diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml new file mode 100644 index 000000000..566bc03f7 --- /dev/null +++ b/.github/workflows/gradle.yml @@ -0,0 +1,32 @@ +name: Gradle + +on: + pull_request: + branches: + - main + - master + - dev + +jobs: + gradle: + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up JDK 8 + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 8 + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + with: + gradle-version: wrapper + + - name: Build with Gradle + run: ./gradlew build \ No newline at end of file diff --git a/README.md b/README.md index e44012b86..c6e688427 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,20 @@ ![CFLint](/src/main/resources/CFLint-logo.jpg) -# CFLint [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6f4b01d4d2cb4860b60ac666452071f1)](https://www.codacy.com/app/ryaneberly/CFLint?utm_source=github.com&utm_medium=referral&utm_content=cflint/CFLint&utm_campaign=Badge_Grade) [![Build Status](https://travis-ci.org/cflint/CFLint.svg?branch=master)](https://travis-ci.org/cflint/CFLint) +# CFLint + +[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6f4b01d4d2cb4860b60ac666452071f1)](https://www.codacy.com/app/ryaneberly/CFLint?utm_source=github.com&utm_medium=referral&utm_content=cflint/CFLint&utm_campaign=Badge_Grade) [![Build Status](https://travis-ci.org/cflint/CFLint.svg?branch=master)](https://travis-ci.org/cflint/CFLint) A static code analysis tool for CFML. License: [BSD](https://opensource.org/licenses/bsd-license.html) -Current Version: 1.4.1 +Current Version: 1.5.x -# Versions +## Versions See [CHANGELOG.md](/CHANGELOG.md) for further information. -# Project and library organization +## Project and library organization CFLint is a project developed and worked on by volunteers. When logging issues please, be nice and considerate. We're here to help. We really appreciate fixes and improvements, so feel free to talk to us and/or provide pull requests. @@ -20,7 +22,7 @@ CFLint is a project developed and worked on by volunteers. When logging issues p The master branch is considered our stable codebase. Most of the development happens in the dev branch resp. local development branches for specific issues. -# Building CFLint +## Building CFLint 1. Fork the repository into your account and clone or download the codebase as a zip-file. 1. Install the tooling of your choice and build via Gradle or Maven (deprecated). CFLint requires Java 8. @@ -39,7 +41,7 @@ The master branch is considered our stable codebase. Most of the development hap Alternatively, import the CFLint codebase into the IDE of your choice and use its respectively Gradle/Maven integration. This should work out of the box for Eclipse and IntelliJ users. -# Using CFLint - Quickstart Guide +## Using CFLint - Quickstart Guide Get the latest version from [Maven Central](https://search.maven.org/search?q=cflint) or the [CFLint GitHub release page](https://github.com/cflint/CFLint/releases) or build the project. @@ -65,21 +67,21 @@ Or always use the latest: With the binaries retrieved one or the other way, you can now use CFLint on the command line. -#### Use the "-all"-version of the jar-file +### Use the "-all"-version of the jar-file - CFLint-1.4.1-all.jar + CFLint-1.5.0-all.jar -#### Scan a folder with the complete set of rules +### Scan a folder with the complete set of rules - java -jar CFLint-1.4.1-all.jar -folder + java -jar CFLint-1.5.0-all.jar -folder -#### Scan a file with the complete set of rules +### Scan a file with the complete set of rules - java -jar CFLint-1.4.1-all.jar -file + java -jar CFLint-1.5.0-all.jar -file -#### See parameters and help +### See command line parameters and help - java -jar CFLint-1.4.1-all.jar -help + java -jar CFLint-1.5.0-all.jar -help # User manual @@ -131,13 +133,13 @@ An example `.cflintrc` file is shown below: * `inheritParent` configures if the rules set in the global or any parent configuration should be inherited as a base set of rules. -* `parameters` allows configuration of rule parameters. See `cflint.definition.json` for the parameters and their defaults. +* `parameters` allows configuration of rules. See [RULES.md](/RULES.md) for the parameters of each rule and their defaults. You must precede the parameter name with the rule name separated by a dot. * Please note: `inheritPlugins` and `output` were marked deprecated in CFLint 1.2.0 and removed in 1.4.0. Plugin inheritance is now always treated as true since the team cannot see a use case in which it should be disabled. The output type can be controlled elsewhere, such as command-line flags. We provide a [schema with the deprecated properties excluded](/src/main/resources/schemas/.cflintrc.schema.json). -More examples of `.cflintrc` files can be found by browsing the [project test files](/src/test/resources/com/cflint/tests). +See [Recipes](#recipes) for some usage examples of `.cflintrc`. Example files can be found by browsing the [project test files](/src/test/resources/com/cflint/tests). ### Annotation-based configuration @@ -567,5 +569,6 @@ Please note that the majority of the libraries and projects mentioned here are n * [SonarQube plugin](https://github.com/stepstone-tech/sonar-coldfusion) * [NPM wrapper](https://github.com/morgdenn/npm-cflint) * Vim [Syntastic support for CFLint](https://github.com/cflint/cflint-syntastic) +* [IntelliJ IDEA Ultimate plugin](https://github.com/Pr1st0n/cflint-intellij) If you have been working on (or are thinking about starting) a project related to CFLint, please let us know. We're happy to include relevant third-party projects to the list above. diff --git a/RULES.md b/RULES.md index 931440af9..a48dbf22c 100644 --- a/RULES.md +++ b/RULES.md @@ -1,416 +1,1045 @@ -List of built-in rules and rule groups -====================================== -## Rule Parameters -
FunctionLengthChecker.length = *100* -
ComponentLengthChecker.length = *500* -
TooManyArgumentsChecker.maximum = *10* -
TooManyFunctionsChecker.maximum = *10* -
SimpleComplexityChecker.maximum = *10* -
VariableNameChecker.minLength = *3* -
VariableNameChecker.maxLength = *20* -
VariableNameChecker.maxWords = *4* -
VariableNameChecker.ignoreUpperCaseScopes = *CGI,URL* -
VariableNameChecker.ignoreAllCapsInScopes = *this,variables* -
VariableNameChecker.ignorePrefixPostfixOn = *thisTag* -
VariableNameChecker.case = *camelCase* -
ArgumentNameChecker.minLength = *3* -
ArgumentNameChecker.maxLength = *20* -
ArgumentNameChecker.maxWords = *4* -
ArgumentNameChecker.case = *camelCase* -
MethodNameChecker.minLength = *3* -
MethodNameChecker.maxLength = *25* -
MethodNameChecker.maxWords = *5* -
MethodNameChecker.case = *camelCase* -
ComponentNameChecker.minLength = *3* -
ComponentNameChecker.maxLength = *15* -
ComponentNameChecker.maxWords = *3* -
ComponentNameChecker.case = *PascalCase* -
GlobalLiteralChecker.maximum = *3* -
GlobalLiteralChecker.maxWarnings = *5* -
GlobalLiteralChecker.warningScope = *global* -
GlobalLiteralChecker.ignoreWords = *numeric,text,textnocase,asc,desc,in,out,inout,one,all,bigdecimal,boolean,byte,char,int,long,float,double,short,string,null* -
LocalLiteralChecker.maximum = *3* -
LocalLiteralChecker.maxWarnings = *5* -
LocalLiteralChecker.warningScope = *local* -
