cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

ColdFusion 2018 Security Analyzer Exposed API

jeffh65754959
Explorer ,
Oct 29, 2018 Oct 29, 2018

Copy link to clipboard

Copied

During the Security in ColdFusion: A 360 degree outlook session at CF Summit this year, it was discussed that in CF 2018, there are exposed APIs for the Security Code Analyzer that allow for analyzing outside of CF Builder.  I am not finding documentation that explains how to access these APIs.  Can anyone point me in the right direction?

Thanks,

Jeff

Views

399

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
jeffh65754959
Explorer ,
Nov 06, 2018 Nov 06, 2018

Copy link to clipboard

Copied

Has anyone even used the exposed APIs for the Security Code Analyzer in CF 2018, yet?  I am having no luck finding them on my install.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Charlie Arehart Community Expert
Community Expert ,
Nov 06, 2018 Nov 06, 2018

Copy link to clipboard

Copied

Jeff, there is a github project by Dave Epler showing how to access it from the command line. You can see easily in the code there how to access the web API which he calls in his code:

cf-cmdline-sec-ana/cmdline-security-analyzer.cfm at master · dcepler/cf-cmdline-sec-ana · GitHub


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
jeffh65754959
Explorer ,
Nov 06, 2018 Nov 06, 2018

Copy link to clipboard

Copied

In Response To Charlie Arehart

Excellent.  Thank you Charlie.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
jeffh65754959
Explorer ,
Nov 06, 2018 Nov 06, 2018

Copy link to clipboard

Copied

LATEST
In Response To Charlie Arehart

S Preethi said in her "Security in ColdFusion: A 360° outlook" session that the API is exposed in CF 2018 which got me thinking we could incorporate that into Jenkins for our builds and passing the code to the security analyzer API.  Unfortunately, the Adobe documentation does not say how to access that API.  I will try to use the command line code to reverse engineer access.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices