Sorcerer's Isle :: SQL

QueryParam Scanner 0.7.5 Release Candidate

Sat, 07 Jan 2012 20:59:44 GMT

I have just pushed an update of QueryParam Scanner to GitHub, containing various improvements.

This update is on the rc0.7.5 branch, and it'd be nice if people could take it for a spin and make sure there are no issues with it. (There is a zip download for anyone without git.)

The visible changes which you might notice are:

Added JSON output format, giving an alternative to XML for anyone using qpscanner in a scripted process.
Added variable for number of potential risk files, and improved related wording in HTML output.
Fixed bug where identical queries were causing incorrect line numbers.
Fixed bug where query names were not being detected.
Fixed bug where blank lines were incorrectly removed.

However, there are also significant under-the-hood changes. I removed my obsolete "Java Regex Utils" library (replacing it with the object part of cfRegex), and made a number of little code clean-ups.

A result of these changes is that qpscanner rc0.7.5 appears to be almost twice as fast as previous versions.

If you have any feedback, please feel free to contact me via GitHub, and similarly if you find any bugs then please raise them on the issue tracker.

QueryParam Scanner - v0.7 Released, v0.8 in progress...

Tue, 23 Sep 2008 20:09:31 GMT

I have released v0.7 of QueryParam Scanner, which introduces a variety of improvements over v0.6.1:

Significantly faster processing
Multiple output formats (HTML, XML, WDDX).
Ability to override Request Timeout.
Option to specify file/directory exclusions (regex).
Option to include/exclude Query of Queries.
Option to include/exclude built-in CFML functions.
Eclipse Plugin for easier execution.

For more details and download information, visit the project page at Hybridchill.

Future Improvements

The following release, v0.8 will have three key features:

A Fix mode, allowing you to manually or automatically correct missing cfqueryparams.
A flexible exclusion system, allowing you to ignore paths and variables you know are ok.
Integration and examples of use for Apache Ant and MXUnit.

QueryParam Scanner v0.7-dev

Sun, 17 Aug 2008 00:01:01 GMT

The latest development version of qpScanner is now in SVN at RIAForge.

It would be great if people could test it out and let me know of any issues they encounter.

As before, it is all self-contained, so it can be installed and run with minimal effort.

Note: As this is still the development version, you need to use the zip option at the bottom of the RIAForge page, not the "Download Project" link - the button will only give the old version.

When released, v0.7 will be a significant new version, so I want to give a quick discussion of the new features...

Scotch on the Rocks 2008

Fri, 06 Jun 2008 22:57:00 GMT

Well the first day of Scotch '08 is now over, so here is a quick round-up of the sessions I attended.

Day two has ended, and I have updated the main entry with details on today's events.

Scotch on the Rocks 2008 is now unfortunately ended, as before please see the main entry for the final day's summaries.

cfDevCon 2006

Thu, 09 Nov 2006 22:49:42 GMT

Okay, so I've arrived back from the UK's first* ColdFusion developers' conference (*if you ignore the previous two UK-based CF conferences), and decided I would give my thoughts about it.

[SQL] Look Behind You

Mon, 21 Aug 2006 18:34:47 GMT

Where I work we have a generic database table which stores a variety of values associated with different things. Each entry has a type, id and description, along with a set of generic alpha_1..9 and numeric_1..9 columns.

Today I needed to check whether a certain value was in the table but wasn't certain where it might be - all I knew was that it was text, so I started writing the following SQL...