Create a ColdFusion project or use an existing project. Ensure that the project is configured to the preferred server.
Security Analyzer Report Integration
For any web application, security plays a critical role. It is important to avoid security pitfalls while developing web applications.
Security Analyzer enables developers to avoid common security pitfalls and vulnerabilities while writing ColdFusion code.
Use this feature to view:
- Vulnerable code in the editor
- Vulnerability or type of attack (Error and Warning)
- Severity level of vulnerability (High, Medium, and Low)
- Suggestion to avoid vulnerability.
Accessing security analyzer in the extension
Follow the steps below to access Security Analyzer in the extension:
- Right-click the project folder or the project file in the Project Manager.
- Click Run Security Analyzer.
You have the following options in Security Analyzer:
- Run Security Analyzer: Analyzes and displays vulnerabilities in the code.
- Clean Run Security Analyzer: Clears the history of all ignored messages and warnings. It clears the ignored vulnerabilities (which are marked as Ignore during the Run Security Analyzer) and displays all vulnerabilities for the project.
- Cancel Run Security Analyzer: Aborts the Security Analyzer.
- Clear Security Markers: Removes all security warnings and resources. Run the security analyzer again to view the vulnerabilities for your resource.
Using the Security Analyzer
Follow the steps below to use Security Analyzer for your project folder or file:
Click Security Issues on the left pane to view the list of vulnerabilities.
- As shown in the left pane of the snapshot, click the vulnerability type (such as SQL Injection or XSS attack) to view the corresponding problem statement. You can also view the suggested solution in the right pane.
- Alternatively, you can click any error on the middle pane to view the corresponding statement and solution at the right pane.
- Double-click each error on the middle pane to view the corresponding line in the Editor.
- Use filters for File Name, Attack Name, Severity Level, and Type in the middle pane. Start typing the file name in the search area to locate the files with vulnerabilities. You can narrow down your search based on severity level as high, medium and low by clicking All drop-down list.
Export Security Analyzer results
Click Export on the upper-right corner of the Security Analyzer pane to export all the vulnerabilities to a report.html file.
You can view the graphical representation of all vulnerabilities for your resource in the exported file, as shown below: