XView and ASPScan

download : aspscan and xview .net binary (22kb)
download : aspscan src (9kb)
download : xview src (30kb)

Note : You will need to have a .net enabled machine to run these. You can get the .Net framework redistributable here or if you are a programmer you can get the .Net framework SDK here.

XView

This is a tool written in C#, that acts as a visual interface for the commandline scanner, aspscan.exe. ASPScan.exe can scan entire projects and provide information about declaration of variables and methods and their usage information. XView can open and display the XML files dumped by aspscan.exe as a tree. The tree description is provided below. XView can spawn aspscan.exe, thus you will not need to use aspscan at the commandline.

XView : Executing a Scan

Choose the Spawn ASPScan option.
Now select the directory or file that you wish to scan from the tree.
Click 'Add Dir/File' to add the selected item to the list.
Edit the output filename if you need to.
Click Scan

The output file will be created in the last directory in the list. (if it was a relative path). You can go on to view this XML in XView.

XML Tree Desription

The following is a terse description of the XML tree. A bit of comparing with the src should make the ideas clear.

/document/root/*
the abs files names of all file names analysed
<filename>/(sub|func|const|dim)
all the sub,functions,const and dim within the file.
<filename>/com/*
all the COM strings used by the file
<filename>/com_variables/*
all the variables that represent COM instances
<filename>/include_virtual/*
all the virtual includes with the file
<filename>/include_file/*
all the files included with the file
<filename>/parent/*
all known parents of this file
<filename>/(const|dim|func|sub)/*
all the constant,dim,func or sub names known
const/<name>/value = *
the value of the constant
usage/*
the used item types in the scope where it appears. These can be as decsribed :
- usage/(const|func|sub)/*
  the corresponding types used and where they are decl
- usage/dim
  the normal dim declarations and those used as COM calls
<any element>/usedby/*
defines where all the element has been used
token
unknown tokens whose usage info was not found
(func|sub)/<name>/(const|dim)
all the const and dim decl within the method
(func|sub)/<name>/com
all the com strings used
(func|sub)/<name>/com_variables
all the variables that represent COM instances
(func|sub)/<name>/args
the formal params of the method

About Token
Normally the token subtree should be empty. It will have elements when a tokens could not be traced. This could be because -

This is defined through a virtual include path
It is an uncataloged inbuilt item.

ASPScan.exe : ASP analyser in C#

The command line tool aspscan.exe does the analysis. This can scan entire projects and provide information about declaration of variables and methods and their usage information.

Benefits

Aspscan.exe gives you a lot of detail in the anlysis(Is this a lot?).
This includes

List of Functions declared in an asp
List of Sub
List of global Dim
List of global Const
Value of the consts
List of all COM components used in the asp
It further tells about every function/sub
- The list of const/dim within it
- The value of the const
- What all it uses
  - which functions/subs
  - which const/dim
  - where they are declared
    This is detailed :
    - a local
    - a global
    - in another file
If something is used from another file, aspscan.exe traverses down the include paths to locate the original declaration. Further, for files that have parents, ie those that are known to be included in other files, aspscan traverses to the parent and to its includes to find the declaration. Thus each function/sub has the details of what all it is using from across the project.
This usage information id tracked not only for every sub/function but also for usages globally in the file Every declaration has a usedby node which says where all the declared item is used. A usedby under a function can tell you in which all files/functions/subroutines it is being used. Thus it is easy to track the usage of any variable or method.

COM

COM instances are treated as normal Dim declarations. It further tell you the name of the COM method invoked and which COM component it is an instance of. This information is tracked on a per file/methos basis.

Command Line

aspscan (wildcard) +
search for wildcard
(filename) +
file to scan
/out:(outfile)
output filename
/d:(directory) +
directory to scan
/p2(+|-)
pass2 (default +)
/in(+|-)
include files (default +)
/v
verbose
/r(+|-)
recursive

Ex:
aspscan.exe /d:\myproject\aspfiles *.asp /r+

Pass2 : Pass2 is when the analyser tries to detect usage information and is time consuming. If one does not need this info, disable it with the '/p2+' switch

Recurse Include files: If one wishes only to analyse the mentioned file and not any include files it might have then use the '/in-' switch to disable include file recursion.

Known Limitations (aspscan.exe):

Not enough testing
Cant track function calls or usages through 'Execute' statements (Maybe later this can warn if execute is used)
If any of , <% or %>occur in any magic places (like strings), the analyser might mistake the scope of the statements.
For multiline decl, assignments etc only the first line contents are used (a few more ...)

Note :

This had originally been written in Ruby. Ruby is an amazing interpreted language and it came to about 330+ lines of code in Ruby without any effort to tighten code.

But as Ruby was slow , being interpretive, and had some problem despite its expressive beauty and because you need Ruby to run teh analyser I tried a c# version. I am happy to say that the c# version stopped in about 550+ lines of code. Surprise, because I was expecting it to bloat like hell if I was expecting it to be the equivalent of tdoing it in c++/c. Also a speedup of about 10 to 15 times on the same analysis.