Project Home • Blog • Known Issues • Screenshots • External Project Link • Contact Project
qpScanner is a simple tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag.
Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query.
For full details please see the main project page:
If you have any feature suggestions, or find any bugs, please use the issue tracker:
Added: JSON output format
Added: number of potential risk files
Fixed: wording in HTML output for number of risks
Fixed: identical queries were causing incorrect line numbers.
Fixed: query names were not being detected.
Fixed: blank lines were incorrectly removed.
Fixed: Removed Struct function entirely; now requires CF9 or Railo 3.x
Fixed: Minor performance improvements.
Fixed: Now works when Railo's "Local scope mode" is set to "always".
Fixed: Client Scope checking was looking at wrong code variable. (Thanks to John Hodorowicz for spotting this!)
Fixed: Now works with attribute-less <cfquery> tag.
Fixed: Better workaround for CF expandPath issue.
Fixed: Renamed compatibility function Struct to Variables.Struct to avoid name conflict.
Fixed: IE check affecting ColdFusion didn't work.
Fixed: Win/CF expandPath fix, drive letter was case-sensitive.
Changed: Significantly faster processing.
Added: Multiple output formats.
Added: Ability to override Request Timeout.
Added: Option to specify file/directory exclusions.
Added: Option to include/exclude Query of Queries.
Added: Option to include/exclude built-in CFML functions.
Added: Eclipse Plugin for easier execution.
Fixed: Proper query names now display.
Added: Option to exclude ORDER BY clauses.
Added: Option to list scopes used.
Added: Option to highlight client scopes.
Fixed: Was giving false positives for cfswitch.
Fixed: Corrected \ to Server.Separator.File so qpScanner now also works on non-Windows machines.
Fixed: Was case-sensitive and found "cfquery" but not "CFQUERY". Is now case-insensitive.
Changed: Init->init in jre-utils. Enables BlueDragon support.
Recent Blog Entries:
6/29/13 QueryParam Scanner 0.8 Release Candidate
1/10/13 QueryParam Scanner v0.7.5 Released
1/7/12 QueryParam Scanner 0.7.5 Release Candidate
8/25/08 QueryParam Scanner - Eclipse Plugin
8/16/08 QueryParam Scanner v0.7-dev
QueryParam Scanner v0.7.5 released
Running the QueryParam Scanner tool requires a Java-based CFMX-compatible CFML engine (uses CFCs and Java object).
- ColdFusion 9 and above.
- Railo 3 and above.
For CF8, CFMX7 and OpenBD support, use v0.7.3, available from:
NOTE: If your server is CF5 (or other unsupported), I recommend getting Railo Express in order to run the tool.
Uses three other open-source projects, cfRegex, jQuery and Fusebox, all included.
This project has an external bug tracker. You can find it here:
This project hosts its source control at an external location:
Adobe and the Adobe product names are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.