microsoft / sarif-sdk
Source Code Overview

Analysis scope, overview of main, test, generated, deployment, build, and other code.

Source Code Analysis Scope
Files includes and excluded from analyses
txt
csproj
cmd
resx
cxx
gitattributes
targets
xsd
editorconfig
nuspec
props
  • 29 extensions are included in analyses: cs, xml, txt, cpp, json, md, h, csproj, js, ps1, cmd, resx, ts, yml, yaml, cxx, c, psm1, gitattributes, targets, java, sh, xsd, MD, editorconfig, nuspec, gitignore, props, pl
  • 8 criteria are used to exclude files from analysis:
    • exclude files with path like ".*/[.][a-zA-Z0-9_]+.*" (Hidden files and folders) (7 files).
    • exclude files with path like ".*/docs/.*" (Documentation) (9 files).
    • exclude files with path like ".*\.d\.ts" (Typescript definition files) (4 files).
    • exclude files with path like ".*[.]resx" (The resx resource files) (8 files).
    • exclude files with path like ".*/git[-]history[.]txt" (Git history) (1 file).
    • exclude files with path like ".*/git[-][a-zA-Z0-9_]+[.]txt" (Git data exports for sokrates analyses) (0 files).
    • exclude files with path like ".*/sokrates_conventions[.]json" (Sokrates scoping conventions) (1 file).
    • exclude files with path like ".*[.]txt" (Text files) (68 files).
Overview of Analyzed Files
Basic stats on analyzed files
Intro
For analysis purposes we separate files in scope into several categories: main, test, generated, deployment and build, and other.

  • The main category contains all manually created source code files that are being used in the production.
  • Files in the main category are used as input for other analyses: logical decomposition, concerns, duplication, file size, unit size, and conditional complexity.
  • Test source code files are used only for testing of the product. These files are normally not deployed to production.
  • Build and deployment source code files are used to configure or support build and deployment process.
  • Generated source code files are automatically generated files that have not been manually changed after generation.
  • While a source code folder may contain a number of files, we are primarily interested in the source code files that are being written and maintained by developers.
  • Files containing binaries, documentation, or third-party libraries, for instance, are excluded from analysis. The exception are third-party libraries that have been changed by developers.

main122574 LOC (35%) 1005 files
test603 LOC (<1%) 6 files
generated3802 LOC (1%) 12 files
build and deployment1771 LOC (<1%) 21 files
other219079 LOC (62%) 368 files
Main Code
All manually created or maintained source code that defines logic of the product that is run in a production environment.
cmd
props
targets
cxx
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*".
  • 1005 files match defined criteria (122,574 lines of code, 100.0% vs. main code):
    • 875 *.cs files (88,131 lines of code)
    • 4 *.c files (31,722 lines of code)
    • 53 *.cpp files (991 lines of code)
    • 10 *.ps1 files (465 lines of code)
    • 3 *.psm1 files (242 lines of code)
    • 9 *.js files (200 lines of code)
    • 2 *.java files (168 lines of code)
    • 27 *.h files (160 lines of code)
    • 10 *.cmd files (130 lines of code)
    • 1 *.props files (93 lines of code)
    • 2 *.targets files (73 lines of code)
    • 1 *.pl files (72 lines of code)
    • 4 *.cxx files (65 lines of code)
    • 2 *.yml files (30 lines of code)
    • 1 *.md files (27 lines of code)
    • 1 *.ts files (5 lines of code)
  • " *.cs" is biggest, containing 71.9% of code.
  • " *.ts" is smallest, containing 0% of code.


*.cs88131 LOC (71%) 875 files
*.c31722 LOC (25%) 4 files
*.cpp991 LOC (<1%) 53 files
*.ps1465 LOC (<1%) 10 files
*.psm1242 LOC (<1%) 3 files
*.js200 LOC (<1%) 9 files
*.java168 LOC (<1%) 2 files
*.h160 LOC (<1%) 27 files
*.cmd130 LOC (<1%) 10 files
*.props93 LOC (<1%) 1 files
*.targets73 LOC (<1%) 2 files
*.pl72 LOC (<1%) 1 files
*.cxx65 LOC (<1%) 4 files
*.yml30 LOC (<1%) 2 files
*.md27 LOC (<1%) 1 files
*.ts5 LOC (<1%) 1 files
Test Code
Used only for testing of the product. Normally not deployed in a production environment.
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*/[Tt]est/.*".
    • files with paths like ".*/TestData/.*".
    • files with any line of content like ".*/simpletest/.*".
  • 6 files match defined criteria (603 lines of code, 0.5% vs. main code):
    • 1 *.js files (456 lines of code)
    • 4 *.yaml files (136 lines of code)
    • 1 *.ts files (11 lines of code)
  • " *.js" is biggest, containing 75.62% of code.
  • " *.ts" is smallest, containing 1.82% of code.