LocalLiteralChecker.ignoreWords = *numeric,text,textnocase,asc,desc,in,out,inout,one,all,bigdecimal,boolean,byte,char,int,long,float,double,short,string,null* -## Built-in rules -* ArgDefChecker - * ARG_DEFAULT_MISSING - Optional argument is missing a default value. *WARNING* - * Argument *variable* is not required and does not define a default value. -* ArgVarChecker - * ARG_VAR_CONFLICT - Variable declared in both local and argument scopes. *ERROR* - * Variable *variable* should not be declared in both local and argument scopes. - * ARG_VAR_MIXED - Variable referenced in local and argument scopes. *INFO* - * Variable *variable* should not be referenced in local and argument scope. -* CFSwitchDefaultChecker - * NO_DEFAULT_INSIDE_SWITCH - Missing default switch statement. *WARNING* - * Not having a Default statement defined for a switch could pose potential issues. -* GlobalVarChecker - * GLOBAL_VAR - Global variable exists. *WARNING* - * Identifier *variable* is global. Referencing in a CFC or function should be avoided. -* NestedCFOutput - * NESTED_CFOUTPUT - Nexted cfoutput with cfquery tag. *ERROR* - * Nested CFOutput, outer CFOutput has @query. -* OutputParmMissing - * OUTPUT_ATTR - Tag should have output='false'. *INFO* - * <*tag* name="*variable*"> should have @output='false' -* QueryParamChecker - * QUERYPARAM_REQ - SetSql() statement should use .addParam(). *WARNING* - * setSql() statement should use .addParam() instead of #'s name="*variable*" - * CFQUERYPARAM_REQ - cfquery should use <cfqueryparam>. *WARNING* - * <*tag*> should use <cfqueryparam/> for variable '*variable*'. -* TypedQueryNew - * QUERYNEW_DATATYPE - QueryNew statement should specify datatypes. *WARNING* - * QueryNew statement should specify datatypes. -* VarScoper - * MISSING_VAR - Variable is not declared with a var statement. *ERROR* - * Variable *variable* is not declared with a var statement. -* CFDumpChecker - * Parameters - * tagName = *cfdump* - * AVOID_USING_CFDUMP_TAG - Avoid use of cfdump tags. *WARNING* - * Avoid leaving <cfdump> tags in committed code. Debug information should be omitted from release code -* CFExecuteChecker - * Parameters - * tagName = *cfexecute* - * AVOID_USING_CFEXECUTE_TAG - Avoid use of cfexecute tags. *WARNING* - * Avoid leaving <cfexecute> tags in committed code. CFexecute can be used as an attack vector and is slow. -* CFBuiltInFunctionChecker - * AVOID_USING_ISDATE - *WARNING* - * Avoid using the isDate built-in function. It is too permissive. Use isValid() instead. -* CFAbortChecker - * Parameters - * tagName = *cfabort* - * AVOID_USING_CFABORT_TAG - Avoid use of cfabort tags. *INFO* - * Avoid leaving <cfabort> tags in committed code. -* AbortChecker - * AVOID_USING_ABORT - Avoid use of abort statements. *INFO* - * Avoid using abort in production code. -* CFInsertChecker - * Parameters - * tagName = *cfinsert* - * AVOID_USING_CFINSERT_TAG - Avoid use of cfinsert tags. *WARNING* - * Avoid using <cfinsert> tags. Use cfquery and cfstoredproc instead. -* CFModuleChecker - * Parameters - * tagName = *cfmodule* - * AVOID_USING_CFMODULE_TAG - Avoid use of cfmodule tags. *WARNING* - * Avoid using <cfmodule> tags. -* CFUpdateChecker - * Parameters - * tagName = *cfupdate* - * AVOID_USING_CFUPDATE_TAG - Avoid use of cfupdate tags. *WARNING* - * Avoid using <cfupdate> tags. Use cfquery and cfstoredproc instead. -* CFIncludeChecker - * Parameters - * tagName = *cfinclude* - * scope = *component* - * AVOID_USING_CFINCLUDE_TAG - Avoid use of cfinclude tags. *WARNING* - * Avoid using <cfinclude> tags. Use components instead. -* ComponentHintChecker - * COMPONENT_HINT_MISSING - Component is missing a hint. *WARNING* - * Component *variable* is missing a hint. -* FunctionHintChecker - * FUNCTION_HINT_MISSING - Function is missing a hint. *INFO* - * Function *variable* is missing a hint. -* ArgumentHintChecker - * ARG_HINT_MISSING - Argument is missing a hint. *INFO* - * Argument *variable* is missing a hint. - * ARG_HINT_MISSING_SCRIPT - *INFO* - * Argument *variable* is missing a hint. Use javadoc style annotations on cfscript functions. -* ArgumentTypeChecker - * ARG_TYPE_MISSING - Component is missing a type. *WARNING* - * Argument *variable* is missing a type. - * ARG_TYPE_ANY - Component is of type any. *WARNING* - * Argument *variable* is any. Please change to be a more specific type. -* FunctionLengthChecker - * Parameters - * length = *100* - * EXCESSIVE_FUNCTION_LENGTH - Method is too long. *WARNING* - * Function *function* is *variable* lines. Should be fewer than 100 lines. -* ComponentLengthChecker - * Parameters - * length = *500* - * EXCESSIVE_COMPONENT_LENGTH - Component is too long. *WARNING* - * Component *component* is *variable* lines. Should be fewer than 500 lines. -* FunctionTypeChecker - * FUNCTION_TYPE_MISSING - Function is missing a return type. *WARNING* - * Function *variable* is missing a return type. - * FUNCTION_TYPE_ANY - Function has a return type of any. *INFO* - * Function *variable* return type is any. Please change to be a more specific type. -* TooManyArgumentsChecker - * Parameters - * maximum = *10* - * EXCESSIVE_ARGUMENTS - Function has too many arguments. *WARNING* - * Function *function* has too many arguments. Should be fewer than 10. -* TooManyFunctionsChecker - * Parameters - * maximum = *10* - * EXCESSIVE_FUNCTIONS - Too many functions. *WARNING* - * Component *component* has too many functions. Should be fewer than 10. -* SimpleComplexityChecker - * Parameters - * maximum = *10* - * FUNCTION_TOO_COMPLEX - Function is too complex. *WARNING* - * Function *function* is too complex. Consider breaking the function into smaller functions. -* WriteDumpChecker - * Parameters - * functionName = *writeDump* - * AVOID_USING_WRITEDUMP - Avoid use of writedump statements. *INFO* - * Avoid using the writeDump function in production code. -* StructNewChecker - * Parameters - * functionName = *structNew* - * AVOID_USING_STRUCTNEW - Avoid use of structnew statements. Use {} instead. *INFO* - * Avoid using the structNew function in production code. -* IsDebugModeChecker - * Parameters - * functionName = *IsDebugMode* - * AVOID_USING_ISDEBUGMODE - Avoid use of isdebugmode statements. *WARNING* - * Avoid using the IsDebugMode function in production code. -* ArrayNewChecker - * AVOID_USING_ARRAYNEW - Avoid use of arraynew statements. Use [] instead. *INFO* - * Use implict array construction instead (= []). -* ComplexBooleanExpressionChecker - * COMPLEX_BOOLEAN_CHECK - Complex boolean expression. *WARNING* - * Boolean expression is too complex. Consider simplifying or moving to a named method. -* BooleanExpressionChecker - * EXPLICIT_BOOLEAN_CHECK - Checking boolean expression explicitly. *INFO* - * Explicit check of boolean expression is not needed. -* VariableNameChecker - * Parameters - * minLength = *3* - * maxLength = *20* - * maxWords = *4* - * ignoreUpperCaseScopes = *CGI,URL* - * ignoreAllCapsInScopes = *this,variables* - * ignorePrefixPostfixOn = *thisTag* - * case = *camelCase* - * VAR_INVALID_NAME - Variable has invalid name. *INFO* - * Variable *variable* is not a valid name. Please use camelCase or underscores. - * VAR_ALLCAPS_NAME - Variable name is allcaps. *INFO* - * Variable *variable* should not be upper case. - * SCOPE_ALLCAPS_NAME - Variable scope name is allcaps. *INFO* - * Scope *variable* should not be upper case. - * VAR_TOO_SHORT - Variable name is too short. *INFO* - * Variable *variable* should be longer than 3 characters. - * VAR_TOO_LONG - Variable name is too long. *INFO* - * Variable *variable* should be shorter than 20 characters. - * VAR_TOO_WORDY - Variable name contain too many words. *INFO* - * Variable *variable* is too wordy. Try to think of a more concise name. - * VAR_IS_TEMPORARY - Variable name looks temporary. *INFO* - * Temporary variable *variable* could be named better. - * VAR_HAS_PREFIX_OR_POSTFIX - Variable name has prefix or postfix. *INFO* - * Variable has prefix or postfix *variable* and could be named better. -* ArgumentNameChecker - * Parameters - * minLength = *3* - * maxLength = *20* - * maxWords = *4* - * case = *camelCase* - * ARGUMENT_MISSING_NAME - *INFO* - * Argument is missing a name. - * ARGUMENT_INVALID_NAME - Argument has invalid name. *INFO* - * Argument *variable* is not a valid name. Please use camelCase or underscores. - * ARGUMENT_ALLCAPS_NAME - Argument name is allcaps. *INFO* - * Argument *variable* should not be upper case. - * ARGUMENT_TOO_SHORT - Argument name is too short. *INFO* - * Argument *variable* should be longer than 3 characters. - * ARGUMENT_TOO_LONG - Argument name is too long. *INFO* - * Argument *variable* should be shorter than 20 characters. - * ARGUMENT_TOO_WORDY - Argument name contain too many words. *INFO* - * Argument *variable* is too wordy. Try to think of a more concise name. - * ARGUMENT_IS_TEMPORARY - Argument name looks temporary. *INFO* - * Temporary argument *variable* could be named better. - * ARGUMENT_HAS_PREFIX_OR_POSTFIX - Argument name has prefix or postfix. *INFO* - * Argument has prefix or postfix *variable* and could be named better. -* MethodNameChecker - * Parameters - * minLength = *3* - * maxLength = *25* - * maxWords = *5* - * case = *camelCase* - * METHOD_INVALID_NAME - Method has invalid name. *INFO* - * Method name *function* is not a valid name. Please use camelCase or underscores. - * METHOD_ALLCAPS_NAME - Method name is allcaps. *INFO* - * Method name *function* should not be upper case. - * METHOD_TOO_SHORT - Method name is too short. *INFO* - * Method name *function* should be longer than 3 characters. - * METHOD_TOO_LONG - Method name is too long. *INFO* - * Method name *function* should be shorter than 25 characters. - * METHOD_TOO_WORDY - Method name contain too many words. *INFO* - * Method name *function* is too wordy. Try to think of a more concise name. - * METHOD_IS_TEMPORARY - Method name looks temporary. *INFO* - * Method name *function* could be named better. - * METHOD_HAS_PREFIX_OR_POSTFIX - Method name has prefix or postfix. *INFO* - * Method name *function* has prefix or postfix and could be named better. -* ComponentNameChecker - * Parameters - * minLength = *3* - * maxLength = *15* - * maxWords = *3* - * case = *PascalCase* - * COMPONENT_INVALID_NAME - Component has invalid name. *INFO* - * Component name *component* is not a valid name. Please use PascalCase and start with a capital letter. - * COMPONENT_ALLCAPS_NAME - Component name is allcaps. *INFO* - * Component name *component* should not be all upper case. - * COMPONENT_TOO_SHORT - Component name is too short. *INFO* - * Component name *component* should be longer than 3 characters. - * COMPONENT_TOO_LONG - Component name is too long. *INFO* - * Component name *component* should be shorter than 15 characters. - * COMPONENT_TOO_WORDY - Component name contain too many words. *INFO* - * Component name *component* is too wordy. Try to think of a more concise name. - * COMPONENT_IS_TEMPORARY - Component name looks temporary. *INFO* - * Component name *component* could be named better. - * COMPONENT_HAS_PREFIX_OR_POSTFIX - Component name has prefix or postfix. *INFO* - * Component name *component* has prefix or postfix and could be named better. -* FileCaseChecker - * FILE_SHOULD_START_WITH_LOWERCASE - CFM File starts with upper case. *INFO* - * File *filename* starts with an upper case letter. Only components (.cfc files) should start with an upper case letter. -* CreateObjectChecker - * AVOID_USING_CREATEOBJECT - Avoid use of creatobject statements. *INFO* - * CreateObject found. Use createObject(path_to_component) or even better new path_to_component(). -* CFDebugAttributeChecker - * AVOID_USING_DEBUG_ATTR - Avoid use of debug attribute. *WARNING* - * Avoid leaving debug attribute on tags. - * AVOID_USING_CFSETTING_DEBUG - Avoid using showDebugOutput attribute on cfsetting. *WARNING* - * Avoid using showDebugOutput attribute on cfsetting. -* UnusedLocalVarChecker - * Parameters - * usedTagAttributes = *[cfquery/name, cfloop/index, cfloop/item, cfchart/name, cfdocument/name, cfftp/name, cfhtmltopdf/name, cfhttp/resultname, cfimage/name, cfimap/name, cfldap/name, cfoutput/query, cfpdf/name, cfreport/name, cfsavecontent/name, cfstoreproc/result, cfxml/variable]* - * UNUSED_LOCAL_VARIABLE - Unused local variable. *INFO* - * Local variable *variable* is not used in function *function*. Consider removing it. -* UnusedArgumentChecker - * UNUSED_METHOD_ARGUMENT - Unused method argument. *INFO* - * Argument *variable* is not used in function. Consider removing it. -* CFCompareVsAssignChecker - * COMPARE_INSTEAD_OF_ASSIGN - Using comparision where assignment was probably meant. *WARNING* - * CWE-482: Comparing instead of Assigning -* StructKeyChecker - * UNQUOTED_STRUCT_KEY - *WARNING* - * Unquoted struct key *variable* is not case-sensitive. Quoting it is recommended. - * STRUCT_ARRAY_NOTATION - *WARNING* - * Unquoted struct key *variable* is not case-sensitive. Using array notation is recommended. -* SelectStarChecker - * SQL_SELECT_STAR - *WARNING* - * Avoid using 'select *' in a query. -* CFQueryChecker - * NEVER_USE_QUERY_IN_CFM - ** - * Don't use <cfquery> in .cfm files. Database should not be coupled with view. -* ComponentDisplayNameChecker - * USE_DISPLAY_NAME - *INFO* - * Component *variable* has a name attribute, but perhaps you meant to use displayName. -* GlobalLiteralChecker - * Parameters - * maximum = *3* - * maxWarnings = *5* - * warningScope = *global* - * ignoreWords = *numeric,text,textnocase,asc,desc,in,out,inout,one,all,bigdecimal,boolean,byte,char,int,long,float,double,short,string,null* - * GLOBAL_LITERAL_VALUE_USED_TOO_OFTEN - *WARNING* - * Literal *variable* occurs several times in one or more files. Consider giving it a name and not hard coding values. -* LocalLiteralChecker - * Parameters - * maximum = *3* - * maxWarnings = *5* - * warningScope = *local* - * ignoreWords = *numeric,text,textnocase,asc,desc,in,out,inout,one,all,bigdecimal,boolean,byte,char,int,long,float,double,short,string,null* - * LOCAL_LITERAL_VALUE_USED_TOO_OFTEN - *WARNING* - * Literal *variable* occurs several times in the same file. Consider giving it a name and not hard coding values. -* PackageCaseChecker - * PACKAGE_CASE_MISMATCH - Warn with package case does not match its use. *WARNING* - * The case of the package folder and the object declaration do not match for *variable*. +# Built-in Rules + +## Rule List + +### ArgDefChecker + +#### ARG_DEFAULT_MISSING + +Optional argument is missing a default value. + +**Severity**: WARNING + +**Message**: Argument *variable* is not required and does not define a default value. + +### ArgVarChecker + +#### ARG_VAR_CONFLICT + +Variable declared in both local and argument scopes. + +**Severity**: ERROR + +**Message**: Variable *variable* should not be declared in both local and argument scopes. + +#### ARG_VAR_MIXED + +Variable referenced in local and argument scopes. + +**Severity**: INFO + +**Message**: Variable *variable* should not be referenced in local and argument scope. + +### CFSwitchDefaultChecker + +#### NO_DEFAULT_INSIDE_SWITCH + +Missing default switch statement. + +**Severity**: WARNING + +**Message**: Not having a Default statement defined for a switch could pose potential issues. + +### GlobalVarChecker + +#### GLOBAL_VAR + +Global variable exists. + +**Severity**: WARNING + +**Message**: Identifier *variable* is global. Referencing in a CFC or function should be avoided. + +### NestedCFOutput + +#### NESTED_CFOUTPUT + +Nested cfoutput with cfquery tag. + +**Severity**: ERROR + +**Message**: Nested CFOutput, outer CFOutput has @query. + +### OutputParmMissing + +#### OUTPUT_ATTR + +Tag should have output='false'. + +**Severity**: INFO + +**Message**: <*tag* name="*variable*"> should have @output='false' + +### QueryParamChecker + +#### QUERYPARAM_REQ + +Use query parameters for variables in sql statements. + +**Severity**: WARNING + +**Message**: Use query parameters for variables in sql statements. + +#### CFQUERYPARAM_REQ + +cfquery should use <cfqueryparam>. + +**Severity**: WARNING + +**Message**: <*tag*> should use <cfqueryparam/> for variable '*variable*'. + +### TypedQueryNew + +#### QUERYNEW_DATATYPE + +QueryNew statement should specify data types. + +**Severity**: WARNING + +**Message**: QueryNew statement should specify datatypes. + +### VarScoper + +#### MISSING_VAR + +Variable is not declared with a var statement. + +**Severity**: ERROR + +**Message**: Variable *variable* is not declared with a var statement. + +### CFDumpChecker + +#### AVOID_USING_CFDUMP_TAG + +Avoid use of cfdump tags. + +**Severity**: WARNING + +**Message**: Avoid leaving <cfdump> tags in committed code. Debug information should be omitted from release code + +### CFExecuteChecker + +#### AVOID_USING_CFEXECUTE_TAG + +Avoid use of cfexecute tags. + +**Severity**: WARNING + +**Message**: Avoid leaving <cfexecute> tags in committed code. CFexecute can be used as an attack vector and is slow. + +### CFBuiltInFunctionChecker + +#### AVOID_USING_ISDATE + +**Severity**: WARNING + +**Message**: Avoid using the isDate built-in function. It is too permissive. Use isValid() instead. + +### CFAbortChecker + +#### AVOID_USING_CFABORT_TAG + +Avoid use of cfabort tags. + +**Severity**: INFO + +**Message**: Avoid leaving <cfabort> tags in committed code. + +### AbortChecker + +#### AVOID_USING_ABORT + +Avoid use of abort statements. + +**Severity**: INFO + +**Message**: Avoid using abort in production code. + +### CFInsertChecker + +#### AVOID_USING_CFINSERT_TAG + +Avoid use of cfinsert tags. + +**Severity**: WARNING + +**Message**: Avoid using <cfinsert> tags. Use cfquery and cfstoredproc instead. + +### CFModuleChecker + +#### AVOID_USING_CFMODULE_TAG + +Avoid use of cfmodule tags. + +**Severity**: WARNING + +**Message**: Avoid using <cfmodule> tags. + +### CFUpdateChecker + +#### AVOID_USING_CFUPDATE_TAG + +Avoid use of cfupdate tags. + +**Severity**: WARNING + +**Message**: Avoid using <cfupdate> tags. Use cfquery and cfstoredproc instead. + +### CFIncludeChecker + +#### AVOID_USING_CFINCLUDE_TAG + +Avoid use of cfinclude tags. + +**Severity**: WARNING + +**Message**: Avoid using <cfinclude> tags. Use components instead. + +### ComponentHintChecker + +#### COMPONENT_HINT_MISSING + +Component is missing a hint. + +**Severity**: WARNING + +**Message**: Component *variable* is missing a hint. + +### FunctionHintChecker + +#### FUNCTION_HINT_MISSING + +Function is missing a hint. + +**Severity**: INFO + +**Message**: Function *variable* is missing a hint. + +### ArgumentHintChecker + +#### ARG_HINT_MISSING + +Argument is missing a hint. + +**Severity**: INFO + +**Message**: Argument *variable* is missing a hint. + +#### ARG_HINT_MISSING_SCRIPT + +**Severity**: INFO + +**Message**: Argument *variable* is missing a hint. Use javadoc style annotations on cfscript functions. + +### ArgumentTypeChecker + +#### ARG_TYPE_MISSING + +Component is missing a type. + +**Severity**: WARNING + +**Message**: Argument *variable* is missing a type. + +#### ARG_TYPE_ANY + +Component is of type any. + +**Severity**: WARNING + +**Message**: Argument *variable* is any. Please change to be a more specific type. + +### FunctionLengthChecker + +#### EXCESSIVE_FUNCTION_LENGTH + +Method is too long. + +**Severity**: WARNING + +**Message**: Function *function* is *variable* lines. Should be fewer than 100 lines. + +#### FunctionLengthChecker Parameters + +* length = *100* + +### ComponentLengthChecker + +#### EXCESSIVE_COMPONENT_LENGTH + +Component is too long. + +**Severity**: WARNING + +**Message**: Component *component* is *variable* lines. Should be fewer than 500 lines. + +#### ComponentLengthChecker Parameters + +* length = *500* + +### FunctionTypeChecker + +#### FUNCTION_TYPE_MISSING + +Function is missing a return type. + +**Severity**: WARNING + +**Message**: Function *variable* is missing a return type. + +#### FUNCTION_TYPE_ANY + +Function has a return type of any. + +**Severity**: INFO + +**Message**: Function *variable* return type is any. Please change to be a more specific type. + +### TooManyArgumentsChecker + +#### EXCESSIVE_ARGUMENTS + +Function has too many arguments. + +**Severity**: WARNING + +**Message**: Function *function* has too many arguments. Should be fewer than 10. + +#### TooManyArgumentsChecker Parameters + +* maximum = *10* + +### TooManyFunctionsChecker + +#### EXCESSIVE_FUNCTIONS + +Too many functions. + +**Severity**: WARNING + +**Message**: Component *component* has too many functions. Should be fewer than 10. + +#### TooManyFunctionsChecker Parameters + +* maximum = *10* + +### SimpleComplexityChecker + +#### FUNCTION_TOO_COMPLEX + +Function is too complex. + +**Severity**: WARNING + +**Message**: Function *function* is too complex. Consider breaking the function into smaller functions. + +#### SimpleComplexityChecker Parameters + +* maximum = *10* + +### QueryNewChecker + +#### QUERYNEW_DUPLICATE_COLUMNS + +**Severity**: ERROR + +**Message**: QueryNew declares column *variable* multiple times, this is a hard error in some CFML implementations. + +### WriteDumpChecker + +#### AVOID_USING_WRITEDUMP + +Avoid use of writeDump statements. + +**Severity**: INFO + +**Message**: Avoid using the writeDump function in production code. + +### StructNewChecker + +#### AVOID_USING_STRUCTNEW + +Avoid use of structNew statements. Use {} instead. + +**Severity**: INFO + +**Message**: Avoid using the structNew function in production code. + +### IsDebugModeChecker + +#### AVOID_USING_ISDEBUGMODE + +Avoid use of isDebugMode statements. + +**Severity**: WARNING + +**Message**: Avoid using the IsDebugMode function in production code. + +### FunctionCollisionChecker + +#### FUNCTION_NAME_COLLISION + +**Severity**: WARNING + +**Message**: Avoid using the name *variable* for a function. It is reserved in some CFML implementations. See https://cfdocs.org/*variable* + +### ArrayNewChecker + +#### AVOID_USING_ARRAYNEW + +Avoid use of arrayNew statements. Use [] instead. + +**Severity**: INFO + +**Message**: Use implict array construction instead (= []). + +### ComplexBooleanExpressionChecker + +#### COMPLEX_BOOLEAN_CHECK + +Complex boolean expression. + +**Severity**: WARNING + +**Message**: Boolean expression is too complex. Consider simplifying or moving to a named method. + +### BooleanExpressionChecker + +#### EXPLICIT_BOOLEAN_CHECK + +Checking boolean expression explicitly. + +**Severity**: INFO + +**Message**: Explicit check of boolean expression is not needed. + +### VariableNameChecker + +#### VAR_INVALID_NAME + +Variable has invalid name. + +**Severity**: INFO + +**Message**: Variable *variable* is not a valid name. Please use camelCase or underscores. + +#### VAR_ALLCAPS_NAME + +Variable name is all caps. + +**Severity**: INFO + +**Message**: Variable *variable* should not be upper case. + +#### SCOPE_ALLCAPS_NAME + +Variable scope name is all caps. + +**Severity**: INFO + +**Message**: Scope *variable* should not be upper case. + +#### VAR_TOO_SHORT + +Variable name is too short. + +**Severity**: INFO + +**Message**: Variable *variable* should be longer than 3 characters. + +#### VAR_TOO_LONG + +Variable name is too long. + +**Severity**: INFO + +**Message**: Variable *variable* should be shorter than 20 characters. + +#### VAR_TOO_WORDY + +Variable name contain too many words. + +**Severity**: INFO + +**Message**: Variable *variable* is too wordy. Try to think of a more concise name. + +#### VAR_IS_TEMPORARY + +Variable name looks temporary. + +**Severity**: INFO + +**Message**: Temporary variable *variable* could be named better. + +#### VAR_HAS_PREFIX_OR_POSTFIX + +Variable name has prefix or postfix. + +**Severity**: INFO + +**Message**: Variable has prefix or postfix *variable* and could be named better. + +#### VariableNameChecker Parameters + +* minLength = *3* + +* maxLength = *20* + +* maxWords = *4* + +* ignoreUpperCaseScopes = *CGI,URL* + +* ignoreAllCapsInScopes = *this,variables* + +* ignorePrefixPostfixOn = *thisTag* + +* case = *camelCase* + +### ArgumentNameChecker + +#### ARGUMENT_MISSING_NAME + +**Severity**: INFO + +**Message**: Argument is missing a name. + +#### ARGUMENT_INVALID_NAME + +Argument has invalid name. + +**Severity**: INFO + +**Message**: Argument *variable* is not a valid name. Please use camelCase or underscores. + +#### ARGUMENT_ALLCAPS_NAME + +Argument name is all caps. + +**Severity**: INFO + +**Message**: Argument *variable* should not be upper case. + +#### ARGUMENT_TOO_SHORT + +Argument name is too short. + +**Severity**: INFO + +**Message**: Argument *variable* should be longer than 3 characters. + +#### ARGUMENT_TOO_LONG + +Argument name is too long. + +**Severity**: INFO + +**Message**: Argument *variable* should be shorter than 20 characters. + +#### ARGUMENT_TOO_WORDY + +Argument name contain too many words. + +**Severity**: INFO + +**Message**: Argument *variable* is too wordy. Try to think of a more concise name. + +#### ARGUMENT_IS_TEMPORARY + +Argument name looks temporary. + +**Severity**: INFO + +**Message**: Temporary argument *variable* could be named better. + +#### ARGUMENT_HAS_PREFIX_OR_POSTFIX + +Argument name has prefix or postfix. + +**Severity**: INFO + +**Message**: Argument has prefix or postfix *variable* and could be named better. + +#### ArgumentNameChecker Parameters + +* minLength = *3* + +* maxLength = *20* + +* maxWords = *4* + +* case = *camelCase* + +### MethodNameChecker + +#### METHOD_INVALID_NAME + +Method has invalid name. + +**Severity**: INFO + +**Message**: Method name *function* is not a valid name. Please use camelCase or underscores. + +#### METHOD_ALLCAPS_NAME + +Method name is all caps. + +**Severity**: INFO + +**Message**: Method name *function* should not be upper case. + +#### METHOD_TOO_SHORT + +Method name is too short. + +**Severity**: INFO + +**Message**: Method name *function* should be longer than 3 characters. + +#### METHOD_TOO_LONG + +Method name is too long. + +**Severity**: INFO + +**Message**: Method name *function* should be shorter than 25 characters. + +#### METHOD_TOO_WORDY + +Method name contain too many words. + +**Severity**: INFO + +**Message**: Method name *function* is too wordy. Try to think of a more concise name. + +#### METHOD_IS_TEMPORARY + +Method name looks temporary. + +**Severity**: INFO + +**Message**: Method name *function* could be named better. + +#### METHOD_HAS_PREFIX_OR_POSTFIX + +Method name has prefix or postfix. + +**Severity**: INFO + +**Message**: Method name *function* has prefix or postfix and could be named better. + +#### MethodNameChecker Parameters + +* minLength = *3* + +* maxLength = *25* + +* maxWords = *5* + +* case = *camelCase* + +### ComponentNameChecker + +#### COMPONENT_INVALID_NAME + +Component has invalid name. + +**Severity**: INFO + +**Message**: Component name *component* is not a valid name. Please use PascalCase and start with a capital letter. + +#### COMPONENT_ALLCAPS_NAME + +Component name is all caps. + +**Severity**: INFO + +**Message**: Component name *component* should not be all upper case. + +#### COMPONENT_TOO_SHORT + +Component name is too short. + +**Severity**: INFO + +**Message**: Component name *component* should be longer than 3 characters. + +#### COMPONENT_TOO_LONG + +Component name is too long. + +**Severity**: INFO + +**Message**: Component name *component* should be shorter than 15 characters. + +#### COMPONENT_TOO_WORDY + +Component name contain too many words. + +**Severity**: INFO + +**Message**: Component name *component* is too wordy. Try to think of a more concise name. + +#### COMPONENT_IS_TEMPORARY + +Component name looks temporary. + +**Severity**: INFO + +**Message**: Component name *component* could be named better. + +#### COMPONENT_HAS_PREFIX_OR_POSTFIX + +Component name has prefix or postfix. + +**Severity**: INFO + +**Message**: Component name *component* has prefix or postfix and could be named better. + +#### ComponentNameChecker Parameters + +* minLength = *3* + +* maxLength = *15* + +* maxWords = *3* + +* case = *PascalCase* + +### FileCaseChecker + +#### FILE_SHOULD_START_WITH_LOWERCASE + +CFM File starts with upper case. + +**Severity**: INFO + +**Message**: File *filename* starts with an upper case letter. Only components (.cfc files) should start with an upper case letter. + +### CreateObjectChecker + +#### AVOID_USING_CREATEOBJECT + +Avoid use of creatObject statements. + +**Severity**: INFO + +**Message**: CreateObject found. Use createObject(path_to_component) or even better new path_to_component(). + +### CFDebugAttributeChecker + +#### AVOID_USING_DEBUG_ATTR + +Avoid use of debug attribute. + +**Severity**: WARNING + +**Message**: Avoid leaving debug attribute on tags. + +#### AVOID_USING_CFSETTING_DEBUG + +Avoid using showDebugOutput attribute on cfsetting. + +**Severity**: WARNING + +**Message**: Avoid using showDebugOutput attribute on cfsetting. + +### UnusedLocalVarChecker + +#### UNUSED_LOCAL_VARIABLE + +Unused local variable. + +**Severity**: INFO + +**Message**: Local variable *variable* is not used in function *function*. Consider removing it. + +### UnusedArgumentChecker + +#### UNUSED_METHOD_ARGUMENT + +Unused method argument. + +**Severity**: INFO + +**Message**: Argument *variable* is not used in function. Consider removing it. + +### CFCompareVsAssignChecker + +#### COMPARE_INSTEAD_OF_ASSIGN + +Using comparison where assignment was probably meant. + +**Severity**: WARNING + +**Message**: CWE-482: Comparing instead of Assigning + +### StructKeyChecker + +#### UNQUOTED_STRUCT_KEY + +**Severity**: WARNING + +**Message**: Unquoted struct key *variable* is not case-sensitive. Quoting it is recommended. + +#### STRUCT_ARRAY_NOTATION + +**Severity**: WARNING + +**Message**: Unquoted struct key *variable* is not case-sensitive. Using array notation is recommended. + +### SelectStarChecker + +#### SQL_SELECT_STAR + +**Severity**: WARNING + +**Message**: Avoid using 'select *' in a query. + +### CFQueryChecker + +#### NEVER_USE_QUERY_IN_CFM + +**Message**: Don't use <cfquery> in .cfm files. Database should not be coupled with view. + +### ComponentDisplayNameChecker + +#### USE_DISPLAY_NAME + +**Severity**: INFO + +**Message**: Component *variable* has a name attribute, but perhaps you meant to use displayName. + +### GlobalLiteralChecker + +#### GLOBAL_LITERAL_VALUE_USED_TOO_OFTEN + +**Severity**: INFO + +**Message**: Literal *variable* occurs several times in one or more files. Consider giving it a name and not hard coding values. + +#### GlobalLiteralChecker Parameters + +* maximum = *3* + +* maxWarnings = *5* + +* warningScope = *global* + +* ignoreWords = *numeric,text,textnocase,asc,desc,in,out,inout,one,all,bigdecimal,boolean,byte,char,int,long,float,double,short,string,null* + +### LocalLiteralChecker + +#### LOCAL_LITERAL_VALUE_USED_TOO_OFTEN + +**Severity**: INFO + +**Message**: Literal *variable* occurs several times in the same file. Consider giving it a name and not hard coding values. + +#### LocalLiteralChecker Parameters + +* maximum = *3* + +* maxWarnings = *5* + +* warningScope = *local* + +* ignoreWords = *numeric,text,textnocase,asc,desc,in,out,inout,one,all,bigdecimal,boolean,byte,char,int,long,float,double,short,string,null* + +### PackageCaseChecker + +#### PACKAGE_CASE_MISMATCH + +Warn with package case does not match its use. + +**Severity**: WARNING + +**Message**: The case of the package folder and the object declaration do not match for *variable*. + ## Rule Groups + ### BugProne - * ARG_VAR_CONFLICT *ERROR* - * NO_DEFAULT_INSIDE_SWITCH *WARNING* - * NESTED_CFOUTPUT *ERROR* - * OUTPUT_ATTR *INFO* - * MISSING_VAR *ERROR* - * COMPARE_INSTEAD_OF_ASSIGN *WARNING* - * AVOID_USING_ISDATE *WARNING* + +* [ARG_VAR_CONFLICT](#arg_var_conflict) + +* [NO_DEFAULT_INSIDE_SWITCH](#no_default_inside_switch) + +* [NESTED_CFOUTPUT](#nested_cfoutput) + +* [OUTPUT_ATTR](#output_attr) + +* [MISSING_VAR](#missing_var) + +* [COMPARE_INSTEAD_OF_ASSIGN](#compare_instead_of_assign) + +* [AVOID_USING_ISDATE](#avoid_using_isdate) + ### Correctness - * ARG_DEFAULT_MISSING *WARNING* - * ARG_TYPE_ANY *WARNING* - * ARG_TYPE_MISSING *WARNING* - * ARG_VAR_MIXED *INFO* - * QUERYNEW_DATATYPE *WARNING* - * UNUSED_LOCAL_VARIABLE *INFO* - * UNUSED_METHOD_ARGUMENT *INFO* - * UNQUOTED_STRUCT_KEY *WARNING* - * STRUCT_ARRAY_NOTATION *WARNING* - * USE_DISPLAY_NAME *INFO* + +* [ARG_DEFAULT_MISSING](#arg_default_missing) + +* [ARG_TYPE_ANY](#arg_type_any) + +* [ARG_TYPE_MISSING](#arg_type_missing) + +* [ARG_VAR_MIXED](#arg_var_mixed) + +* [QUERYNEW_DATATYPE](#querynew_datatype) + +* [UNUSED_LOCAL_VARIABLE](#unused_local_variable) + +* [UNUSED_METHOD_ARGUMENT](#unused_method_argument) + +* [UNQUOTED_STRUCT_KEY](#unquoted_struct_key) + +* [STRUCT_ARRAY_NOTATION](#struct_array_notation) + +* [USE_DISPLAY_NAME](#use_display_name) + ### BadPractice - * AVOID_USING_ABORT *INFO* - * AVOID_USING_CFABORT_TAG *INFO* - * AVOID_USING_CFDUMP_TAG *WARNING* - * AVOID_USING_CFEXECUTE_TAG *WARNING* - * AVOID_USING_CFINSERT_TAG *WARNING* - * AVOID_USING_CFMODULE_TAG *WARNING* - * AVOID_USING_CFUPDATE_TAG *WARNING* - * AVOID_USING_WRITEDUMP *INFO* - * GLOBAL_LITERAL_VALUE_USED_TOO_OFTEN *WARNING* - * GLOBAL_VAR *WARNING* - * LOCAL_LITERAL_VALUE_USED_TOO_OFTEN *WARNING* - * SQL_SELECT_STAR *WARNING* - * AVOID_USING_DEBUG_ATTR *WARNING* - * AVOID_USING_CFSETTING_DEBUG *WARNING* - * AVOID_USING_CFINCLUDE_TAG *WARNING* - * AVOID_USING_ISDEBUGMODE *WARNING* + +* [AVOID_USING_ABORT](#avoid_using_abort) + +* [AVOID_USING_CFABORT_TAG](#avoid_using_cfabort_tag) + +* [AVOID_USING_CFDUMP_TAG](#avoid_using_cfdump_tag) + +* [AVOID_USING_CFEXECUTE_TAG](#avoid_using_cfexecute_tag) + +* [AVOID_USING_CFINSERT_TAG](#avoid_using_cfinsert_tag) + +* [AVOID_USING_CFMODULE_TAG](#avoid_using_cfmodule_tag) + +* [AVOID_USING_CFUPDATE_TAG](#avoid_using_cfupdate_tag) + +* [AVOID_USING_WRITEDUMP](#avoid_using_writedump) + +* [GLOBAL_LITERAL_VALUE_USED_TOO_OFTEN](#global_literal_value_used_too_often) + +* [GLOBAL_VAR](#global_var) + +* [LOCAL_LITERAL_VALUE_USED_TOO_OFTEN](#local_literal_value_used_too_often) + +* [SQL_SELECT_STAR](#sql_select_star) + +* [AVOID_USING_DEBUG_ATTR](#avoid_using_debug_attr) + +* [AVOID_USING_CFSETTING_DEBUG](#avoid_using_cfsetting_debug) + +* [AVOID_USING_CFINCLUDE_TAG](#avoid_using_cfinclude_tag) + +* [AVOID_USING_ISDEBUGMODE](#avoid_using_isdebugmode) + ### Security - * CFQUERYPARAM_REQ *WARNING* - * QUERYPARAM_REQ *WARNING* + +* [CFQUERYPARAM_REQ](#cfqueryparam_req) + +* [QUERYPARAM_REQ](#queryparam_req) + ### CodeStyle - * ARG_HINT_MISSING *INFO* - * COMPONENT_HINT_MISSING *WARNING* - * FUNCTION_HINT_MISSING *INFO* - * FUNCTION_TYPE_ANY *INFO* - * FUNCTION_TYPE_MISSING *WARNING* - * ARG_HINT_MISSING_SCRIPT *INFO* + +* [ARG_HINT_MISSING](#arg_hint_missing) + +* [COMPONENT_HINT_MISSING](#component_hint_missing) + +* [FUNCTION_HINT_MISSING](#function_hint_missing) + +* [FUNCTION_TYPE_ANY](#function_type_any) + +* [FUNCTION_TYPE_MISSING](#function_type_missing) + +* [ARG_HINT_MISSING_SCRIPT](#arg_hint_missing_script) + ### ModernSyntax - * AVOID_USING_ARRAYNEW *INFO* - * AVOID_USING_STRUCTNEW *INFO* - * AVOID_USING_CREATEOBJECT *INFO* + +* [AVOID_USING_ARRAYNEW](#avoid_using_arraynew) + +* [AVOID_USING_STRUCTNEW](#avoid_using_structnew) + +* [AVOID_USING_CREATEOBJECT](#avoid_using_createobject) + ### Complexity - * COMPLEX_BOOLEAN_CHECK *WARNING* - * EXCESSIVE_FUNCTIONS *WARNING* - * EXCESSIVE_ARGUMENTS *WARNING* - * EXPLICIT_BOOLEAN_CHECK *INFO* - * EXCESSIVE_COMPONENT_LENGTH *WARNING* - * EXCESSIVE_FUNCTION_LENGTH *WARNING* - * FUNCTION_TOO_COMPLEX *WARNING* + +* [COMPLEX_BOOLEAN_CHECK](#complex_boolean_check) + +* [EXCESSIVE_FUNCTIONS](#excessive_functions) + +* [EXCESSIVE_ARGUMENTS](#excessive_arguments) + +* [EXPLICIT_BOOLEAN_CHECK](#explicit_boolean_check) + +* [EXCESSIVE_COMPONENT_LENGTH](#excessive_component_length) + +* [EXCESSIVE_FUNCTION_LENGTH](#excessive_function_length) + +* [FUNCTION_TOO_COMPLEX](#function_too_complex) + ### Naming - * METHOD_HAS_PREFIX_OR_POSTFIX *INFO* - * METHOD_INVALID_NAME *INFO* - * METHOD_IS_TEMPORARY *INFO* - * METHOD_TOO_SHORT *INFO* - * METHOD_TOO_LONG *INFO* - * METHOD_TOO_WORDY *INFO* - * VAR_ALLCAPS_NAME *INFO* - * VAR_HAS_PREFIX_OR_POSTFIX *INFO* - * VAR_INVALID_NAME *INFO* - * VAR_IS_TEMPORARY *INFO* - * VAR_TOO_SHORT *INFO* - * VAR_TOO_LONG *INFO* - * VAR_TOO_WORDY *INFO* - * SCOPE_ALLCAPS_NAME *INFO* - * ARGUMENT_MISSING_NAME *INFO* - * ARGUMENT_INVALID_NAME *INFO* - * ARGUMENT_ALLCAPS_NAME *INFO* - * ARGUMENT_TOO_SHORT *INFO* - * ARGUMENT_TOO_LONG *INFO* - * ARGUMENT_TOO_WORDY *INFO* - * ARGUMENT_IS_TEMPORARY *INFO* - * ARGUMENT_HAS_PREFIX_OR_POSTFIX *INFO* - * METHOD_ALLCAPS_NAME *INFO* - * COMPONENT_INVALID_NAME *INFO* - * COMPONENT_ALLCAPS_NAME *INFO* - * COMPONENT_TOO_SHORT *INFO* - * COMPONENT_TOO_LONG *INFO* - * COMPONENT_TOO_WORDY *INFO* - * COMPONENT_IS_TEMPORARY *INFO* - * COMPONENT_HAS_PREFIX_OR_POSTFIX *INFO* - * PACKAGE_CASE_MISMATCH *WARNING* + +* [METHOD_HAS_PREFIX_OR_POSTFIX](#method_has_prefix_or_postfix) + +* [METHOD_INVALID_NAME](#method_invalid_name) + +* [METHOD_IS_TEMPORARY](#method_is_temporary) + +* [METHOD_TOO_SHORT](#method_too_short) + +* [METHOD_TOO_LONG](#method_too_long) + +* [METHOD_TOO_WORDY](#method_too_wordy) + +* [VAR_ALLCAPS_NAME](#var_allcaps_name) + +* [VAR_HAS_PREFIX_OR_POSTFIX](#var_has_prefix_or_postfix) + +* [VAR_INVALID_NAME](#var_invalid_name) + +* [VAR_IS_TEMPORARY](#var_is_temporary) + +* [VAR_TOO_SHORT](#var_too_short) + +* [VAR_TOO_LONG](#var_too_long) + +* [VAR_TOO_WORDY](#var_too_wordy) + +* [SCOPE_ALLCAPS_NAME](#scope_allcaps_name) + +* [ARGUMENT_MISSING_NAME](#argument_missing_name) + +* [ARGUMENT_INVALID_NAME](#argument_invalid_name) + +* [ARGUMENT_ALLCAPS_NAME](#argument_allcaps_name) + +* [ARGUMENT_TOO_SHORT](#argument_too_short) + +* [ARGUMENT_TOO_LONG](#argument_too_long) + +* [ARGUMENT_TOO_WORDY](#argument_too_wordy) + +* [ARGUMENT_IS_TEMPORARY](#argument_is_temporary) + +* [ARGUMENT_HAS_PREFIX_OR_POSTFIX](#argument_has_prefix_or_postfix) + +* [METHOD_ALLCAPS_NAME](#method_allcaps_name) + +* [COMPONENT_INVALID_NAME](#component_invalid_name) + +* [COMPONENT_ALLCAPS_NAME](#component_allcaps_name) + +* [COMPONENT_TOO_SHORT](#component_too_short) + +* [COMPONENT_TOO_LONG](#component_too_long) + +* [COMPONENT_TOO_WORDY](#component_too_wordy) + +* [COMPONENT_IS_TEMPORARY](#component_is_temporary) + +* [COMPONENT_HAS_PREFIX_OR_POSTFIX](#component_has_prefix_or_postfix) + +* [PACKAGE_CASE_MISMATCH](#package_case_mismatch) + ### Experimental - * NEVER_USE_QUERY_IN_CFM ** - * FILE_SHOULD_START_WITH_LOWERCASE *INFO* +* [NEVER_USE_QUERY_IN_CFM](#never_use_query_in_cfm) + +* [FILE_SHOULD_START_WITH_LOWERCASE](#file_should_start_with_lowercase) diff --git a/build.gradle b/build.gradle index 658444755..bb17b3bd2 100644 --- a/build.gradle +++ b/build.gradle @@ -10,17 +10,20 @@ buildscript { maven { url "https://plugins.gradle.org/m2/" } + maven { + url "https://cfmlprojects.org/artifacts" + } } dependencies { classpath 'com.bmuschko:gradle-nexus-plugin:2.3.1' - classpath "io.codearte.gradle.nexus:gradle-nexus-staging-plugin:0.21.1" + classpath "io.codearte.gradle.nexus:gradle-nexus-staging-plugin:0.22.0" classpath "gradle.plugin.se.bjurr.gitchangelog:git-changelog-gradle-plugin:1.64" } } plugins { id 'java' - id 'com.github.johnrengelman.shadow' version '5.1.0' + id 'com.github.johnrengelman.shadow' version '5.2.0' id 'eclipse' } @@ -71,21 +74,21 @@ repositories { maven { url "https://cfmlprojects.org/artifacts" } } dependencies { - compile group: 'com.github.cfparser', name: 'cfml.parsing', version: '2.11.0' - compile group: 'commons-cli', name: 'commons-cli', version: '1.2' - compile group: 'ro.fortsoft.pf4j', name: 'pf4j', version: '0.6' - compile group: 'ant', name: 'ant', version: '1.7.0' - compile group: 'com.sun.xml.bind', name: 'jaxb-impl', version: '2.1.8' - compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.3' - compile group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: '2.10.3' - compile(group: 'net.java.dev.stax-utils', name: 'stax-utils', version: '20070216') { + implementation group: 'com.github.cfparser', name: 'cfml.parsing', version: '2.11.0' + implementation group: 'commons-cli', name: 'commons-cli', version: '1.2' + implementation group: 'ro.fortsoft.pf4j', name: 'pf4j', version: '0.6' + implementation group: 'org.apache.ant', name: 'ant', version: '1.10.14' + implementation group: 'com.sun.xml.bind', name: 'jaxb-impl', version: '2.1.17' + implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.12.7' + implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: '2.12.7' + implementation(group: 'net.java.dev.stax-utils', name: 'stax-utils', version: '20070216') { exclude module: 'jsr173-ri' exclude module: 'jsr173' } // https://mvnrepository.com/artifact/commons-io/commons-io - compile group: 'commons-io', name: 'commons-io', version: '2.5' + implementation group: 'commons-io', name: 'commons-io', version: '2.15.1' - testCompile group: 'junit', name: 'junit', version: '4.12' + testImplementation group: 'junit', name: 'junit', version: '4.13.2' } test { diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 51288f9c2..62d4c0535 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index ed24ffda2..53b9e3802 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,5 @@ -#Tue Sep 10 18:30:01 EDT 2019 -distributionBase=GRADLE_USER_HOME -distributionPath=wrapper/dists -zipStoreBase=GRADLE_USER_HOME -zipStorePath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.2-bin.zip +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.4-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 4453ccea3..8b35b5b74 100755 --- a/gradlew +++ b/gradlew @@ -28,16 +28,16 @@ APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS="" +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD="maximum" -warn ( ) { +warn () { echo "$*" } -die ( ) { +die () { echo echo "$*" echo @@ -66,6 +66,7 @@ esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then @@ -109,10 +110,11 @@ if $darwin; then GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" fi -# For Cygwin, switch paths to Windows format before running java -if $cygwin ; then +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then APP_HOME=`cygpath --path --mixed "$APP_HOME"` CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` # We build the pattern for arguments to be converted via cygpath @@ -138,35 +140,30 @@ if $cygwin ; then else eval `echo args$i`="\"$arg\"" fi - i=$((i+1)) + i=`expr $i + 1` done case $i in - (0) set -- ;; - (1) set -- "$args0" ;; - (2) set -- "$args0" "$args1" ;; - (3) set -- "$args0" "$args1" "$args2" ;; - (4) set -- "$args0" "$args1" "$args2" "$args3" ;; - (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + 0) set -- ;; + 1) set -- "$args0" ;; + 2) set -- "$args0" "$args1" ;; + 3) set -- "$args0" "$args1" "$args2" ;; + 4) set -- "$args0" "$args1" "$args2" "$args3" ;; + 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; esac fi # Escape application args -save ( ) { +save () { for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done echo " " } -APP_ARGS=$(save "$@") +APP_ARGS=`save "$@"` # Collect all arguments for the java command, following the shell quoting and substitution rules eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" -# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong -if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then - cd "$(dirname "$0")" -fi - exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat index e95643d6a..219d17f98 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -13,8 +13,11 @@ if "%DIRNAME%" == "" set DIRNAME=. set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -set DEFAULT_JVM_OPTS= +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @rem Find java.exe if defined JAVA_HOME goto findJavaFromJavaHome @@ -65,6 +68,7 @@ set CMD_LINE_ARGS=%* set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + @rem Execute Gradle "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% diff --git a/pom.xml b/pom.xml index ec0a27374..e837e7f37 100644 --- a/pom.xml +++ b/pom.xml @@ -43,24 +43,24 @@ - - cfmlprojects - cfmlprojects - https://cfmlprojects.org/artifacts - - - sonatype - sonatype - https://oss.sonatype.org/content/repositories/releases - - + + cfmlprojects + cfmlprojects + http://cfmlprojects.org/artifacts + + + sonatype + sonatype + https://oss.sonatype.org/content/repositories/releases + + - - The New BSD License - https://opensource.org/licenses/bsd-license.html - repo - + + The New BSD License + http://www.opensource.org/licenses/bsd-license.html + repo + @@ -70,7 +70,7 @@ 1.8 2.11.0 - 2.10.3 + 2.12.7.1 1.7.21 @@ -93,12 +93,12 @@ org.apache.ant ant - 1.7.0 + 1.10.14 com.sun.xml.bind jaxb-impl - 2.1.8 + 2.1.17 com.fasterxml.jackson.core @@ -121,12 +121,12 @@ 20070216 - jsr173-ri com.bea.xml + jsr173-ri - jsr173 javax.xml + jsr173 @@ -134,14 +134,14 @@ commons-io commons-io - 2.5 + 2.15.1 junit junit - 4.12 + 4.13.2 test @@ -188,24 +188,24 @@ - - org.apache.maven.plugins - maven-jar-plugin - - - - true - + + org.apache.maven.plugins + maven-jar-plugin + + + + true + CFLint - com.cflint.CFLint - CFLint - 2 - ${project.version} + com.cflint.CFLint + CFLint + 2 + ${project.version} - - - + + + maven-resources-plugin 2.6 @@ -251,36 +251,36 @@ - pl.project13.maven - git-commit-id-plugin - 2.2.2 - - - validate - - revision - - - - - yyyyMMdd-HHmmss - ${project.basedir}/.git - ${project.build.outputDirectory}/git.properties - true - false - false - - + pl.project13.maven + git-commit-id-plugin + 2.2.2 + + + validate + + revision + + + + + yyyyMMdd-HHmmss + ${project.basedir}/.git + ${project.build.outputDirectory}/git.properties + true + false + false + + - org.apache.maven.plugins - maven-surefire-plugin - 2.18.1 - - 1 - true - -Xmx2g - - + org.apache.maven.plugins + maven-surefire-plugin + 2.18.1 + + 1 + true + -Xmx2g + + @@ -301,7 +301,7 @@ deploy - + org.apache.maven.plugins maven-source-plugin diff --git a/src/main/java/com/cflint/cli/CFLintCLI.java b/src/main/java/com/cflint/cli/CFLintCLI.java index afa0aece9..0d1607464 100644 --- a/src/main/java/com/cflint/cli/CFLintCLI.java +++ b/src/main/java/com/cflint/cli/CFLintCLI.java @@ -226,9 +226,9 @@ public static void main(final String[] args) throws Exception { final CFLintPluginInfo pluginInfo = ConfigUtils.loadDefaultPluginInfo(); final ConfigBuilder configBuilder = new ConfigBuilder(pluginInfo); if (cmd.hasOption(Settings.MARKDOWN)){ - final FileWriter out = new FileWriter("RULES.MD"); + final FileWriter out = new FileWriter("RULES.md"); CFLintDoc.generateRuleMarkDown(pluginInfo, new PrintWriter(out)); - System.out.println("Rules written to RULES.MD"); + System.out.println("Rules written to RULES.md"); out.close(); return; } diff --git a/src/main/java/com/cflint/tools/CFLintDoc.java b/src/main/java/com/cflint/tools/CFLintDoc.java index 97f795980..b910cbf2c 100644 --- a/src/main/java/com/cflint/tools/CFLintDoc.java +++ b/src/main/java/com/cflint/tools/CFLintDoc.java @@ -6,7 +6,6 @@ import java.util.List; import java.util.Map; -import com.cflint.config.CFLintConfiguration; import com.cflint.config.CFLintPluginInfo; import com.cflint.config.ConfigUtils; import com.cflint.config.CFLintPluginInfo.PluginInfoRule; @@ -37,50 +36,56 @@ public static void generateRuleGroup(final CFLintPluginInfo pluginInfo, final Pr } } } - + public static void generateRuleMarkDown(final CFLintPluginInfo pluginInfo, final PrintWriter print){ final Map descriptions = ConfigUtils.loadDescriptions(); - final List diminishParms = Arrays.asList("UnusedLocalVarChecker","CFXTagChecker","FunctionXChecker"); - print.println("List of built-in rules and rule groups"); - print.println("======================================"); - print.println("## Rule Parameters "); - for(PluginInfoRule ruleInfo: pluginInfo.getRules()){ - //Do not highlight specific parameters. - if(!diminishParms.contains(ruleInfo.getClassName())){ - for(PluginParameter p: ruleInfo.getParameters()){ - print.println("
