/docker[-]compose[.]yaml".
    • files with paths like ".*[.]bat".
  • 11 files match defined criteria (436 lines of code, 0.7% vs. main code):
    • 7 *.bat files (365 lines of code)
    • 1 *.yaml files (34 lines of code)
    • 2 *.mk files (28 lines of code)
    • 1 *.sh files (9 lines of code)
  • " *.bat" is biggest, containing 83.72% of code.
  • " *.sh" is smallest, containing 2.06% of code.


*.bat365 LOC (83%) 7 files
*.yaml34 LOC (7%) 1 files
*.mk28 LOC (6%) 2 files
*.sh9 LOC (2%) 1 files
Other Code
xsd
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]json".
    • files with paths like ".*/[.]gitignore".
    • files with paths like ".*[.]md".
    • files with paths like ".*[.]txt".
    • files with paths like ".*/COPYING[.][a-z0-9]+".
    • files with paths like ".*/README[.][a-z0-9]+".
    • files with paths like ".*[.](xml|xsd|robot|sql|pgsql|dashboard|profile|ipynb|raml|avsc|al)".
  • 6 files match defined criteria (395 lines of code, 0.6% vs. main code):
    • 4 *.xsd files (296 lines of code)
    • 1 *.md files (93 lines of code)
    • 1 *.xml files (6 lines of code)
  • " *.xsd" is biggest, containing 74.94% of code.
  • " *.xml" is smallest, containing 1.52% of code.


*.xsd296 LOC (74%) 4 files
*.md93 LOC (23%) 1 files
*.xml6 LOC (1%) 1 files
Analyzers
Info about analyzers used for source code examinations.
  • *.c files are analyzed with CStyleAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • No dependency analysis
  • *.h files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.in files are analyzed with RustAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • No dependency analysis
  • *.cpp files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.vcxproj files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.filters files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.pl files are analyzed with PerlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Basic heuristic dependency analysis
  • *.cc files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.txt files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.ps1 files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis

2022-01-30 14:56