elanat

Minimum software quality report

Introduction to Elanat Framework Architecture:

As explained in the software architecture section, the Elanat framework is a add-on-oriented framework; each add-on can be either part of a web page or a separate web page.

Note: In quality control systems, the proprietary mechanism of the Elanat framework is called an unknown action when calling executable files in other executable files.

Risk code analysis:

The Risk Code Analysis section analyzes programming code and identifies codes that compromise system security.

In the Risk Code Analysis section, the "Review SQL queries for security vulnerabilities" warning is repeated four times, which includes repeating the warning about improper query string management (SQL Injection and XSS warning).

The following codes are two examples of warnings in the Risk Analysis section of the DataBase class:

/// <summary> SqlCommand cmd = new SqlCommand(command, con); SqlCommand cmd = new SqlCommand(ProcedureName, con);

The first line of code is repeated in the GetCommand and SetCommand methods.

The second line of code is also repeated in the GetProcedure and SetProcedure methods.

This warning puts the following query string method in the category of risky code.

/// <summary> someCommand.CommandText = "SELECT AccountNumber FROM Users WHERE Username='" & name & "' AND Password='" & password & "'";

To solve this problem, the Risk Code Analysis section recommends query string writing by sending a parameter. The example of sending a parameter to a query string is specified in the following paragraph:

/// <summary> someCommand.Parameters.AddWithValue("@username", name); someCommand.Parameters. AddWithValue ("@password", password); someCommand.CommandText = "SELECT AccountNumber FROM Users WHERE Username=@username AND Password=@password";

In order to facilitate the coding and higher readability of the programming code, the methods of the DataBase class in the Elanat framework are called as follows and only in one line of the programming code:

/// <summary> db.GetProcedure("procedure_name", new List<string>() { "@parameters_name1", "@parameters_name2", "@parameters_name3", ... }, new List<string>() { ParametersValue1, ParametersValue2, ParametersValue3, ... });

In the internal code section of the DataBase class methods, a loop sends all the values to the corresponding parameters.

/// <summary> int i = 0; foreach (string element in ParametersName) { cmd.Parameters.AddWithValue(ParametersName[i], ParametersValue[i]); i++; }

Conclusion: The structure of DataBase class methods in Elanat framework uses the method of sending parameters to the query string, but the risk code analysis section is not able to identify the structure of DataBase class methods.

Performance Analysed:

The performance analysis section identifies the parts of the programming code that impose a lot of processing on the processor.

The usage history of processing resources when analyzing the performance of the Elanat framework is shown in the image below:

Figure 1 is a diagram of the history of processing resources consumption in the Elanat framework

In the performance analysis section, two sections of programming code that have the highest consumption of processing resources were identified; both of these sections are related to executable executable files.

The following image shows information about the classes called by these two sections:

Figure 2 Displays the classes that use the most processing resources in the Elanat framework

The image below shows the PathAccessHandler class; the red line of code invokes the ProcessRequest class; the task of the ProcessRequest class is to execute .NET executable files (with the aspx extension).

Figure 3, Execution of the executable file in the PageAccessHandler class

Methods in the PageLoader class execute each executable file separately; the return value of these methods is the result of executing one executable file into another executable file.

The following figure shows one of the methods in the PageLoader class:

Figure 4, calling the executable file, in another executable file in the PageLoader class

Conclusion: Due to the architecture of Elanat framework, the operation of calling executable files, in other executable files, requires the use of more processing resources; therefore, more features require more processing.

Messages:

The messages section examines html files for compliance with web standards.

It was mentioned in the introduction that each of the add-ons can be part of a web page; error management tools get errors from html files that are only part of a web page; these errors are ignored due to the architecture of the Elanat framework.

Figure 5, full web page

Figure 5 shows a complete web page, and error management tools do not object to the structure of these files.

Figure 6, variable web page

Figure 6 shows a variable web page.

Figure 7, add-on

Figure 7 shows the contents of the add-on file.

The Elanat framework first calls the variable web page and then replaces the variable value ($ _body_value;) with the content of the add-on file.

Conclusion: Error management tools introduce the structure of this type of file as non-standard.