File Upload Analysis
How to analyze Solana programs by uploading source code files
File Upload analysis allows you to analyze Solana programs by directly uploading your source code files. This method is ideal for programs that aren't hosted in a public repository or when you want to analyze a specific version of your code without pushing it to GitHub.
Requirements
To analyze a program using File Upload, you need:
- A ZIP file containing your Solana program code
- The ZIP must include a valid Cargo.toml file
- Maximum file size: 50MB
Preparing Your Files
Follow these steps to prepare your code for upload:
Step 1: Organize Your Project
Ensure your project is organized correctly:
- Include all source files needed for the analysis
- Ensure there's a valid Cargo.toml file at the root or in a specified subdirectory
- Include any program-specific configuration files
Step 2: Clean Up Unnecessary Files
To reduce the ZIP file size and improve analysis speed, remove unnecessary files:
- Build artifacts (target/ directory)
- Dependencies (can be downloaded during analysis)
- Large binary files, datasets, or assets
- IDE configuration files (.vscode/, .idea/, etc.)
- Git history (.git/ directory)
Step 3: Create a ZIP Archive
Create a ZIP file containing your project:
- Select all project files and folders
- Right-click and select "Send to" → "Compressed (zipped) folder"
- Select all project files and folders
- Right-click and select "Compress Items"
Best Practice
Create your ZIP file from a clean copy of your project that includes only the files needed for analysis. This ensures faster uploads and more efficient processing.
How to Use
Step 1: Select File Upload as Your Source
From the Dashboard, click on "New Analysis" and select "File Upload" as your analysis source.
Step 2: Upload Your ZIP File
You can upload your ZIP file in two ways:
- Click the upload area to browse for your ZIP file
- Drag and drop your ZIP file directly onto the upload area
Upload Size Limit
The maximum file size for uploads is 50MB. If your ZIP file exceeds this limit, try removing unnecessary files or contact support for assistance with larger projects.
Step 3: Configure Analysis Options
After uploading your ZIP file, you can configure additional options:
- Subdirectory (optional): If your Solana program is not in the root of the ZIP, specify the path to the directory containing the program.
- Analysis Depth: Choose between quick, standard, or deep analysis.
Step 4: Start Analysis
Click "Start Analysis" to begin. Believe Security will:
- 1Extract your ZIP file in a secure environment
- 2Locate and parse your Solana program code
- 3Analyze the code for vulnerabilities and issues
- 4Generate a comprehensive security report
Supported Project Structures
Believe Security supports various Solana project structures:
Standard Rust Solana Project
my-solana-program/
├── Cargo.toml
├── Cargo.lock
├── src/
│ ├── lib.rs
│ ├── entrypoint.rs
│ ├── processor.rs
│ ├── instruction.rs
│ ├── state.rs
│ └── error.rs
└── tests/
└── integration_tests.rs
Anchor Framework Project
anchor-program/
├── Anchor.toml
├── programs/
│ └── my-program/
│ ├── Cargo.toml
│ ├── Cargo.lock
│ └── src/
│ └── lib.rs
├── tests/
│ └── my-program.ts
└── migrations/
└── deploy.ts
Workspace with Multiple Programs
solana-workspace/
├── Cargo.toml (workspace)
├── program-a/
│ ├── Cargo.toml
│ └── src/
│ └── lib.rs
├── program-b/
│ ├── Cargo.toml
│ └── src/
│ └── lib.rs
└── common/
├── Cargo.toml
└── src/
└── lib.rs
For projects with multiple programs or complex structures, you can:
- Specify a subdirectory to focus on a specific program
- Upload each program separately for individual analysis
- Use workspace detection to automatically identify all programs
Advanced Options
Custom Dependencies
If your project uses custom dependencies or specific versions that aren't available in the public registry, you can include them in your ZIP file:
- For local dependencies, include them in the ZIP file structure
- Ensure your Cargo.toml correctly references these dependencies
Analysis Configuration
You can customize your analysis with these advanced options:
- Exclude Paths: Specify paths or patterns to exclude from analysis (e.g., test directories, examples).
- Focus on Specific Files: Limit analysis to specific files or directories for faster results.
- Analysis Depth: Choose between quick analysis or deep analysis based on your needs.
Troubleshooting
Invalid ZIP File
If you encounter an "Invalid ZIP file" error:
- Ensure the file is a valid ZIP archive (not RAR, 7z, or other formats)
- Check if the ZIP file is corrupted (try creating it again)
- Verify the file size is under the 50MB limit
Cargo.toml Not Found
If Believe Security can't locate a Cargo.toml file:
- Check if you need to specify a subdirectory
- Verify that your ZIP includes a valid Cargo.toml file
- Ensure the ZIP file structure preserves the correct directory hierarchy
Dependency Resolution Issues
If there are issues with dependencies:
- Ensure your Cargo.toml correctly specifies all dependencies
- For private dependencies, include them in the ZIP file
- Check for any Git dependencies that may not be accessible
Upload Timeout
If your upload times out:
- Check your internet connection stability
- Reduce the ZIP file size by removing unnecessary files
- Try uploading during non-peak hours
- Split very large projects into multiple smaller analyses
Best Practices
- Clean Build: Start with a clean build directory to avoid including unnecessary build artifacts
- Version Control: Include a version identifier or commit hash in your file name for traceability
- Consistent Structure: Maintain a consistent project structure for repeated analyses
- Include Tests: Include test files to help Believe Security understand the intended behavior
- Exclude Sensitive Data: Remove any sensitive information, API keys, or credentials before uploading