1-------------------------------------------------------------------------------
2qpScanner v0.7.3
3 4 5 6INSTALLATION
7============
8 9Extract all files to a directory in your webroot, then access in a browser.
10 11Everything required is contained within the zip file, and no mappings nor
12datasources need to be setup.
13 14 15 16ECLIPSE PLUGIN INSTALLATION
17===========================
18 19There is an Eclipse plugin available for QueryParam Scanner.
20 21To install the plugin, please add the update site to Eclipse:
22 23 http://eclipse.hybridchill.com/
24 25Please consult the documentation that comes with the Plugin for further
26details on the Plugin and how to use it.
27 28 29 30USAGE
31=====
32 33After launching QueryParam Scanner, you should see a Quick Start form:
34 35 Select Config
36 This allows you to choose between "default" or "paranoid" configs.
37 The default config should be fine for most people.
38 39 Starting Directory
40 Where you put the location of the project(s) you wish to scan.
41 This can be either an absolute path or a mapping.
42 43 Recursive
44 Indicates if you want qpScanner to look inside directories, or remain
45 at the current directory level.
46 47 48Once these are set as appropriate, press Scan and qpScanner will get to work.
49 50As it finds queries with CF variables (ie: #values_in_hashes#) that are not
51inside a <cfqueryparam/> tag, it will list that file. The positions of the
52queries are displayed when clicking on a file, and clicking on each of those
53reveals the actual contents of the query.
54 55When complete, it will list how many were found out of how many total queries.
56 57 58 59NOTE: QueryParam Scanner should be used *only* in your development environment,
60not on a live/public box. In addition to the security risks, it might have an
61adverse affect on performance.
62 63 64 65KNOWN ISSUES
66============
67 68This is a development release of QueryParam Scanner, and this list of issues
69may not be a complete one. Always ensure you have a recent backup of your code.
70 71There is one known issue with this version of qpScanner:
72 731. Incorrect Line Numbers With Identical Queries
74If you have a file with multiple identical queries (same name/attributes/SQL),
75QueryParam Scanner will report line numbers correctly for only the first of
76the queries.
77 78 79 80SUPPORT
81=======
82 83For help or support, please see the project page at Hybridchill:
84http://www.hybridchill.com/projects/qpscanner.html
85 86 87 88 89CREDITS
90=======
91 92QueryParam Scanner is a project created and maintained by Peter Boughton.
93 94It makes use of three other open-source projects:
95- Java Regex Utilities http://www.hybridchill.com/projects/jre-utils.html
96- jQuery JavaScript library http://www.jquery.com
97- Fusebox Framework http://www.fuseboxframework.org
98 99100101102LICENSING & VERSIONS
103====================
104105GPL license (see included gpl-license.txt for details)
106- qpScanner v0.7.3
107- jre-utils v0.6.0
108- jQuery v1.2.6
109110Apache 2 license (see fusebox5/LICENSE.txt for details)
111- Fusebox v5.5.1
112113114115-------------------------------------------------------------------------------