ColdFusion 2018 Security Analyzer Exposed API

Report · Oct 29, 2018

During the Security in ColdFusion: A 360 degree outlook session at CF Summit this year, it was discussed that in CF 2018, there are exposed APIs for the Security Code Analyzer that allow for analyzing outside of CF Builder. I am not finding documentation that explains how to access these APIs. Can anyone point me in the right direction?

Thanks,

Jeff

Report · Nov 06, 2018

Has anyone even used the exposed APIs for the Security Code Analyzer in CF 2018, yet? I am having no luck finding them on my install.

Report · Nov 06, 2018

Jeff, there is a github project by Dave Epler showing how to access it from the command line. You can see easily in the code there how to access the web API which he calls in his code:

cf-cmdline-sec-ana/cmdline-security-analyzer.cfm at master · dcepler/cf-cmdline-sec-ana · GitHub

/Charlie (troubleshooter, carehart. org)

Report · Nov 06, 2018

Excellent. Thank you Charlie.

Report · Nov 06, 2018

S Preethi said in her "Security in ColdFusion: A 360° outlook" session that the API is exposed in CF 2018 which got me thinking we could incorporate that into Jenkins for our builds and passing the code to the security analyzer API. Unfortunately, the Adobe documentation does not say how to access that API. I will try to use the command line code to reverse engineer access.

ColdFusion 2018 Security Analyzer Exposed API

li.media.uploader-dialog.title