Fixinator 4.0.0

Added new options: configFile, engines, includeScanners.

README.md

@@ -42,11 +42,11 @@ It is highly recommended that you use `autofix` only with code that is under ver
 
 ### resultFile
 
-Writes results to a file specified by the path in resultFile. You may specify a comma seperated list of paths if you want to write multiple formats.
+Writes results to a file specified by the path in resultFile. You may specify a comma separated list of paths if you want to write multiple formats.
 
 ### resultFormat
 
-Specify a format for the `resultFile`:  `json` (default), `html`, `pdf`, `csv`, `junit`, `sast`, or `findbugs`. You may specify a comma seperated list of formats and `resultFile` paths if you want to write multiple files.
+Specify a format for the `resultFile`:  `json` (default), `html`, `pdf`, `csv`, `junit`, `sast`, or `findbugs`. You may specify a comma separated list of formats and `resultFile` paths if you want to write multiple files.
 
 ### ignorePaths
 
@@ -68,6 +68,23 @@ Default: `false` - When `true` scans only files changed in the HEAD git commit,
 
 Default: `false` - When `true` scans only the files changed in the working copy (compared to the HEAD git commit). This is useful to scan only the files you have modified since your last git commit. 
 
+### engines
+
+Default: `lucee,adobe` - A comma separated list of CFML engines that your code will run on. This setting is useful to exclude issues specific to Lucee, or Adobe ColdFusion if you only use one or the other. You can pass the list using version numbers as well, for example: `engines=adobe@2021,adobe@2023` or `engines=lucee@6,adobe@2023` - it follows the same syntax used by the commandbox server command's `cfengine` argument. 
+
+Added in Fixinator version 4.
+
+### includeScanners
+
+Default: _Empty_ - A comma separated list of scanners ids to scan (use `--listScanners` to see the options). For example if you only want to scan for SQL Injection, you can use: `includeScanners=sqlinjection` and you will only see SQL Injection Results.
+
+Added in Fixinator version 4.
+
+### configFile
+
+The path to a `.fixinator.json` configuration file to use. See below for details on the file contents. The command line argument overrides the default search path (looking in the base directory).
+
+
 ## Environment Variables
 
 The following environment variables are used by fixinator:
@@ -130,11 +147,15 @@ A `.fixinator.json` configuration file can be placed in the root of a folder to
 		"ignoreScanners":["xss"],
 		"minSeverity": "low",
 		"minConfidence": "low",
-		"ignorePatterns": {}
+		"ignorePatterns": {},
+		"engines": ["lucee","adobe"],
+		"includeScanners":[]
 	}
 
 Note that `.fixinator.json` files placed in a subfolder of the base scan path are currently ignored.
 
+As of Fixinator version 4 you can now specify the `configFile=/path/to/.fixinator.json` to override the default path.
+
 ### ignorePaths
 
 An array of path patterns to ignore. Certain paths are always ignored such as `.git` or `.svn` paths.
@@ -172,6 +193,13 @@ Now suppose you have an a few application variables that are used in SQL, they a
 
 This is a very powerful feature, so make sure you only use it on variables, functions or patterns you know are safe.
 
+### engines
+
+An array of CFML engines that the code runs on.
+
+### includeScanners
+
+An array of scanner ids which to use, all other scanners will be ignored.
 
 ## Ignoring issues in code
 

box.json

@@ -1,8 +1,8 @@
 {
     "name":"fixinator",
-    "version":"3.0.5",
+    "version":"4.0.0",
     "author":"Foundeo Inc.",
-    "location":"foundeo/fixinator#v3.0.5",
+    "location":"foundeo/fixinator#v4.0.0",
     "homepage":"https://fixinator.app/",
     "documentation":"https://github.com/foundeo/fixinator/wiki",
     "repository":{

commands/fixinator.cfc

@@ -35,6 +35,9 @@ component extends="commandbox.system.BaseCommand" excludeFromHelp=false {
 	* @ignoreExtensions.hint A list of extensions to exclude
 	* @gitLastCommit.hint Scan only files changed in the last git commit
 	* @gitWorkingCopy.hint Scan only files changed since the last commit in the working copy
+	* @engines.hint A list of engines your code runs on, eg: lucee@5,adobe@2023 default any
+	* @includeScanners.hint A comma seperated list of scanner ids to scan, all others ignored
+	* @configFile.hint A path to a .fixinator.json file to use
 	**/
 	function run(
         string path=".",
@@ -53,6 +56,9 @@ component extends="commandbox.system.BaseCommand" excludeFromHelp=false {
         string ignoreExtensions="",
 		boolean gitLastCommit=false,
 		boolean gitChanged=false,
+		string engines="",
+		string includeScanners="",
+		string configFile=""
     )  {
 		var fileInfo = "";
 		var severityLevel = 1;
@@ -117,20 +123,14 @@ component extends="commandbox.system.BaseCommand" excludeFromHelp=false {
 			} else {
 
