microsoft / binskim
Source Code Overview

Analysis scope, overview of main, test, generated, deployment, build, and other code.

Source Code Analysis Scope
Files includes and excluded from analyses
csproj
cmd
resx
txt
props
wxs
wixproj
TXT
nuspec
hs
editorconfig
gitmodules
gitattributes
targets
  • 25 extensions are included in analyses: cs, csproj, md, cmd, c, json, yml, resx, sh, txt, ps1, props, wxs, wixproj, TXT, nuspec, hs, bat, editorconfig, cpp, gitmodules, gitattributes, targets, gitignore, h
  • 7 criteria are used to exclude files from analysis:
    • exclude files with path like ".*/[.][a-zA-Z0-9_]+.*" (Hidden files and folders) (11 files).
    • exclude files with path like ".*/docs/.*" (Documentation) (7 files).
    • exclude files with path like ".*[.]resx" (The resx resource files) (3 files).
    • exclude files with path like ".*/git[-]history[.]txt" (Git history) (1 file).
    • exclude files with path like ".*/git[-][a-zA-Z0-9_]+[.]txt" (Git data exports for sokrates analyses) (0 files).
    • exclude files with path like ".*/sokrates_conventions[.]json" (Sokrates scoping conventions) (1 file).
    • exclude files with path like ".*[.]txt" (Text files) (2 files).
Overview of Analyzed Files
Basic stats on analyzed files
Intro
For analysis purposes we separate files in scope into several categories: main, test, generated, deployment and build, and other.

  • The main category contains all manually created source code files that are being used in the production.
  • Files in the main category are used as input for other analyses: logical decomposition, concerns, duplication, file size, unit size, and conditional complexity.
  • Test source code files are used only for testing of the product. These files are normally not deployed to production.
  • Build and deployment source code files are used to configure or support build and deployment process.
  • Generated source code files are automatically generated files that have not been manually changed after generation.
  • While a source code folder may contain a number of files, we are primarily interested in the source code files that are being written and maintained by developers.
  • Files containing binaries, documentation, or third-party libraries, for instance, are excluded from analysis. The exception are third-party libraries that have been changed by developers.

main17216 LOC (89%) 202 files
test56 LOC (<1%) 1 files
generated1172 LOC (6%) 4 files
build and deployment552 LOC (2%) 15 files
other171 LOC (<1%) 2 files
Main Code
All manually created or maintained source code that defines logic of the product that is run in a production environment.
cmd
wixproj
props
targets
wxs
txt
hs
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*".
  • 202 files match defined criteria (17,216 lines of code, 100.0% vs. main code):
    • 172 *.cs files (16,436 lines of code)
    • 2 *.ps1 files (282 lines of code)
    • 9 *.cmd files (188 lines of code)
    • 2 *.wixproj files (67 lines of code)
    • 2 *.props files (59 lines of code)
    • 1 *.targets files (43 lines of code)
    • 6 *.c files (39 lines of code)
    • 2 *.wxs files (31 lines of code)
    • 1 *.yml files (31 lines of code)
    • 1 *.cpp files (29 lines of code)
    • 1 *.h files (5 lines of code)
    • 2 *.txt files (5 lines of code)
    • 1 *.hs files (1 lines of code)
  • " *.cs" is biggest, containing 95.47% of code.
  • " *.hs" is smallest, containing 0.01% of code.


*.cs16436 LOC (95%) 172 files
*.ps1282 LOC (1%) 2 files
*.cmd188 LOC (1%) 9 files
*.wixproj67 LOC (<1%) 2 files
*.props59 LOC (<1%) 2 files
*.targets43 LOC (<1%) 1 files
*.c39 LOC (<1%) 6 files
*.wxs31 LOC (<1%) 2 files
*.yml31 LOC (<1%) 1 files
*.cpp29 LOC (<1%) 1 files
*.h5 LOC (<1%) 1 files
*.txt5 LOC (<1%) 2 files
*.hs1 LOC (<1%) 1 files
Test Code
Used only for testing of the product. Normally not deployed in a production environment.
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[-]test[-].*".
    • files with any line of content like ".*/simpletest/.*".
  • 1 file matches defined criteria (56 lines of code, 0.3% vs. main code). All matches are in *.sh files.


*.sh56 LOC (100%) 1 files
Generated Code
Automatically generated files, not manually changed after generation.
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]cs" AND any line of content like "[/][/][ ]*".
  • 4 files match defined criteria (1,172 lines of code, 6.8% vs. main code). All matches are in *.cs files.


*.cs1172 LOC (100%) 4 files
Build and Deployment Code
Source code used to configure or support build and deployment process.
csproj
nuspec
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]git[a-z]+".
    • files with paths like ".*/[.]gitattributes".
    • files with paths like ".*/[.]gitignore".
    • files with paths like ".*/[.]gitmodules".
    • files with paths like ".*[.]sh".
    • files with paths like ".*[.]csproj".
    • files with paths like ".*[.]nuspec".
    • files with paths like ".*[.]bat".
  • 15 files match defined criteria (552 lines of code, 3.2% vs. main code):
    • 10 *.csproj files (381 lines of code)
    • 1 *.bat files (70 lines of code)
    • 2 *.nuspec files (59 lines of code)
    • 2 *.sh files (42 lines of code)
  • " *.csproj" is biggest, containing 69.02% of code.
  • " *.sh" is smallest, containing 7.61% of code.


*.csproj381 LOC (69%) 10 files
*.bat70 LOC (12%) 1 files
*.nuspec59 LOC (10%) 2 files
*.sh42 LOC (7%) 2 files
Other Code
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]json".
    • files with paths like ".*[.]md".
    • files with paths like ".*/[.]gitignore".
    • files with paths like ".*/README[.][a-z0-9]+".
    • files with paths like ".*[.]editorconfig".
    • files with paths like ".*[.]txt".
  • 2 files match defined criteria (171 lines of code, 1.0% vs. main code). All matches are in *.md files.


*.md171 LOC (100%) 2 files
Analyzers
Info about analyzers used for source code examinations.
  • *.cs files are analyzed with CSharpAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis (based on namespace heuristics)
  • *.ps1 files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.cmd files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.wixproj files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.props files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.targets files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.c files are analyzed with CStyleAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • No dependency analysis
  • *.wxs files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.yml files are analyzed with YamlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.cpp files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.h files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.txt files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.hs files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis

2022-01-30 11:10