Locating Specific Files on a ColdFusion Server - coldfusion

So I've began working with .cfm files recently at work, currently my assignment is to modify and update webpages to be more suited to mobile devices and tablets. Now, being relatively new to ColdFusion, I've been having a bit of trouble with how multiple .cfm files are used within a server to create a single webpage. Because of this, I've had issues with finding where specific sections of HTML are located, be it something as where a simple tag is, or where a call to another .cfm, javascript, or .css file may be. Is there anyway to find the origin of certain code without having to skim through hundreds of different files?

If you are working on your code on a local webserver on your computer (i.e. not a production site) then you can enable ColdFusion's debugging output.
Documentation for the ColdFusion Administrator debugging options are here: ColdFusion Administrator Debugging
You will want to enable Enable Request Debugging Output and turn on Report Execution Times. When you browse to the page, ColdFusion will give you a list of all files that ColdFusion used to render that page (with how long each file took) appended to the bottom of the page.
Otherwise, any good IDE/Editor (CFBuilder, SublimeText, NotePad++ etc) will be able to search across files.

I would suggest downloading the code from your server to a local drive. From there you can search using an IDE (ColdFusion Builder, Dreamweaver, etc) or a good text editor that can search multiple files at once. I personally use ColdFusion Builder 3 and Notepad++.
Multiple cfm files are put together into a single page usually by using the cfinclude tag, so that would be a good starting point for your search. There are other methods to include different pages into a single page but cfinclude is probably the most common one. BUT, if the programmer used cfscript instead of cfml, look for the include function instead.
Adobe documentation on the cfinclude tag can be found at https://wikidocs.adobe.com/wiki/display/coldfusionen/cfinclude.

Related

How can I compile my ColdFusion code for sourceless distribution, and have it be unreadable?

I've been tasked with creating a deployable version of a ColdFusion web app to be installed on a clients server. I'm trying to find a way to give them a compiled version of our code, and my first inclination was to use the CFCompile utility that I found here. However, after running CFCompile, most of the code in the CFM files is still readable. The only thing that appears to be obfuscated at all is the actual ColdFusion code - all of the SQL Queries are still perfectly readable. (Example in the screenshot below)
The HTML and JavaScript are also still readable in the compiled code, but that doesn't matter as those can be seen in a web browser anyways.
Is there another way to distribute my source code in a format that is completely unreadable to the user? I'm guessing that for whatever method I choose, there will be some way of decompiling the code. That's not an issue, I just need to find a way to make it more difficult than opening the file and seeing the queries.
Hostek has a pretty good write up on the subject over on their site - How to Encrypt or Compile ColdFusion Files.
Basically, from that article:
Using cfcompile.bat
The cfcompile.bat utility will compile all .cfm and .cfc files within a given directory into Java bytecode. This has the effect of making your source code unreadable, and it also prevents ColdFusion from having to compile your ColdFusion files on first use which provides a small performance enhancement.
More details about using cfcompile.bat can be found in ColdFusion's Documentation
Using cfencode.exe
The cfencode.exe utility will apply basic encryption to a specific file or directory. If used to encrypt a directory, it will apply encryption to ALL files in the directory which can break any JS, CSS, images, or other non-ColdFusion files.
They do also include this note at the bottom:
Note: Encrypting your site files with cfencode does not guarantee absolute security of your source code, but it does add a layer of obfuscation to help prevent unauthorized individuals from viewing the source.
The article goes on to give basic instructions on how to use each.
Adobe has this note on their site regarding cfencode:
Note: You can also use the cfencode utility, located in the cf_root/bin directory, to obscure ColdFusion pages that you distribute. Although this technique cannot prevent persistent hackers from determining the contents of your pages, it does prevent inspection of the pages. The cfencode utility is not available on OS X.
I would also add that it will be trivial for anyone familiar with ColdFusion to decode anything encoded with this utility because they also provide the decoder.

Find and Replace/Update links like Dreamweaver in other editors

I've been slowly weening myself off of Dreamweaver and using other editors like SublimeText and Espresso. But there are two features that are lacking in those editors that I still find the need to use Dreamweaver for:
1.) Find and Replace within entire current local site.
2.) Update links when a page is saved within another directory. For example, if you rename, or re-save a file that is open within another directory, Dreamweaver will ask you to update the links. This will then make sure that if the file is moved or saved to another directory it will update any links within the HTML for stylesheets, images, navigation, etc.
Does any know of any other apps or tools that might be able to accomplish those actions without having to crack open Dreamweaver?
Any input is greatly appreciated. Thanks!
The Sublime Text plugin 'Side Bar Enhancements' has Search/Replace entire project functionality. Doesn't handle update links across files (that i've found)
PHPStorm may handle the second question.

how to keep common elements of site consistent - basic web development question

If I'm creating a simple static site with a handful of pages, how do I deal with keeping the basic skeleton of the site (e.g. navigation bar, header, footer, sidebar) consistent?
I love the dreamweaver template function in which you create a template file that contains all the elements of your site that are common among all of your pages and it automatically updates on all pages when you edit it. Apparently, there is nothing like this in Aptana which is the IDE I'm currently using.
Is there something like this in any other web development IDE?
The closest equivalent Aptana and Textmate have is "persistent includes" under the Commands > HTML > Includes menu. That allows you to reference another file using a special HTML comment, and then when you want to insert that referenced file's content, you'd run the Update Document command in that sub-menu, which would pull in the file contents and replace the special comment with it.
Obviously this isn't particularly dynamic, and you'd want to run Update document on all the files right before deploying the project. You could likely grab the command's source and turn it into a shell script that you run as part of your deployment.

Everything inside < > lost, not seen in html?

