Document Details

Threat Modeling Tool Input Validation
Home / Scan #234 / Threat Modeling Tool Input Validation
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
powershell_heavy
windows_tools
missing_linux_example
Summary
The documentation exhibits a strong Windows bias: examples and configuration snippets are almost exclusively for Windows/.NET technologies (e.g., IIS, web.config, MSXML, .NET Framework, ASP.NET MVC, WCF). Windows-specific tools and APIs are referenced first or solely (e.g., http.sys, MSXML, IIS, SqlClient, web.config). There are no Linux/Unix or cross-platform code/configuration examples, and alternative approaches for non-Windows environments are generally omitted or relegated to brief mentions (e.g., NSXMLParser for OSX/iOS is referenced but not exemplified).
Recommendations
  • Provide equivalent examples for Linux/Unix environments (e.g., Apache/Nginx configuration for HTTP headers, Python/Java/Node.js code for input validation).
  • Include cross-platform or open-source libraries and tools (e.g., libxml2, OWASP ESAPI, Python's lxml, Java's javax.xml, etc.) in code samples and mitigation strategies.
  • Reference Linux/Unix server configuration files (e.g., .htaccess, nginx.conf) alongside web.config/IIS examples.
  • Offer guidance for non-.NET stacks (e.g., Django, Flask, Express.js, Spring) in relevant sections.
  • Explicitly mention and demonstrate how mitigations apply in Linux or containerized environments (e.g., Docker, Kubernetes).
  • Balance references to Windows-specific APIs/tools with alternatives for other platforms, and avoid presenting Windows solutions first unless they are the only supported option.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets