displaying top 100 results
Tracker Issue Code Analyzer False Negative
Code Analyzer False Negative
Tracker Issue Code Analyzer Migration Tool Update
Code Analyzer Migration Tool Update
Tracker Issue Code Analyzer Migration Tool Update 2
Code Analyzer Migration Tool Update 2
Tracker Comment Comment on Code Analyzer False Negative by CFwatson U.
Comment on Code Analyzer False Negative by CFwatson U.
Code Analyzer on Splendor cfusion wwwroot fails with 481 errors
Tracker Comment Comment on Code Analyzer False Negative by S P.
Comment on Code Analyzer False Negative by S P.
False Positive for CFCollection "path" Attribute on Code Analyzer
Tracker Comment Comment on Code Analyzer False Negative by CFwatson U.
Comment on Code Analyzer False Negative by CFwatson U.
Tracker Comment Comment on Code Analyzer Migration Tool Update by CFwatson U.
Comment on Code Analyzer Migration Tool Update by CFwatson U.
Tracker Comment Comment on Code Analyzer False Negative by CFwatson U.
Comment on Code Analyzer False Negative by CFwatson U.
Tracker Comment Comment on Code Analyzer Migration Tool Update by CFwatson U.
Comment on Code Analyzer Migration Tool Update by CFwatson U.
Tracker Comment Comment on Code Analyzer False Negative by CFwatson U.
Comment on Code Analyzer False Negative by CFwatson U.
Tracker Issue [ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change
[ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change
Tracker Comment Comment on Code Analyzer Migration Tool Update 2 by External U.
Comment on Code Analyzer Migration Tool Update 2 by External U.
Tracker Comment Comment on Code Analyzer on Splendor cfusion wwwroot fails with 481 errors by HariKrishna K.
Comment on Code Analyzer on Splendor cfusion wwwroot fails with 481 errors by HariKrishna K.
Tracker Comment Comment on Code Analyzer Migration Tool Update 2 by External U.
Comment on Code Analyzer Migration Tool Update 2 by External U.
Tracker Issue java.io.FileNotFoundException thrown on opening files when using the Security Code Analyzer
java.io.FileNotFoundException thrown on opening files when using the Security Code Analyzer
[ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct
Tracker Issue The Code Analyzer in ColdFusion11 wrongly reports GetMetaData as a new function when analyzing CF8.0 code
The Code Analyzer in ColdFusion11 wrongly reports GetMetaData as a new function when analyzing CF8.0 code
Tracker Comment Comment on Code Analyzer on Splendor cfusion wwwroot fails with 481 errors by External U.
Comment on Code Analyzer on Splendor cfusion wwwroot fails with 481 errors by External U.
Tracker Comment Comment on java.io.FileNotFoundException thrown on opening files when using the Security Code Analyzer by Mukesh K.
Comment on java.io.FileNotFoundException thrown on opening files when using the Security Code Analyzer by Mukesh K.
Tracker Comment Comment on Code Analyzer Migration Tool Update 2 by CFwatson U.
Comment on Code Analyzer Migration Tool Update 2 by CFwatson U.
Tracker Issue Security Code Analyzer reports false positives for upload code, and repeats warnings/errors
Security Code Analyzer reports false positives for upload code, and repeats warnings/errors
Tracker Comment Comment on Code Analyzer Migration Tool Update 2 by CFwatson U.
Comment on Code Analyzer Migration Tool Update 2 by CFwatson U.
Tracker Comment Comment on [ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct by Nikhil S.
Comment on [ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct by Nikhil S.
Tracker Comment Comment on [ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct by Vamseekrishna N.
Comment on [ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct by Vamseekrishna N.
Tracker Comment Comment on [ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change by Nikhil S.
Comment on [ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change by Nikhil S.
Tracker Comment Comment on [ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change by External U.
Comment on [ANeff] Bug for: Code Analyzer doesn't notify about cflocation's addtoken default value change by External U.
Tracker Comment Comment on [ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct by External U.
Comment on [ANeff] Bug for: Code Analyzer doesn't warn when assigning local to non-struct by External U.
Tracker Comment Comment on Security Code Analyzer reports false positives for upload code, and repeats warnings/errors by CFwatson U.
Comment on Security Code Analyzer reports false positives for upload code, and repeats warnings/errors by CFwatson U.
Tracker Comment Comment on The Code Analyzer in ColdFusion11 wrongly reports GetMetaData as a new function when analyzing CF8.0 code by External U.
Comment on The Code Analyzer in ColdFusion11 wrongly reports GetMetaData as a new function when analyzing CF8.0 code by External U.
Tracker Comment Comment on The Code Analyzer in ColdFusion11 wrongly reports GetMetaData as a new function when analyzing CF8.0 code by HariKrishna K.
Comment on The Code Analyzer in ColdFusion11 wrongly reports GetMetaData as a new function when analyzing CF8.0 code by HariKrishna K.
Tracker Issue False positive for missing CFPDFParam source attribute
6306771 CF-4205373 Administrator : Code Analyzer False positive for missing CFPDFParam source attribute Problem Description:
False positive for missing "source" attribute in when running Code Analyzer. Code is as follows:
""
Steps to Reproduce:
1. Run code analyzer against code that has
Tracker Issue Exclude Selected Directories
4578000 CF-4203089 Administrator : Code Analyzer Exclude Selected Directories The feature would allow someone to exclude specific directories within the chosen subdirectory. Hence, would allow excluding a directory from the code analyzer scan.
Tracker Issue Cancel Security Analyzer Request option must exist
2682315 CFB-4121222 Security Code Analyzer Cancel Security Analyzer Request option must exist Problem:
Cancel Security Analyzer Request option should be there
Method:
Result:
Currently there is no option to stop security analyzer request while it is running .
Expected:
Workaround
Tracker Comment Comment on [ANeff] ER for: use EFR for API Manager and Security Analyzer by External U.
2673636 CF-4120122 External U. The code analyzer should be a feature of a licensed version of CF Builder and not require a particular version of the server product. $0.02.
Tracker Issue Security Analyzer , If the operation is cancelled it should display the partial results
2682248 CFB-4135745 Security Code Analyzer Security Analyzer , If the operation is cancelled it should display the partial results Problem:
Method:
Security Analyzer , If the operation is cancelled it should display the partial results
Result:
Expected:
Workaround
Tracker Issue Security Analyzer - Show icon in navigator pane
2682304 CFB-4130054 Security Code Analyzer David Epler Security Analyzer - Show icon in navigator pane Related Bugs:
4146775 - Similar to ColdFusion Builder
Currently if a file has an issue it is only identifiable from the the security analyzer pane.
An indicator should also be shown
Tracker Issue Security Analyzer Reports hardcode image paths
2682300 CFB-4130058 Security Code Analyzer Peter Freitag Security Analyzer Reports hardcode image paths Problem Description: The report only looks corrent when viewed on the machine that generated it, or on computers that have installed builder at the same path. You will find the image paths hard
Tracker Issue Enhancement Request: CFQuery Analyzer
Fusion programming code where the programmer used SELECT * instead of selecting only the columns that are actually needed. The analyzer could return chunks of code (page name, line number, cfquery name) where there are SELECT * statements.
#2 - We could encourage programmers to use the "maxrows" parameter
Tracker Issue Security Analyzer - Incorrect SQLi
2673360 CF-4126698 Security Analyzer David Epler Security Analyzer - Incorrect SQLi The security analyzer incorrectly identifies attached code as having a SQLi where the variable is completely controlled through the code
Security Analyzer should understand the context of variables
Tracker Issue Disable Mutliple Request : Triggering security analyzer scan more than once should not be allowed .
2682316 CFB-4121217 Security Code Analyzer Disable Mutliple Request : Triggering security analyzer scan more than once should not be allowed . Problem:
Disable Mutliple Request : Triggering security analyzer scan more than once should not be allowed .
Method:
Until and unless first scan request
Tracker Issue Security Analyzer: ER for the Generated Report
2682331 CFB-4116590 Security Code Analyzer Security Analyzer: ER for the Generated Report Problem:
1. Should add the time details inside the report as well.
2. In pie chart, when there is no "Error" in the report, the chart shows "Warning" as 100 %, which is valid. But at the same time simply
Tracker Issue Requirement of a Progress Bar in the Builder IDE, to show the status of the Security Analyzer scan.
2682314 CFB-4121267 Security Code Analyzer Requirement of a Progress Bar in the Builder IDE, to show the status of the Security Analyzer scan. Problem:
Requirement of a Progress Bar in the Builder IDE, to show the status of the Security Analyzer scan.
Method:
We should consider implementing a
Tracker Issue Security Analyzer - Show full path & filename
2682302 CFB-4130056 Security Code Analyzer David Epler Security Analyzer - Show full path & filename The security analyzer pane in Builder only shows the filename of the file and not the complete path. This makes it difficult to know where the file with the issue when scanning directory
2682275 CFB-4130092 Security Code Analyzer Aaron Neff [ANeff] Bug for: Security Analyzer fails for CFB virtual host Security Analyzer fails to run if the project's server is a CFB virtual host. Doesn't matter if the CF server is local or remote. Example:
CF Servers view
2682180 CFB-4166790 Security Code Analyzer Muraoka Shigeyoshi (Update 2) charts are not displayed in Security Analyzer Report (Japanese Ver.) Problem Description:
After applying CFBuilder Update 2, charts are not displayed in Security Analyzer Report.
The issue occurs only in Japanese Cold
2682235 CFB-4139440 Security Code Analyzer NPE on right click when no row is selected in Security Analyzer view Problem:
in security analyzer view, right click is supported and it shows menu according to row selected.
in case no row is selected, it throws NPE
to repro:
1. run sa
2. close SA view
3
2682291 CFB-4130071 Security Code Analyzer Peter Freitag Security Analyzer Fails Silently when not using builtin server Problem Description:
When you have a server setup with secure profile and try to use the security analyzer with it, the security analyzer fails silently. The request to the CF
Tracker Issue Security Analyzer - case sensitivity for <cfqueryparam>
2673451 CF-4126536 Security Analyzer David Epler Security Analyzer - case sensitivity for Testing sample source code that had the following:
update comments set
subscribe = 0,
followup = 0
where commentid =
The security analyzer flagged it SQLi, Error, High. There is not SQLi
2682414 CFB-4102076 Security Code Analyzer In IE browser , icons are not properly displayed in exported report Problem:
Method:
Steps to Reproduce :
1. Run security analyzer on vulnerable codes
2. Click on export icon
3. open report.html in IE browser
4. Check Fixed , To fix , Ignored icon
Tracker Issue Security Analyzer - Unnamed Application and <cfsilent>
2673454 CF-4126533 Security Analyzer David Epler Security Analyzer - Unnamed Application and Using LitePost (https://github.com/dcepler/litepost) as example code to test.
In the Model Glue variation of LitePost, the Security Analyzer is flagging Application.cfm as not being within a named
Tracker Issue Security Analyzer and dbtype="query" within cfquery
that these errors should show in the security analyzer results. Attached is an image that shows a cfquery and the sort and order parts will display as errors within the security analyzer.
Steps to Reproduce:
1. Use dbtype="query" via the cfquery tag and have code like pictured in the image
2. Run security
2673452 CF-4126535 Security Analyzer David Epler Security Analyzer - incorrect flagging of method="post" on Using LitePost (https://github.com/dcepler/litepost) as example code to test.
Security Analyzer is flagging fusebox/home/entry/comment/dsp_commentForm.cfm with a warning, low for getvspost
Tracker Issue Security Analyzer - Unnamed Application and Fusebox
2673453 CF-4126534 Security Analyzer David Epler Security Analyzer - Unnamed Application and Fusebox Using LitePost (https://github.com/dcepler/litepost) as example code to test.
In the Fusebox variations of LitePost, the Security Analyzer is flagging Application.cfm as not being within a named
2682303 CFB-4130055 Security Code Analyzer Peter Freitag Security Analyzer Times out after 30 seconds, unable to scan large dir Problem Description: I tried running a scan on an application with 900 files. The security analyzer times out after 30 seconds saying "Error message from the server. Read
Tracker Issue Column sort doesn't work in "Unscanned File" pane.
2682240 CFB-4139323 Security Code Analyzer Column sort doesn't work in "Unscanned File" pane. Problem:
Column sort doesn't work in "Unscanned File" pane.
Method:
Result:
Expected:
Workaround:
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID
Tracker Issue [ER] Filename search and sorting should be implemented in the Unscanned file pane view
2682241 CFB-4138875 Security Code Analyzer [ER] Filename search and sorting should be implemented in the Unscanned file pane view Problem:
Method:
Filename search and sorting should be implemented in the Unscanned file pane view
Result:
Expected:
Workaround
Tracker Issue Issues in the 'Unscanned Files' view.
