iCR for Go User Guides
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Access with a Cloud-Based VCS Repository Service
        • Authenticating GitHub Access with a Private VCS Repository
      • Authenticating GitLab Access with a Cloud-Based VCS Repository
        • Authenticating GitLab Access with a Private VCS Repository
      • Authenticating Bitbucket Access with a Cloud-Based VCS Repository
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
      • Filter by Directory pane
      • Filter by Category pane
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Appendix – List of supported fixers
    • Appendix – Example Summary Report
    • Appendix - Sample Bug Listing
Powered by GitBook
On this page
  1. Table of contents

Appendix – Example Summary Report

PreviousWhen you are completeNextAppendix - Sample Bug Listing

Last updated 1 year ago

When an analysis completes, a prompt is displayed requesting that you send OpenRefactory a brief summary of your analysis. The data we send does not include any information about your source code.

If you have exhausted your licensed OBLoC capacity, the Analysis will still be performed but the Reviewer will not be available following your analysis. Instead, the Review button will give you a window which will display the summary results.

If you wish to retain the contents of the summary to share with others, you can click on the Save as pdf button to save a copy.

Depending upon your browser, the Save as pdf option may behave differently. For example, Firefox gives you the choice to view the PDF in a new tab or save as a file. In the case of Chrome, it is a bit clumsy to save as a file as you can only do that if you have your Chrome preference set for that. To do that using Chrome select

To show you what we include in our summary, below is an example from an analysis performed on the Open Source example used in the Guide, the Go-Temp project.

Project Name: Go-Temp

*************************Summary of the Analysis*************************

Start Time: 2023/07/20 22:00:43 PST
End Time: 2023/07/20 22:01:44 PST

Total Runtime: 00:01:01
Ended?: true
Total Go Files: 513
Total LoC: 9980
Total Exceptions/Errors generated: 0
Total Magic Exceptions/Errors generated: 0
Total Runtime Exceptions/Errors generated: 0
Total Fatal Exceptions/Errors generated: 0



*************************Summary of the Results**************************

Total Fixes: 739
Injection: 366
  Prevent Log Injection: 120
  Prevent OS Command Injection: 107
  Prevent Path Manipulation: 38
  Prevent Cross-Site Scripting: 35
  Prevent Server-Side Request Forgery: 31
  Prevent SQL Injection: 29
  Prevent XPath Injection: 6
API Usage Issues: 269
  Use Server Timeout: 254
  Protect Session Cookies: 7
  Canonicalize Call To recover(): 5
  Detect Context Leak: 3
Inappropriate Logic: 28
  Avoid Self Assignment: 9
  Avoid Useless Length Or Capacity Comparison: 7
  Avoid Useless Unsigned Integer Comparison: 7
  Avoid Silly Equality Checks: 5
Broken Authentication: 25
  Fix Hard-coded Key: 9
  Fix Hard-coded Password: 9
  Prevent Session Fixation: 7
Weak Cryptography Issues: 21
  Replace Random Generator: 11
  Use Strong Hash Function: 10
Improper Access Control: 18
  Prevent Untrusted File Extraction: 11
  Prevent URL Redirection: 7
Security Misconfiguration Issues: 10
  Avoid Permissive CORS Policy in Access-Control-Allow-Origin Header: 3
  Avoid Permissive CORS Policy While Specifying AllowedOrigins: 3
  Avoid Permissive CORS Policy While Specifying AllowOrigins: 3
  Avoid Permissive CORS Policy By Calling AllowAll: 1
Sensitive Data Exposure: 2
  Prevent Sensitive Data Exposure Through Stack Trace: 2



*************************Details of the Analysis*************************

Root methods size: 812
Call graph size: 310
License Key : GRZG-9BD9-H8NK-A2OR