" + ruleInfo.getName()+"." + p.getName() + " = *" + p.getValue() + "*"); + final List diminishParams = Arrays.asList("UnusedLocalVarChecker","CFXTagChecker","FunctionXChecker"); + print.println("# Built-in Rules"); + print.println(""); + print.println("## Rule List"); + + for (PluginInfoRule ruleInfo: pluginInfo.getRules()) { + print.println(""); + print.println("### " + ruleInfo.getName()); + + for (PluginMessage msg: ruleInfo.getMessages()) { + final String desc = descriptions.get(msg.getCode()) != null ? + descriptions.get(msg.getCode()).replace(">", ">").replace("<", "<") : ""; + print.println(""); + print.println("#### "+ msg.getCode()); + if (desc.length() > 0) { + print.println(""); + print.println(desc); } - } - } - print.println("## Built-in rules"); - - for(PluginInfoRule ruleInfo: pluginInfo.getRules()){ - print.println("* "+ ruleInfo.getName()); - final String className = ruleInfo.getClassName()==null?ruleInfo.getName():ruleInfo.getClassName(); - final String fullClassName = className.contains(".")?className: - "com.cflint.plugins.core." + className; - //print.println("**Class:** "+fullClassName); - if(!ruleInfo.getParameters().isEmpty()){ - print.println(" * Parameters"); - for(PluginParameter p: ruleInfo.getParameters()){ - print.println(" * " + p.getName() + " = *" + p.getValue() + "*"); + if (msg.getSeverity().toString().length() > 0) { + print.println(""); + print.println("**Severity**: " + msg.getSeverity()); + } + final String messageText = cleanUpMessage(msg,ruleInfo); + if (messageText.length() > 0) { + print.println(""); + print.println("**Message**: " + messageText); } } - int counter = 1; - for(PluginMessage msg: ruleInfo.getMessages()){ - final String desc = descriptions.get(msg.getCode())!=null? - descriptions.get(msg.getCode()).replace(">", ">").replace("<", "<"):""; - print.println(" * "+ msg.getCode() + " - " + desc+ " *" + msg.getSeverity() + "*"); - print.println(" * "+ cleanUpMessage(msg,ruleInfo) ); + + if (!ruleInfo.getParameters().isEmpty() && !diminishParams.contains(ruleInfo.getClassName())) { + print.println(""); + print.println("#### " + ruleInfo.getName() + " Parameters"); + for (PluginParameter p: ruleInfo.getParameters()) { + print.println(""); + print.println("* " + p.getName() + " = *" + p.getValue() + "*"); + } } } - + + print.println(""); print.println("## Rule Groups"); - for (final RuleGroup ruleGroup : pluginInfo.getRuleGroups()) { + print.println(""); print.println("### " + ruleGroup.getName()); for (final PluginMessage msg : ruleGroup.getMessages()) { - print.println(" * " + msg.getCode() + " *" + msg.getSeverity() + "*"); + print.println(""); + print.println("* [" + msg.getCode() + "](#" + msg.getCode().toLowerCase() + ")"); } } } diff --git a/src/main/resources/cflint.description.txt b/src/main/resources/cflint.description.txt index afe2d8eac..cbcdd7c7d 100644 --- a/src/main/resources/cflint.description.txt +++ b/src/main/resources/cflint.description.txt @@ -3,11 +3,11 @@ ARG_VAR_CONFLICT:Variable declared in both local and argument scopes. ARG_VAR_MIXED:Variable referenced in local and argument scopes. NO_DEFAULT_INSIDE_SWITCH:Missing default switch statement. GLOBAL_VAR:Global variable exists. -NESTED_CFOUTPUT:Nexted cfoutput with cfquery tag. +NESTED_CFOUTPUT:Nested cfoutput with cfquery tag. OUTPUT_ATTR:Tag should have output='false'. QUERYPARAM_REQ:Use query parameters for variables in sql statements. CFQUERYPARAM_REQ:cfquery should use . -QUERYNEW_DATATYPE:QueryNew statement should specify datatypes. +QUERYNEW_DATATYPE:QueryNew statement should specify data types. MISSING_VAR:Variable is not declared with a var statement. AVOID_USING_CFDUMP_TAG:Avoid use of cfdump tags. AVOID_USING_CFEXECUTE_TAG:Avoid use of cfexecute tags. @@ -29,46 +29,46 @@ FUNCTION_TYPE_ANY:Function has a return type of any. EXCESSIVE_ARGUMENTS:Function has too many arguments. EXCESSIVE_FUNCTIONS:Too many functions. FUNCTION_TOO_COMPLEX:Function is too complex. -AVOID_USING_WRITEDUMP:Avoid use of writedump statements. -AVOID_USING_STRUCTNEW:Avoid use of structnew statements. Use {} instead. -AVOID_USING_ISDEBUGMODE:Avoid use of isdebugmode statements. -AVOID_USING_ARRAYNEW:Avoid use of arraynew statements. Use [] instead. +AVOID_USING_WRITEDUMP:Avoid use of writeDump statements. +AVOID_USING_STRUCTNEW:Avoid use of structNew statements. Use {} instead. +AVOID_USING_ISDEBUGMODE:Avoid use of isDebugMode statements. +AVOID_USING_ARRAYNEW:Avoid use of arrayNew statements. Use [] instead. COMPLEX_BOOLEAN_CHECK:Complex boolean expression. EXPLICIT_BOOLEAN_CHECK:Checking boolean expression explicitly. VAR_INVALID_NAME:Variable has invalid name. -VAR_ALLCAPS_NAME:Variable name is allcaps. -SCOPE_ALLCAPS_NAME:Variable scope name is allcaps. +VAR_ALLCAPS_NAME:Variable name is all caps. +SCOPE_ALLCAPS_NAME:Variable scope name is all caps. VAR_TOO_SHORT:Variable name is too short. VAR_TOO_LONG:Variable name is too long. VAR_TOO_WORDY:Variable name contain too many words. VAR_IS_TEMPORARY:Variable name looks temporary. VAR_HAS_PREFIX_OR_POSTFIX:Variable name has prefix or postfix. ARGUMENT_INVALID_NAME:Argument has invalid name. -ARGUMENT_ALLCAPS_NAME:Argument name is allcaps. +ARGUMENT_ALLCAPS_NAME:Argument name is all caps. ARGUMENT_TOO_SHORT:Argument name is too short. ARGUMENT_TOO_LONG:Argument name is too long. ARGUMENT_TOO_WORDY:Argument name contain too many words. ARGUMENT_IS_TEMPORARY:Argument name looks temporary. ARGUMENT_HAS_PREFIX_OR_POSTFIX:Argument name has prefix or postfix. METHOD_INVALID_NAME:Method has invalid name. -METHOD_ALLCAPS_NAME:Method name is allcaps. +METHOD_ALLCAPS_NAME:Method name is all caps. METHOD_TOO_SHORT:Method name is too short. METHOD_TOO_LONG:Method name is too long. METHOD_TOO_WORDY:Method name contain too many words. METHOD_IS_TEMPORARY:Method name looks temporary. METHOD_HAS_PREFIX_OR_POSTFIX:Method name has prefix or postfix. COMPONENT_INVALID_NAME:Component has invalid name. -COMPONENT_ALLCAPS_NAME:Component name is allcaps. +COMPONENT_ALLCAPS_NAME:Component name is all caps. COMPONENT_TOO_SHORT:Component name is too short. COMPONENT_TOO_LONG:Component name is too long. COMPONENT_TOO_WORDY:Component name contain too many words. COMPONENT_IS_TEMPORARY:Component name looks temporary. COMPONENT_HAS_PREFIX_OR_POSTFIX:Component name has prefix or postfix. FILE_SHOULD_START_WITH_LOWERCASE:CFM File starts with upper case. -AVOID_USING_CREATEOBJECT:Avoid use of creatobject statements. +AVOID_USING_CREATEOBJECT:Avoid use of creatObject statements. AVOID_USING_DEBUG_ATTR:Avoid use of debug attribute. UNUSED_LOCAL_VARIABLE:Unused local variable. UNUSED_METHOD_ARGUMENT:Unused method argument. AVOID_USING_CFSETTING_DEBUG:Avoid using showDebugOutput attribute on cfsetting. -COMPARE_INSTEAD_OF_ASSIGN:Using comparision where assignment was probably meant. +COMPARE_INSTEAD_OF_ASSIGN:Using comparison where assignment was probably meant. PACKAGE_CASE_MISMATCH:Warn with package case does not match its use.