How do I determine which files a ColdFusion application uses? - coldfusion

I'm starting some work on an existing ColdFusion application with no version control and what look like unused cfm files (test.cfm, test2.cfm etc.). I'd like to get a picture of what files are actually part of the application so I can get it into git or subversion in a manageable state.
How would you go about this? A regex and some methods to find and map cfinclude and cfcomponent tags? Is there some existing tool that does this?

Ben Nadel has a method to examine the live stack trace from a running template. It seems to me that you could easily plop this into your application and log the results to a database. Once you've done that, you've got a good idea of what's in use and what's not.
I think the easiest way, however, is to enable debugging (standard caveat here about development server, etc). The standard ColdFusion debugger will give you a complete list of every file used during the execution of a single page. ColdFire will do the same thing in a handy Firebug extension (click ColdFusion then click Exec Times).
It should be pointed out that the built-in debugger even shows you the files included from CFC calls, and the files included from within those calls as well. It is all inclusive.
Ben Nadel on Stack Traces
Ray Camden's ColdFire
Sample of CF Debugging from a live page:

Put it into git first! Then, if you screw up, you can easily roll back.
(If you're concerned about having a 'clean' repository, when you're finished and fully tested, you have the option to just remove the single .git folder and create a new one.)
Then, as Tomalak suggests, use cflog on every file. Infact I'd say maybe even log twice, at the top and bottom of each script, could potentially help you to map out how the application runs.

A regex is not advisable. Since ColdFusion is quite flexible in the way files can be included or referenced, there will be no way to determine the definitive list of dependencies from the source code alone.
You could insert a <cflog> into each file and build a log from the running application. Examine the log after the application was active for a while and all functionality had been accessed at least once.

Don't bother instrumenting each file, just cflog the page name in OnRequest inside application.cfc - the target page is an argument.
Of course then the issue becomes code coverage and the ability to fully excercise the app.
<cffunction name="onRequest" returnType="void">
<cfargument name="targetPage" type="String" required=true/>
<cflog file="Usedpage" text="#Arguments.targetPage#">
<cfinclude template="#Arguments.targetPage#">
...
</cffunction>

cfinclude won't tell you if a url is supposed to load the file directly. I've seen system where some files are not included via an index.cfm even when the framework expects it. I have it in my own work where index.cfm loads most code but reset.cfm bypasses the framework to reset configs and session data.

Download a trial of Dreamweaver and define a ColdFusion site. DW can create a site map and tell you which files are not included, linked, cfmoduled and so forth. I don't know if it can figure out unused CFCs, but CFMs should be easy. Note that I haven't used DW for years, but it had this functionality around CF 4/5.

Related

How can I compile my ColdFusion code for sourceless distribution, and have it be unreadable?

I've been tasked with creating a deployable version of a ColdFusion web app to be installed on a clients server. I'm trying to find a way to give them a compiled version of our code, and my first inclination was to use the CFCompile utility that I found here. However, after running CFCompile, most of the code in the CFM files is still readable. The only thing that appears to be obfuscated at all is the actual ColdFusion code - all of the SQL Queries are still perfectly readable. (Example in the screenshot below)
The HTML and JavaScript are also still readable in the compiled code, but that doesn't matter as those can be seen in a web browser anyways.
Is there another way to distribute my source code in a format that is completely unreadable to the user? I'm guessing that for whatever method I choose, there will be some way of decompiling the code. That's not an issue, I just need to find a way to make it more difficult than opening the file and seeing the queries.
Hostek has a pretty good write up on the subject over on their site - How to Encrypt or Compile ColdFusion Files.
Basically, from that article:
Using cfcompile.bat
The cfcompile.bat utility will compile all .cfm and .cfc files within a given directory into Java bytecode. This has the effect of making your source code unreadable, and it also prevents ColdFusion from having to compile your ColdFusion files on first use which provides a small performance enhancement.
More details about using cfcompile.bat can be found in ColdFusion's Documentation
Using cfencode.exe
The cfencode.exe utility will apply basic encryption to a specific file or directory. If used to encrypt a directory, it will apply encryption to ALL files in the directory which can break any JS, CSS, images, or other non-ColdFusion files.
They do also include this note at the bottom:
Note: Encrypting your site files with cfencode does not guarantee absolute security of your source code, but it does add a layer of obfuscation to help prevent unauthorized individuals from viewing the source.
The article goes on to give basic instructions on how to use each.
Adobe has this note on their site regarding cfencode:
Note: You can also use the cfencode utility, located in the cf_root/bin directory, to obscure ColdFusion pages that you distribute. Although this technique cannot prevent persistent hackers from determining the contents of your pages, it does prevent inspection of the pages. The cfencode utility is not available on OS X.
I would also add that it will be trivial for anyone familiar with ColdFusion to decode anything encoded with this utility because they also provide the decoder.

