Open brenzi opened 3 years ago
Using SCC to count lines of code against the current master
branch of https://github.com/scs/substraTEE-worker:
───────────────────────────────────────────────────────────────────────────────
Language Files Lines Blanks Comments Code Complexity
───────────────────────────────────────────────────────────────────────────────
Rust 17 2544 272 329 1943 141
TOML 2 101 21 1 79 0
YAML 1 119 3 4 112 0
───────────────────────────────────────────────────────────────────────────────
Total 20 2764 296 334 2134 141
───────────────────────────────────────────────────────────────────────────────
Estimated Cost to Develop (organic) $59,875
Estimated Schedule Effort (organic) 4.718119 months
Estimated People Required (organic) 1.127448
───────────────────────────────────────────────────────────────────────────────
Processed 91750 bytes, 0.092 megabytes (SI)
───────────────────────────────────────────────────────────────────────────────
--> 1943 lines of code
───────────────────────────────────────────────────────────────────────────────
Language Files Lines Blanks Comments Code Complexity
───────────────────────────────────────────────────────────────────────────────
Rust 38 12106 1459 1726 8921 476
TOML 3 272 52 6 214 0
XML 2 24 0 2 22 0
JSON 1 31 0 0 31 0
LD Script 1 9 0 0 9 0
Makefile 1 52 5 27 20 0
───────────────────────────────────────────────────────────────────────────────
Total 46 12494 1516 1761 9217 476
───────────────────────────────────────────────────────────────────────────────
Estimated Cost to Develop (organic) $278,236
Estimated Schedule Effort (organic) 8.458464 months
Estimated People Required (organic) 2.922394
───────────────────────────────────────────────────────────────────────────────
Processed 421695 bytes, 0.422 megabytes (SI)
───────────────────────────────────────────────────────────────────────────────
--> 8921 lines of code
───────────────────────────────────────────────────────────────────────────────
Language Files Lines Blanks Comments Code Complexity
───────────────────────────────────────────────────────────────────────────────
Shell 3 327 46 64 217 12
Markdown 1 20 2 0 18 0
Rust 1 883 45 44 794 31
TOML 1 85 17 2 66 0
───────────────────────────────────────────────────────────────────────────────
Total 6 1315 110 110 1095 43
───────────────────────────────────────────────────────────────────────────────
Estimated Cost to Develop (organic) $29,715
Estimated Schedule Effort (organic) 3.615318 months
Estimated People Required (organic) 0.730213
───────────────────────────────────────────────────────────────────────────────
Processed 48607 bytes, 0.049 megabytes (SI)
───────────────────────────────────────────────────────────────────────────────
--> 794 lines of code
Found a report from 2018, where parity had parts of their code base audited: https://www.parity.io/blog/parity-completes-trail-of-bits-security-review/ , with a pdf report: https://www.trailofbits.com/reports/parity.pdf
Security audit of Polkadot -> https://medium.com/web3foundation/polkadot-security-audits-atredis-ba14246aa7c5 and detailed report is here https://assets.polkadot.network/security-audits/Atredis_Partners-Web3-Polkadot-PlatformSecurityAssessment.pdf
Test / mock code
core-primitives/test/
enclave-runtime/test/
enclave-runtime/tests.rs
CLI client
cli/*
app-libs/stf/cli.rs
core/rpc-client/
core/rpc-server/
(maybe?) untrusted worker / service -> service/*
. Only if there aren't any security critical parts
Parts in the enclave-runtime
that were mostly copied from substrate:
top_pool/*
rpc/author/*
app-libs/stf/*
core/*
core-primitives/*
enclave-runtime/*
sidechain/*
Please define source code files that must undergo a security audit
quantification: We need to know lines of code (LOC) of
pure lines, no comments or whitespace