d355bf0 Use new readme for v0.7.5 release.
- Parent ff8ef2e3a3d29d7c7f2008a7e7a07d35e2255f9b
- Authored by Peter Boughton at Tue 8 Jan 2013, 18:29
- Committed by Peter Boughton at Tue 8 Jan 2013, 18:39
- tag: v0.7.5
readme.md | 108 +++++++++++--------- 1 file changed, 60 insertions(+), 48 deletions(-)
diff --git a/readme.md b/readme.md index a959620..966f8c4 100644 --- a/readme.md +++ b/readme.md @@ -1,23 +1,43 @@ -qpScanner v0.7.5 +QueryParam Scanner v0.7.5 + + +DESCRIPTION +=========== + +QueryParam Scanner (qpScanner) is a tool designed to identify possible SQL +injection risks in CFML queries, by highlighting instances of unparameterised +variables. + + + +STATUS +====== + +Version: v0.7.5 +Released: 2013-01-08 + +To check latest release, visit http://sorcerersisle.com/projects:qpscanner.html + REQUIREMENTS ============ -All versions of qpScanner can run against code written for any CFML engine. - -However, from v0.7.4 onwards, qpScanner only runs on CFML engines that support nested struct notation - meaning CF 9, OBD 1.4, Railo 3.x, or newer. +qpScanner can scan code written for any CFML engine, but itself requires +at least ColdFusion 9 or Railo 3.x to run. -To run qpScanner on CF8 you must use qpScanner v0.7.3, available from: https://github.com/boughtonp/qpscanner/tags +To run qpScanner on older CFML engines, try v0.7.3 instead - this is available +on branch 0.7.3 or for download from https://github.com/boughtonp/qpscanner/tags INSTALLATION ============ -Extract all files to a directory in your webroot, then access in a browser. +Extract all files to a directory in your webroot, then access that directory in +a browser. -Everything required is contained within the zip file, and no mappings nor +Everything required is contained within the zip file; no mappings nor datasources need to be setup. @@ -25,21 +45,19 @@ datasources need to be setup. ECLIPSE PLUGIN INSTALLATION =========================== -There is an Eclipse plugin available for QueryParam Scanner. +There is a separately available plugin for the Eclipse IDE, allowing qpScanner +to be executed against specific files or directories. -To install the plugin, please add the update site to Eclipse: +For more details on this plugin, check the info provided at: - http://eclipse.hybridchill.com/ - -Please consult the documentation that comes with the plugin for further -details on the plugin and how to use it. + http://sorcerersisle.com/projects:qpscanner.html#EclipsePlugin USAGE ===== -After launching QueryParam Scanner, you should see a Quick Start form: +Upon accessing qpScanner you will see a Quick Start form: Select Config This allows you to choose between "default" or "paranoid" configs. @@ -57,14 +75,13 @@ After launching QueryParam Scanner, you should see a Quick Start form: Once these are set as appropriate, press Scan and qpScanner will get to work. As it finds queries with CF variables (ie: `#values_in_hashes#`) that are not -inside a <cfqueryparam/> tag, it will list that file. The positions of the -queries are displayed when clicking on a file, and clicking on each of those -reveals the actual contents of the query. +inside a cfqueryparam tag, it will list that file. The positions of the queries +are displayed when clicking on a file, and clicking on each of those reveals the +actual contents of the query. When complete, it will list how many were found out of how many total queries. - NOTE: QueryParam Scanner should be used *only* in your development environment, not on a live/public box. In addition to the security risks, it might have an adverse affect on performance. @@ -74,46 +91,41 @@ adverse affect on performance. KNOWN ISSUES ============ -At time of writing, there are no known issues with qpScanner. - -Visit the Issue Tracker for details of any that might since have been raised, -or to report any issues that you find: - -https://github.com/boughtonp/qpscanner/issues - - - -SUPPORT -======= - -For help or support, please see the project page at Hybridchill: -http://www.hybridchill.com/projects/qpscanner.html - +There is one known issue with this release: +* qpScanner does not work with queries in cfscript. For more details see: + https://github.com/boughtonp/qpscanner/issues/7#issuecomment-11916582 -CREDITS -======= +Visit the Issue Tracker for details of any issues that might since have been +raised, to report any issues that you find, or to request new functionality: -QueryParam Scanner is a project created and maintained by Peter Boughton. + https://github.com/boughtonp/qpscanner/issues -It makes use of three other open-source projects: -* cfRegex - http://www.cfregex.net -* jQuery JavaScript library - http://www.jquery.com -* Fusebox Framework - http://www.fuseboxframework.org +CREDITS, VERSIONS & LICENSING +============================= +QueryParam Scanner is a project created and maintained by Peter Boughton, +licensed under the GPLv3 (read gpl-license.txt for details). +The project gratefully makes use of the third-party software detailed below, +each available individually under their respective licenses. -LICENSING & VERSIONS -==================== +cfRegex v0.1.003-qp (http://cfregex.net) +* Source: https://github.com/boughtonp/qpscanner +* License: GPLv3 or LGPLv3 +* Files: cfcs/cfregex.cfc -GPL license (see included gpl-license.txt for details) +jQuery v1.2.6 (http://jquery.com) +* Source: https://github.com/jquery/jquery +* License: GPLv2 or MIT (See http://jquery.org/license) +* Files: resources/scripts/jquery-1.2.6.min.js -* qpScanner v0.7.5 -* cfRegex v0.1.002-qp -* jQuery v1.2.6 +Fusebox v5.5.1 (http://fusebox.org) +* Source: https://github.com/fusebox-framework/Fusebox-ColdFusion +* License: Apache v2.0 (http://www.apache.org/licenses/LICENSE-2.0) +* Files: fusebox5/* -Apache 2 license (see fusebox5/LICENSE.txt for details) -* Fusebox v5.5.1 +/eof \ No newline at end of file