Document Details

Threat Modeling Tool Input Validation
Home / Scan #240 / Threat Modeling Tool Input Validation
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
Summary
The documentation demonstrates a strong Windows bias. Most code examples are in C#/.NET, and configuration instructions reference Windows-specific technologies (IIS, web.config, MSXML, http.sys). References and steps frequently mention Windows tools and APIs first or exclusively, with little to no mention of Linux/Unix equivalents or cross-platform approaches. There are no examples for Linux-based web servers (e.g., Apache, Nginx), nor for non-.NET languages or frameworks. Where browser support is discussed, Internet Explorer is emphasized, and other browsers are only mentioned as future considerations.
Recommendations
  • Provide equivalent examples for Linux/Unix environments, such as configuring headers in Apache (httpd.conf) or Nginx (nginx.conf), and using open-source XML libraries (e.g., lxml, expat) for entity resolution.
  • Include code samples in other common web languages (Python, Java, Node.js, PHP) to demonstrate input validation and output encoding.
  • Reference cross-platform libraries and tools (e.g., OWASP ESAPI, HTMLPurifier, Python's bleach) for encoding and sanitization.
  • Discuss configuration and security controls for non-Windows web servers and application stacks.
  • When mentioning browser support, provide details for Chrome, Firefox, Safari, and Edge, not just Internet Explorer.
  • Avoid assuming .NET or Windows as the default platform; clarify which recommendations are platform-specific and offer alternatives.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets