tracker issue : CF-3726695

select a category, or use search below
(searches all categories and all time range)
Title:

allow blocking of certain tags in modules invoked with CFModule and CFInclude

| View in Tracker

Status/Resolution/Reason: Closed/Deferred/

Reporter/Name(from Bugbase): Tim Parker / Tim Parker (Tim Parker)

Created: 03/19/2014

Components: Language

Versions: 10.0

Failure Type: Enhancement Request

Found In Build/Fixed In Build: Final /

Priority/Frequency: Trivial / Unknown

Locale/System: English / Platforms All

Vote Count: 0

Our product provides ways for our customers to provide their own CF modules which we call for certain operations.  For various reasons, many CF tags (such as CFAbort and CFLocation) are inappropriate in these contexts, and can cause operational problems if they're used.  There may also be security reasons for forbidding certain tags (such as CFFile and CFQuery).

The proposed change is to add four optional attributes to CFModule and CFInclude:

AllowedTags (white list of CF tags allowed in the called module - use of any other tags will trigger a 'ForbiddenMethod' exception)
BlockedTags (black list - all CF tags are OK except for the listed tags - use of any listed tag results in a 'ForbiddenMethod' exception)

Variants for allowed/blocked functions would also be useful, but would be of limited use without the ability to specify groups of functions (all string functions, all list functions, etc)

In our case, we would code a call to a customer module as:

<cftry>
  <cfmodule template="#path_to_some_customer_module#" blockedTags="CFAbort,CFLocation">
<cfcatch type="ForbiddenMethod">
  <!--- customer code did something bad - write log entry and move on --->
<cfcatch type="any">
  <!--- handle other 'normal' errors here --->
</cfcatch>
</cftry>


================

When CFAbort can cause problems (like in background processing of multiple pages), we use CFThread so a CFAbort in customer code doesn't crash the entire background process - the thread dies, but other processing can continue.  We have found no such work-around to prevent problems if customer code uses CFLocation

For our purposes, simply blocking these tags would solve the problem - more fine-grained control could be useful, but would require additional design.  For example... it could be desirable to restrict CFQuery to certain data sources... or to only accept SELECT queries - or to allow only 'read' operations in CFFile

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3726695

External Customer Info:
External Company:  
External Customer Name: TParker
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

Comments:

Can evaluate for a future version of ColdFusion if we have lot of folks asking for the same.
Comment by Vamseekrishna N.
13029 | October 14, 2015 10:00:28 PM GMT