qpscanner.readme.txt (0.7.3) - files - QueryParam Scanner

file: qpscanner/qpscanner.readme.txt
branch: 0.7.3
size: 3 KB
lines: 116
  1-------------------------------------------------------------------------------
  2qpScanner v0.7.3.2
  3
  4NOTE: This is an old version of qpscanner, for running on CF8 and earlier.
  5Newer versions of qpscanner are significantly improved and highly recommeded.
  6
  7
  8INSTALLATION
  9============
 10	
 11Extract all files to a directory in your webroot, then access in a browser.
 12
 13Everything required is contained within the zip file, and no mappings nor
 14datasources need to be setup. 
 15
 16
 17
 18ECLIPSE PLUGIN INSTALLATION
 19===========================
 20
 21There is an Eclipse plugin available for QueryParam Scanner.
 22
 23To install the plugin, please download the JAR from:
 24
 25  http://sorcerersisle.com/projects:qpscanner.html
 26
 27Please consult the documentation that comes with the Plugin for further 
 28details on the Plugin and how to use it.
 29
 30
 31
 32USAGE
 33=====
 34
 35After launching QueryParam Scanner, you should see a Quick Start form:
 36
 37	Select Config
 38		This allows you to choose between "default" or "paranoid" configs.
 39		The default config should be fine for most people.
 40
 41	Starting Directory
 42		Where you put the location of the project(s) you wish to scan.
 43		This can be either an absolute path or a mapping.
 44	
 45	Recursive
 46		Indicates if you want qpScanner to look inside directories, or remain 
 47		at the current directory level. 
 48
 49
 50Once these are set as appropriate, press Scan and qpScanner will get to work.
 51
 52As it finds queries with CF variables (ie: #values_in_hashes#) that are not 
 53inside a <cfqueryparam/> tag, it will list that file. The positions of the
 54queries are displayed when clicking on a file, and clicking on each of those
 55reveals the actual contents of the query.
 56
 57When complete, it will list how many were found out of how many total queries.
 58
 59
 60
 61NOTE: QueryParam Scanner should be used *only* in your development environment, 
 62not on a live/public box. In addition to the security risks, it might have an 
 63adverse affect on performance.
 64
 65
 66
 67KNOWN ISSUES
 68============
 69
 70This is a development release of QueryParam Scanner, and this list of issues
 71may not be a complete one. Always ensure you have a recent backup of your code.
 72
 73There is one known issue with this version of qpScanner:
 74
 751. Incorrect Line Numbers With Identical Queries
 76If you have a file with multiple identical queries (same name/attributes/SQL),
 77QueryParam Scanner will report line numbers correctly for only the first of 
 78the queries.
 79
 80
 81
 82SUPPORT
 83=======
 84
 85For help or support, please see the project page for details:
 86http://sorcerersisle.com/projects:qpscanner.html
 87
 88
 89
 90
 91CREDITS
 92=======
 93
 94QueryParam Scanner is a project created and maintained by Peter Boughton.
 95
 96It makes use of three other open-source projects:
 97- Java Regex Utilities       http://www.hybridchill.com/projects/jre-utils.html
 98- jQuery JavaScript library  http://www.jquery.com
 99- Fusebox Framework          http://www.fuseboxframework.org
100
101
102
103
104LICENSING & VERSIONS
105====================
106
107GPL license (see included gpl-license.txt for details)
108- qpScanner v0.7.3.2
109- jre-utils v0.6.0
110- jQuery v1.2.6
111
112Apache 2 license (see fusebox5/LICENSE.txt for details)
113- Fusebox v5.5.1
114
115
116
117-------------------------------------------------------------------------------