2682246 CFB-4138072 Security Code Analyzer Issues in the 'Unscanned Files' view. Problem:
Issues in the 'Unscanned Files' view.
Method:
The following scenarios are not working in the 'Unscanned Files' view :
1)On clicking a file, it does not open in the file editor view.
2)On clicking the column
2682258 CFB-4131035 Mukesh K. Verified the fix in build#298421 .Message displays as :
Server error: Security Code Analyzer is not available in this edition of the ColdFusion server
2682227 CFB-4147846 Security Code Analyzer [ER] Unscanned File pane layout design should contain Tree Viewer structure Problem:
Method:
Unscanned File pane layout design should be similar to security analyzer view in order to incorporate the different segments of invalid file , encripted file
Tracker Issue Security Analyzer - Secure with Credentials
incorrectly where the security analyzer could be exposed to an attacker to run and profile the code making it easier to attack.
The security analyzer should be secured with either admin or rds username and passwords.
----------------------------- Additional Watson Details
2673455 CF-4126531 Security Analyzer David Epler Security Analyzer - Incorrect flagging SQLi (BlogCFC - blog.cfc) Using BlogCFC as example code.
The Security Analyzer is incorrectly flagging the use of the variable posted in getActiveDays() method within org/camden/blog/blog.cfc. The variable
2682245 CFB-4138258 Security Code Analyzer When "Unscanned Files" pane is empty, an unhanded exception is thrown if "Clear Security Markers" is run. This results in Security Analyzer pane not being cleared. Duplicate ID: 4138321 ColdFusion Builder
Problem:
Method:
Steps to repro issue :
1, Run
Analyzer
2) See timeout error thrown
3) Increase RDS timeout
4) repeat 1-3 a few times
So.. imagine multiple developers simultaneously trying to analyze their code against the same CF server. I can bring mine to 100% CPU w/ just 2-3 requests.
This isn't good b/c Security Analyzer isn't supported against
Tracker Issue Security Analyzer - addtoken and Secure Profile
2673382 CF-4126665 Security Analyzer David Epler Security Analyzer - addtoken and Secure Profile The behavior for addtoken in changes if Secure Profile is enabled or not. As the security analyzer is currently implemented it has no knowledge if the code will be deployed to a server with Secure
Tracker Comment Comment on Expose CFML code parsing rules in a open source and consumable way by External U.
2608688 CF-4023312 External U. The code analyzer already exists, it shouldn't be too hard to open that out and allow custom rules etc. The big win here I see is security scans, to look out for known vulnerability paths, enforce owasp top 10 etc
Would love this. I think it would open a lot up
2682250 CFB-4135074 Security Code Analyzer Clear Security Markers should remove the markers when run over multiple folders Problem:
Method:
steps to reproduce :
1. Select two folder which have vulnerability in both the folder
2. Vulnerability will get displayed once the scan is over
3. Select
Tracker Issue Security report doesn't list the line #s.
2682265 CFB-4130102 Security Code Analyzer Raymond Camden Security report doesn't list the line #s. The security report should show line #s. Yes you get markers in the file, but the table of results should tell you the line number.
----------------------------- Additional Watson Details
Tracker Issue Add Detailed JSON file to report export
2682301 CFB-4130057 Security Code Analyzer Peter Freitag Add Detailed JSON file to report export When you export a report it generates a nice HTML report but it would be very useful if it also dumped a JSON file in there (with all the details of the vulnerabilities found, file paths, etc) so you
2682258 CFB-4131035 Security Code Analyzer Check for Coldfusion Enterprise server needs to be corrected . Getting an incorrect alert message while running SA on inbuilt server (Developer edition) Problem:
Method:
Steps to reproduce :
1. Install CFB2016 with serial key .
2. Run SA over project
Tracker Issue Text in 'task completed' window is weird
2682280 CFB-4130083 Security Code Analyzer Raymond Camden Text in 'task completed' window is weird I just did a scan and the result was a pop up that said:
"Security analyzer task completed. To correct the squiggly line, select insert spaces
for tabs option from Editor > General > Text Editors
Tracker Issue Mapped Drive and Server Drive Must Match
2682311 CFB-4126170 Security Code Analyzer STEPHEN WALKER Mapped Drive and Server Drive Must Match We setup a new development server and developers are required to map to their specific folder. The folders are located on the F drive, but if a user maps to a drive other than F, the security
Tracker Issue Security Analyzer - CGI scope is not "Safe"
2673376 CF-4126678 Security Analyzer David Epler Security Analyzer - CGI scope is not "Safe" When running the security analyzer across attached code it should flag the use of CGI.HTTP_USER_AGENT in line 1 as XSS and line 4 as SQLi.
There are numerous items populated into CGI scope that come
Tracker Issue Security Analyzer - CSRF Attack detection does not work
2673381 CF-4126667 Security Analyzer David Epler Security Analyzer - CSRF Attack detection does not work Related Bugs:
CF-4080920 - Similar to
The CSRF Attack detection for the security analyzer does not work according to the documentation.
Attached code samples have the correct usage
Tracker Comment Comment on Security Analyzer - Incorrect SQLi by CFwatson U.
False Positives is not "As Designed" Date Added :2015-07-20 17:27:51.0
Added By:preethi Note Added: Hi David,
As of now any variable assignment inside a cfif / loop / switch-case is not analyzed.
And since there is a possibility of the code going into either the if case or the else case, a warning
Tracker Comment Comment on Stop Encrypting the Administrator Code by External U.
Comment on Stop Encrypting the Administrator Code by External U.
Tracker Comment Comment on Installer points to a failing page: adobe.com/go/cfb2018_exp_std_features by Charlie A.
analyzer.
As for what told me that (that the Sec Analyzer is not supported in Express), it's among a few shown in the popup when launching CFB when in this Express mode (where the trial has expired).
As for "code assist", I will clarify for readers that it's not that Express doesn't support it. Instead
Tracker Issue Can't resize/adjust security repor
2682266 CFB-4130101 Security Code Analyzer Raymond Camden Can't resize/adjust security repor Duplicate ID: 3982669 ColdFusion Builder
The Security Report panel should be resizeable internally. Specifically the left panel which is large and takes a lot of space. Screen shot:
https
Tracker Comment Comment on Bug 80973:COM Interoperability with CF on 64 bit Windows throws 32 bit dll error by External U.
or third-party solutions to writing MS Office Word and Excel files from ColdFusion.
Adobe needs to give better disclosure of this known issue to prospective customers. Adobe documentation for CF9 did not disclose this. Code Analyzer did not warn of this.
Adobe Incident 181554415
Dale Gunns
dg120653
Tracker Comment Comment on [ANeff] ER for: getTagList() by External U.
not be used".
https://helpx.adobe.com/coldfusion/cfml-reference/reserved-words-and-variables/reserved-words.html
ColdFusion validates it as a acceptable variable and and performs the variable assignment. Code Analyzer (in CF10) doesn't flag it as a potential error or provide an info-level warning
Tracker Issue Null pointer exception thrown while running Security Analyzer repeatedly over same files
2682249 CFB-4135106 Security Code Analyzer Null pointer exception thrown while running Security Analyzer repeatedly over same files Problem:
Method:
Steps to reproduce ;
1. Scan vulnerable file
2. Run Clean security scan over same files
3. Run security analyzer over the same files
Result
Tracker Comment Comment on Security Analyzer Fails Silently when not using builtin server by CFwatson U.
in the code since the report is empty. Date Added :2016-01-13 21:07:06.0
Added By:prk Note Added: Security Analyzer module can be invoked only in development profile, assuming projects with security issues will not be moved to "security production profile". Hence, the secure profile is not enabled
- custom functions are compiled and then produce confusion later when attempts to call them call the native function instead. Also the trace function isn't included in the list of errors reported by the CF9 code analyzer in the CFIDE.
Steps to Reproduce:
#trace()#
Actual Result: An error regarding
2682255 CFB-4131907 Security Code Analyzer Builder needs to show the files separately or in the same view with one more column describing if file belongs to INVALIDFILE or CANNOTPARSE category. Related Bugs:
CF-4126394 - Similar to
CF-4126394 - Similar to
Problem:
Builder needs to show the files
Tracker Comment Comment on [ANeff] Bug for: Security Analyzer extremely high CPU usage by Awdhesh K.
Comment on [ANeff] Bug for: Security Analyzer extremely high CPU usage by Awdhesh K.
