d355bf0 Use new readme for v0.7.5 release.
- Parent ff8ef2e3a3d29d7c7f2008a7e7a07d35e2255f9b
- Authored by Peter Boughton at Tue 8 Jan 2013, 18:29
- Committed by Peter Boughton at Tue 8 Jan 2013, 18:39
- tag: v0.7.5
readme.md | 108 +++++++++++---------
1 file changed, 60 insertions(+), 48 deletions(-)
diff --git a/readme.md b/readme.md
index a959620..966f8c4 100644
+++ b/readme.md (view file)
@@ -1,23 +1,43 @@
+QueryParam Scanner v0.7.5
+QueryParam Scanner (qpScanner) is a tool designed to identify possible SQL
+injection risks in CFML queries, by highlighting instances of unparameterised
+To check latest release, visit http://sorcerersisle.com/projects:qpscanner.html
-All versions of qpScanner can run against code written for any CFML engine.
-However, from v0.7.4 onwards, qpScanner only runs on CFML engines that support nested struct notation - meaning CF 9, OBD 1.4, Railo 3.x, or newer.
+qpScanner can scan code written for any CFML engine, but itself requires
+at least ColdFusion 9 or Railo 3.x to run.
-To run qpScanner on CF8 you must use qpScanner v0.7.3, available from: https://github.com/boughtonp/qpscanner/tags
+To run qpScanner on older CFML engines, try v0.7.3 instead - this is available
+on branch 0.7.3 or for download from https://github.com/boughtonp/qpscanner/tags
-Extract all files to a directory in your webroot, then access in a browser.
+Extract all files to a directory in your webroot, then access that directory in
-Everything required is contained within the zip file, and no mappings nor
+Everything required is contained within the zip file; no mappings nor
datasources need to be setup.
@@ -25,21 +45,19 @@ datasources need to be setup.
ECLIPSE PLUGIN INSTALLATION
-There is an Eclipse plugin available for QueryParam Scanner.
+There is a separately available plugin for the Eclipse IDE, allowing qpScanner
+to be executed against specific files or directories.
-To install the plugin, please add the update site to Eclipse:
+For more details on this plugin, check the info provided at:
-Please consult the documentation that comes with the plugin for further
-details on the plugin and how to use it.
-After launching QueryParam Scanner, you should see a Quick Start form:
+Upon accessing qpScanner you will see a Quick Start form:
This allows you to choose between "default" or "paranoid" configs.
@@ -57,14 +75,13 @@ After launching QueryParam Scanner, you should see a Quick Start form:
Once these are set as appropriate, press Scan and qpScanner will get to work.
As it finds queries with CF variables (ie: `#values_in_hashes#`) that are not
-inside a <cfqueryparam/> tag, it will list that file. The positions of the
-queries are displayed when clicking on a file, and clicking on each of those
-reveals the actual contents of the query.
+inside a cfqueryparam tag, it will list that file. The positions of the queries
+are displayed when clicking on a file, and clicking on each of those reveals the
+actual contents of the query.
When complete, it will list how many were found out of how many total queries.
NOTE: QueryParam Scanner should be used *only* in your development environment,
not on a live/public box. In addition to the security risks, it might have an
adverse affect on performance.
@@ -74,46 +91,41 @@ adverse affect on performance.
-At time of writing, there are no known issues with qpScanner.
-Visit the Issue Tracker for details of any that might since have been raised,
-or to report any issues that you find:
-For help or support, please see the project page at Hybridchill:
+There is one known issue with this release:
+* qpScanner does not work with queries in cfscript. For more details see:
+Visit the Issue Tracker for details of any issues that might since have been
+raised, to report any issues that you find, or to request new functionality:
-QueryParam Scanner is a project created and maintained by Peter Boughton.
-It makes use of three other open-source projects:
-* cfRegex - http://www.cfregex.net
-* Fusebox Framework - http://www.fuseboxframework.org
+CREDITS, VERSIONS & LICENSING
+QueryParam Scanner is a project created and maintained by Peter Boughton,
+licensed under the GPLv3 (read gpl-license.txt for details).
+The project gratefully makes use of the third-party software detailed below,
+each available individually under their respective licenses.
-LICENSING & VERSIONS
+cfRegex v0.1.003-qp (http://cfregex.net)
+* Source: https://github.com/boughtonp/qpscanner
+* License: GPLv3 or LGPLv3
+* Files: cfcs/cfregex.cfc
-GPL license (see included gpl-license.txt for details)
+jQuery v1.2.6 (http://jquery.com)
+* Source: https://github.com/jquery/jquery
+* License: GPLv2 or MIT (See http://jquery.org/license)
+* Files: resources/scripts/jquery-1.2.6.min.js
-* qpScanner v0.7.5
-* cfRegex v0.1.002-qp
-* jQuery v1.2.6
+Fusebox v5.5.1 (http://fusebox.org)
+* Source: https://github.com/fusebox-framework/Fusebox-ColdFusion
+* License: Apache v2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+* Files: fusebox5/*
-Apache 2 license (see fusebox5/LICENSE.txt for details)
-* Fusebox v5.5.1
\ No newline at end of file