QueryParam Scanner v0.71
qpScanner is a simple tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag.
Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query
Features :
- Finds all variables in cfquery without a surrounding cfqueryparam.
- Displays filenames, line number and query contents for all potential risks.
- Ability to scan any directory on local filesystem.
- Option to include/exclude child directories.
- Option to include/exclude ORDER BY clauses.
- Option to list which scopes any variables belong to.
- Option to highlight variables in client scopes.
- Significantly faster processing (compared to v0.6).
- Multiple output formats (HTML, XML, WDDX).
- Ability to override Request Timeout.
- Option to specify file/directory exclusions (regex).
- Option to include/exclude Query of Queries.
- Option to include/exclude built-in CFML functions.
- Eclipse Plugin for easier execution
The following features are scheduled for v0.8:
- Option to auto-insert missing cfqueryparams.
- Ability to specify variable/scope exclusions.
- Improved file/directory exclusions.
- Improved integration with mxUnit and Apache Ant (limited support in v0.7 through XML output).
Post scriptum
Compliance Mandates
|
Related Articles
| Application Scanner |
|
| Configurations checks |
|
| Database |
|
| qpScanner |
|