Locating Specific Files on a ColdFusion Server

So I've began working with .cfm files recently at work, currently my assignment is to modify and update webpages to be more suited to mobile devices and tablets. Now, being relatively new to ColdFusion, I've been having a bit of trouble with how multiple .cfm files are used within a server to create a single webpage. Because of this, I've had issues with finding where specific sections of HTML are located, be it something as where a simple tag is, or where a call to another .cfm, javascript, or .css file may be. Is there anyway to find the origin of certain code without having to skim through hundreds of different files?
If you are working on your code on a local webserver on your computer (i.e. not a production site) then you can enable ColdFusion's debugging output.
Documentation for the ColdFusion Administrator debugging options are here: ColdFusion Administrator Debugging
You will want to enable Enable Request Debugging Output and turn on Report Execution Times. When you browse to the page, ColdFusion will give you a list of all files that ColdFusion used to render that page (with how long each file took) appended to the bottom of the page.
Otherwise, any good IDE/Editor (CFBuilder, SublimeText, NotePad++ etc) will be able to search across files.
I would suggest downloading the code from your server to a local drive. From there you can search using an IDE (ColdFusion Builder, Dreamweaver, etc) or a good text editor that can search multiple files at once. I personally use ColdFusion Builder 3 and Notepad++.
Multiple cfm files are put together into a single page usually by using the cfinclude tag, so that would be a good starting point for your search. There are other methods to include different pages into a single page but cfinclude is probably the most common one. BUT, if the programmer used cfscript instead of cfml, look for the include function instead.
Adobe documentation on the cfinclude tag can be found at https://wikidocs.adobe.com/wiki/display/coldfusionen/cfinclude.

Using docx4j with ColdFusion

I am attempting to create Word documents with ColdFusion, but it does not seem there is any way to do it with only ColdFusion. The best solution seems to be docx4j. However, I can't seem to find any in-depth docx4j and ColdFusion examples (Aside from this question). Where can I get some doc4jx and ColdFusion examples?
pulling the data from a database.
https://stackoverflow.com/a/10845077/1031689 shows one approach to doing this. There are other ways, as to which see http://www.slideshare.net/plutext/document-generation-2012osdcsydney
The document needs page numbers and to
Typically you'd add these via a header or footer. You might find it easier to start with an almost empty docx structured appropriately, rather than creating the necessary structures via ColdFusion calling docx4j. You could still do it this way in conjunction with the final paragraph of this answer below.
create a table of contents.
Search the docx4j forums for how to do this.
In general, it looks like the easiest approach would be to create a Java class file which does everything you want (by invoking docx4j), and for your ColdFusion to just invoke that Java class. In other words, do a bit of Java programming first, get that working, then hook it up to your ColdFusion stuff.
I am not sure what exactly you mean with creating word document, which in my opinion is pretty simple. Manipulating yes, a bit tricky with docx4j or so.
<cfsavecontent variable="variables.mydoc">
Your content here
</cfsavecontent>
<cffile action="write" file="#yourFile.doc#" output="#variables.mydoc#">
Also see this post
Creating a Word document in Coldfusion - how to have pagenumbering?

coldfusion application.cfc not found

I've been having a sporadic problem for a few weeks where on restarting the CF Server (Enterprise 9) one of my applications runs without ColdFusion referencing all the variables in the Application.cfc file. It's in the same folder as the CFML pages, it IS properly capitalised as Application.cfc, but it seems to just be ignored. Obviously this causes problems with datasource name and all the other variables I set in Application.cfc. For reference, I'm using an Application.cfc file based on Ben Nadel's excellent intro at http://www.bennadel.com/blog/726-ColdFusion-Application-cfc-Tutorial-And-Application-cfc-Reference.htm . Usually my requested template runs as an include and I can see it in the stack using debugging output, now I can't see it there at all. It's as if the file just doesn't exist.
Has anyone else experienced this, or can you think of possible solutions? Note that at times a restart has got the whole thing running perfectly smoothly.
Re folder structure it's really simple: the Application.cfc file is in the web root along with executable CFML templates - included templates, images, CSS etc are in separate folders referenced via relative paths.
There is another application with its own similar Application.cfc file that is in a sub-directory of the web root. This is running perfectly.
Try clearing your template cache. I've see cases where CF just gets flakey and the cached files are causing issues. Another option: Does ColdFusion have permissions to read/execute the Application.cfc? If this WAS an issue but is no longer an issue I've seen cases where the template cache was causing these files not to be found. Again, delete these files (from disk, not the cfadmin) and try again.

How to force an MS Word download to a particular location

I used the code below to download an MS Word file to a default download folder. But I need the document to be downloaded to a specific location. How can I do this?
Code:
<cfcontent type="application/msword">
<cfheader name="content-Disposition" value="attachment;filename=Simple_run.doc">
You can only dispatch the file to the client. It is the user agent's job to decide how to deal with the file that is being sent. Some browsers will prompt the user for location, others will default to a download directory. This cannot be dictated by the server.
You can't. The destination is controlled by browser and system preferences, not the webpage. You can set the file name but that's all. That's not a bug or oversight either, it's deliberate to prevent websites from tricking users into overwriting system files.
Mind you, if you control the client machine as well (like in an intranet) you have a few more options. The simplest is to use a custom mime type and then write a small program to handle the actual filesystem copy to your target folder.
You can use this code to save an MS Word document to particular location.
I made noticeEmail content as document. Happy coding.
<cfsavecontent variable="whatever">
<cfinclude template="noticeEmail.cfm">
</cfsavecontent>
<cffile action="WRITE" file="#WordFilePath#.doc" output="#whatever#">