Sorcerer's Tower

QueryParam Scanner v0.7.5 Released

Earlier this week I promoted the release candidate for 0.7.5 of QueryParam Scanner to full release.

For anyone unaware, QueryParam Scanner is a simple tool for identifying unparameterised variables in CFML queries (which may indicate a potential SQL injection risk).

This version has a handful of bug fixes and code cleanups, resulting in faster more accurate scanning than previous versions, plus the addition of JSON output format, giving a more lightweight option if used in scripted processes.

For further details on these, see the previous RC article; other than a couple of trivial fixes and a new readme, nothing has changed since that.

To download the latest version, you can either clone the git repo, or grab it as a zip archive from the GitHub tags page.

For any feedback, problems, or questions, please use the issue tracker.