I have many source/text file, say file.cpp or file.txt . Now, I want to see all my code/text in browser, so that it will be easy for me to navigate many files.
My main motive for doing all this is, I am learning C++ myself, so whenever I learn something new, I create some sample code and then compile and run it. Also, along these codes, there are comments/tips for me to be aware of. And then I create links for each file for easy navigation purpose. Since, there are many such files, I thought it would be easy to navigate it if I use this html method. I am not sure if it is OK or good approach, I would like to have some feedback.
What I did was save file.cpp/file.txt into file.html and then use pre and code html tag for formatting. And, also some more necessare html tags for viewing html files.
But when I use it, everything inside < > is lost
eg. #include <iostream> is just seen as #include, and <iostream> is lost.
Is there any way to see it, is there any tag or method that I can use ?
I can use regular HTML escape code < and > for this, to see < > but since I have many include files and changing it for all of them is bit time-consuming, so I want to know if there is any other idea ??
So is there any other solution than s/</< and s/>/>
I would also like to know if there any other ideas/tips than just converting cpp file into html.
What I want to have is,
in my main page something like this,
tip1 Do this
tip2 Do that
When I click tip1, it will open tip1.html which has my codes for that tip. And also there is back link in tip1.html, which will take me back to main page on clicking it. Everything is OK just that everything inside < > is lost,not seen.
Thanks.
You might want to take a look at online tools such as CodeHtmler, which allows you to copy into the browser, select the appropriate language, and it'll convert to HTML for you, together with keyword colourisation etc.
Or, do like many other people and put your documentation in Doxygen format (/** */) with code samples in #verbatim/#endverbatim tags. Doxygen is good stuff.
A few ideas:
If you serve the files as mimetype text/plain, the browser should display the text for you.
You could also possibly configure your browser to assume .cpp is text/plain.
Instead of opening the files directly in the browser, you could serve them with a web server than can change the characters for you.
You could also use SyntaxHighlighter to display the code on the client side using JavaScript.
It is pretty much essential that somewhere along the line you use a program to prevent the characters '<>&' from being (mis-)interpreted by your browser (and expand significant repeated blanks into '` '). You have a couple of options for when/how to do that. You could use static HTML, simply converting each file once before putting it into the web server document hierarchy. This has the least conversion overhead if the files are looked at more often than they are modified. Alternatively, you can configure your web server to server the pages via a filter program (CGI, or something more sophisticated) and serve the output of that in lieu of the file. The advantage is that files are only converted when needed; the disadvantage is that the files are converted each time they are needed. You could get fancy and consider a caching solution - convert the file on first demand but retain the converted file for future use. The main downside there is that the web server needs to be able to write to where the converted file is cached - not necessarily a good idea for security reasons. (A minimalist approach to security requires the document hierarchy to be owned by and only writable by one user, say webmaster, and the web server runs as another user, say webserver. Now the web server cannot do any damage because it cannot write anywhere in the document hierarchy. Simple; effective; restrictive.)
The program can be a simple Perl script or a simple C program (the C source for webcode 1.3 is available here).

How do I determine which files a ColdFusion application uses?

I'm starting some work on an existing ColdFusion application with no version control and what look like unused cfm files (test.cfm, test2.cfm etc.). I'd like to get a picture of what files are actually part of the application so I can get it into git or subversion in a manageable state.
How would you go about this? A regex and some methods to find and map cfinclude and cfcomponent tags? Is there some existing tool that does this?
Ben Nadel has a method to examine the live stack trace from a running template. It seems to me that you could easily plop this into your application and log the results to a database. Once you've done that, you've got a good idea of what's in use and what's not.
I think the easiest way, however, is to enable debugging (standard caveat here about development server, etc). The standard ColdFusion debugger will give you a complete list of every file used during the execution of a single page. ColdFire will do the same thing in a handy Firebug extension (click ColdFusion then click Exec Times).
It should be pointed out that the built-in debugger even shows you the files included from CFC calls, and the files included from within those calls as well. It is all inclusive.
Ben Nadel on Stack Traces
Ray Camden's ColdFire
Sample of CF Debugging from a live page:
Put it into git first! Then, if you screw up, you can easily roll back.
(If you're concerned about having a 'clean' repository, when you're finished and fully tested, you have the option to just remove the single .git folder and create a new one.)
Then, as Tomalak suggests, use cflog on every file. Infact I'd say maybe even log twice, at the top and bottom of each script, could potentially help you to map out how the application runs.
A regex is not advisable. Since ColdFusion is quite flexible in the way files can be included or referenced, there will be no way to determine the definitive list of dependencies from the source code alone.
You could insert a <cflog> into each file and build a log from the running application. Examine the log after the application was active for a while and all functionality had been accessed at least once.
Don't bother instrumenting each file, just cflog the page name in OnRequest inside application.cfc - the target page is an argument.
Of course then the issue becomes code coverage and the ability to fully excercise the app.
<cffunction name="onRequest" returnType="void">
<cfargument name="targetPage" type="String" required=true/>
<cflog file="Usedpage" text="#Arguments.targetPage#">
<cfinclude template="#Arguments.targetPage#">
...
</cffunction>
cfinclude won't tell you if a url is supposed to load the file directly. I've seen system where some files are not included via an index.cfm even when the framework expects it. I have it in my own work where index.cfm loads most code but reset.cfm bypasses the framework to reset configs and session data.
Download a trial of Dreamweaver and define a ColdFusion site. DW can create a site map and tell you which files are not included, linked, cfmoduled and so forth. I don't know if it can figure out unused CFCs, but CFMs should be easy. Note that I haven't used DW for years, but it had this functionality around CF 4/5.