*.js456 LOC (75%) 1 files
*.yaml136 LOC (22%) 4 files
*.ts11 LOC (1%) 1 files
Generated Code
Automatically generated files, not manually changed after generation.
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*/package[-]lock[.]json".
    • files with paths like ".*[.]cs" AND any line of content like "[/][/][ ]*".
  • 12 files match defined criteria (3,802 lines of code, 3.1% vs. main code):
    • 2 *.json files (2,223 lines of code)
    • 10 *.cs files (1,579 lines of code)
  • " *.json" is biggest, containing 58.47% of code.
  • " *.cs" is smallest, containing 41.53% of code.


*.json2223 LOC (58%) 2 files
*.cs1579 LOC (41%) 10 files
Build and Deployment Code
Source code used to configure or support build and deployment process.
csproj
nuspec
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]git[a-z]+".
    • files with paths like ".*/[.]gitattributes".
    • files with paths like ".*/[.]gitignore".
    • files with paths like ".*[.]sh".
    • files with paths like ".*/package[.]json".
    • files with paths like ".*/package[-]lock[.]json".
    • files with paths like ".*[.]nuspec".
    • files with paths like ".*[.]csproj".
  • 21 files match defined criteria (1,771 lines of code, 1.4% vs. main code):
    • 18 *.csproj files (1,712 lines of code)
    • 1 *.nuspec files (43 lines of code)
    • 2 *.sh files (16 lines of code)
  • " *.csproj" is biggest, containing 96.67% of code.
  • " *.sh" is smallest, containing 0.9% of code.


*.csproj1712 LOC (96%) 18 files
*.nuspec43 LOC (2%) 1 files
*.sh16 LOC (<1%) 2 files
Other Code
csproj
xsd
Explore:   circles  |  sunburst
  • The following criteria are used to filter files:
    • files with paths like ".*[.]json".
    • files with paths like ".*[.]md".
    • files with paths like ".*/[.]gitignore".
    • files with paths like ".*/README[.][a-z0-9]+".
    • files with paths like ".*[.]editorconfig".
    • files with paths like ".*/[Ss]amples/.*".
    • files with paths like ".*[.]txt".
    • files with paths like ".*[.](xml|xsd|robot|sql|pgsql|dashboard|profile|ipynb|raml|avsc|al)".
  • 368 files match defined criteria (219,079 lines of code, 178.7% vs. main code):
    • 34 *.json files (153,073 lines of code)
    • 289 *.xml files (63,147 lines of code)
    • 18 *.cs files (1,288 lines of code)
    • 21 *.md files (808 lines of code)
    • 5 *.csproj files (388 lines of code)
    • 1 *.xsd files (375 lines of code)
  • " *.json" is biggest, containing 69.87% of code.
  • " *.xsd" is smallest, containing 0.17% of code.


*.json153073 LOC (69%) 34 files
*.xml63147 LOC (28%) 289 files
*.cs1288 LOC (<1%) 18 files
*.md808 LOC (<1%) 21 files
*.csproj388 LOC (<1%) 5 files
*.xsd375 LOC (<1%) 1 files
Analyzers
Info about analyzers used for source code examinations.
  • *.cs files are analyzed with CSharpAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis (based on namespace heuristics)
  • *.c files are analyzed with CStyleAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • No dependency analysis
  • *.cpp files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.ps1 files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.psm1 files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.js files are analyzed with JavaScriptAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • No dependency analysis
  • *.java files are analyzed with JavaAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis (based on package names)
  • *.h files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.cmd files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.props files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.targets files are analyzed with XmlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.pl files are analyzed with PerlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Basic heuristic dependency analysis
  • *.cxx files are analyzed with CppAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • Advanced heuristic dependency analysis
  • *.yml files are analyzed with YamlAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.md files are analyzed with DefaultLanguageAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Basic code cleaning (empty lines removed for LOC calculations and duplication calculations)
    • No unit size analysis
    • No conditional complexity analysis
    • No dependency analysis
  • *.ts files are analyzed with TypeScriptAnalyzer:
    • All basic standard analyses supported (source code overview, duplication, file size, concerns, findings, metrics, controls)
    • Advanced code cleaning (empty lines and comments removed for LOC calculations, additional cleaning for duplication calculations)
    • Unit size analysis
    • Conditional complexity analysis
    • No dependency analysis

2022-01-30 11:14