andymeneely / chromium-history

Scripts and data related Chromium's history
11 stars 4 forks source link

Incorporate source code files into the database #151

Closed andymeneely closed 10 years ago

andymeneely commented 10 years ago

Based on #114, once we decided on source code file extensions, we need to make sure our analysis of ReleaseFilepath is limited to source code files only. Suggestions, @kayladavis?

kaylaerdmann commented 10 years ago

I didn't know what most of these formats were so I looked them up.

In addition to the once you say you think are source code:

.h
.cc
.js
.py
.S
.c
.make
.sh

What about

.cpp 
.sb

And the build tools? I don't know how build tools work, but wouldn't the be generating source to? I'm especially curious about the .gyp as it's up high on the list of vulnerabilities.

.scons
.xib
.gyp
kaylaerdmann commented 10 years ago

As far as incorporating source code files (and only source files into ReleaseFilepath) goes. Couldn't we just do a check with some regex in release_filepath_loader.rb for the file extension, and then only add the filepaths with the source extensions we want to look at (instead of all of them)?

andymeneely commented 10 years ago

Yes, that definitely the fastest and simplest way to do that.

Do we need to do more? Do we need to filter out other filepaths as source code or not in the analysis? Our original questions are about source code files that later had vulnerabilities originally having few reviewers, inexperienced reviewers, etc. Just thinking out loud here...

andymeneely commented 10 years ago

Upon further consideration, no I don't think we need anything else beyond that. I'll write up a separate issue for this and assign it to @kayladavis.