2673317 CF-4126912 Security Analyzer David Epler Inconsistent XSS markings for built-in-functions (BIF) that return integers Duplicate ID: CF-4126413
Problem Description:
Given the code:
#ceiling(url.id)#
#floor(url.id)#
#round(url.id)#
Actual Result:
The security analyzer marks the lines
Tracker Issue CF 11 Update 7 appears ignoring wildcard in query
the correct information- I also ran code analyzer on this page and it came back with no issues
Also during the upgrade i exported the .car file from cf 9 into cf 11 so the settings should be the same- also like i said before it is not throwing errors- it works- just not with the fully correct results- my
Tracker Issue Bug 83456:CF 9 hotfix 1 is supposed to have fixed some issues with passing implicit arrays into functions
it appears to have broken code that was working previously to pass implicit arrays into function with named parameters.Calling a function with named argument that has an implicit array as value (e.g. arr=[value,value]) fails. It used to work without hotfix 1. I have seen it both fail compilation and more
:44:01.0
Added By:prk Note Added: Hi Raymond,
When we run security code analyzer in editor, some times you can see the squiggly lines for the vulnerabilities moving to different or inappropriate lines. That is because, the editor is considering one tab space as 4 space.
So the prompt asks for selecting "insert
Tracker Issue Security scanner: incorrect analysis
2673368 CF-4126688 Security Analyzer Adam Cameron Security scanner: incorrect analysis I put this code through the security scanner:
unscopedMessage = "hi";
writeOutput(unscopedMessage);
variables.scopedMessage = "hi";
writeOutput(variables.scopedMessage);
variables
Tracker Issue Security scanner false positive and mixed messaging
2673367 CF-4126689 Security Analyzer Adam Cameron Security scanner false positive and mixed messaging Consider this code:
files = directoryList(expandPath( ’./hardcodedSubDirectory/’ ));
The two statements are:
a) analogous;
b) as far as I can tell pose no risk
However the *first* line
2673677 CF-4118885 Security Analyzer Aaron Foote [AF] - Security Analyiser - Incorrect support for depreciated cfform The security Analyizer's CSRF functionally ONLY works on CFForm
- CFFORM is depreciated and should not be receiving new features
- As CFFORM is depreciated it should
2673316 CF-4126922 Security Analyzer David Epler Should not mark some tag-specific variables as XSS (RecordCount/CurrentRow) Duplicate ID: CF-4087973
Problem Description:
Given the code:
SELECT ARTISTID, FIRSTNAME, LASTNAME, EMAIL, THEPASSWORD, ADDRESS, CITY, STATE, POSTALCODE, PHONE
Portal Comment Comment on Input validation to avoid XSS by Charlie Arehart
you find and fix such problems in CFML (both output protection and input validation). First was the CF Enterprise Security Code Analyzer (built into CFBuilder 2016 and above, working with the Enterprise edition only of CF 2016 and above).
More recently is Pete Freitag’s
Tracker Issue Values coming from in-built struct objects/tag-specific variables should not be flagged for vulnerability.
2675044 CF-4087973 Security Analyzer ext-user Values coming from in-built struct objects/tag-specific variables should not be flagged for vulnerability. Related Bugs:
4049701 - Similar to ColdFusion Builder
4130097 - Similar to ColdFusion Builder
Problem:
Values coming from in-built struct
Tracker Issue Security scanner SQLi odd guidance
2673375 CF-4126680 Security Analyzer Adam Cameron Security scanner SQLi odd guidance
INSERT INTO someTable (
uuid
)VALUES(
’#createUuid()#’
)
SELECT ’#createUuid()#’ AS uuid
FROM someTable
The first INSERT just gets a warning; the first SELECT gets an error (if anything... should
with tag classes.
Steps to Reproduce:
Put this code in an index.cfm file and hit it 5 times:
// Only create the closure on the first call
if( !structkeyExists( application, 'lock' ) ) {
application.lock = function(){
lock name="myLockName" type="exclusive" timeout="10
:prk Note Added: Yes, update the code and save it. Then double click will point you to the new line number. Date Added :2015-07-24 13:51:39.0
Added By: PreRelease User User Name:Raymond Camden Note Added: Are you saying that right now, if I update the code, that double clicks still work? Date Added :2015
Portal Comment Comment on ColdFusion 9.01 by Charlie Arehart
found it did work and solved their problems, especially like yours calling remote services via cfhttp with https.
Finally, you asked how to test your CF9 code for CF11 compatibility. To do that, implement CF11 on some machine (using the free trial or Developer edition, and run the Compatibility