 			}
-			local.email = ask(message="Do you want to request a free key? Please enter your email: ");
-			if (isValid("email", local.email)) {
-				local.phone = ask(message="Phone Number (Optional): ");
-				cfhttp(method="POST", url="https://foundeo.us1.list-manage.com/subscribe/post?u=c10e46f0371b0cedc2340d2d4&id=37b8e52f1a", result="local.httpResult") {
-					cfhttpparam(name="EMAIL", value=local.email, type="formfield");
-					cfhttpparam(name="PHONE", value=local.phone, type="formfield");
-				}
-				if (local.httpResult.statusCode contains "200") {
-					print.boldGreenLine("Thanks, your request has been submitted.");
-				} else {
-					print.boldRedLine("Looks like there was an error submitting your request, please contact Foundeo inc. directly.");
-				}
+			print.line();
+			print.line("To request a free trial api key, please go here: https://fixinator.app/try/");
+			local.answer = ask(message="Would you like to open https://fixinator.app/try/ in your browser now? [y/n]: ");
+			if (left(local.answer, 1) == "y") {
+				command("browse").params(URI="https://fixinator.app/try/").run();
 			}
-
+			print.line();
+			print.line("Exiting Fixinator, please try again once you have an api key");
 			return;
 		}
 
@@ -314,6 +314,23 @@ component extends="commandbox.system.BaseCommand" excludeFromHelp=false {
 			config.ignoreExtensions = listToArray(replace(arguments.ignoreExtensions, " ", "", "ALL"));
 		}
 
+		if (len(arguments.engines)) {
+			config.engines = listToArray(replace(arguments.engines, " ", "", "ALL"));
+		}
+
+		if (len(arguments.includeScanners)) {
+			config.includeScanners = listToArray(replace(arguments.includeScanners, " ", "", "ALL"));
+		}
+
+		if (len(arguments.configFile)) {
+			arguments.configFile = fileSystemUtil.resolvePath( arguments.configFile );
+			if (!fileExists(arguments.configFile)) {
+				print.boldRedLine("Sorry: configFile was not found: #arguments.configFile#");
+				return;	
+			} else {
+				config.configFile = arguments.configFile;
+			}
+		}
 
 		if (!fileExists(arguments.path) && !directoryExists(arguments.path) && !arrayLen(paths)) {
 			print.boldRedLine("Sorry: #arguments.path# is not a file or directory.");

models/fixinator/FixinatorClient.cfc

@@ -53,20 +53,28 @@ component singleton="true" {
 		var percentValue = 0;
 		var hasProgressBar = isObject(arguments.progressBar);
 		var baseDir = "";
+		var fixinatorJSONPath = "";
 		if (len(arguments.path)) {
 			pathData = getFileInfo(arguments.path)
 			baseDir = getDirectoryFromPath(arguments.path);
 		} else {
 			//path empty was from file globber pattern
 			pathData.type = "empty";
 		}
-		if (pathData.type!= "empty" && fileExists(baseDir & ".fixinator.json")) {
-			local.fileConfig = fileRead(getDirectoryFromPath(arguments.path) & ".fixinator.json");
+		if (arguments.config.keyExists("configFile") && fileExists(arguments.config.configFile)) {
+			fixinatorJSONPath = arguments.config.configFile;
+			//no need to send this path to server
+			structDelete(arguments.config, "configFile");
+		} else if (pathData.type!= "empty" && fileExists(baseDir & ".fixinator.json")) {
+			fixinatorJSONPath = getDirectoryFromPath(arguments.path) & ".fixinator.json";
+		}
+		if (len(fixinatorJSONPath)) {
+			local.fileConfig = fileRead(fixinatorJSONPath);
 			if (isJSON(local.fileConfig)) {
 				local.fileConfig = deserializeJSON(local.fileConfig);
 				structAppend(payload.config, local.fileConfig, true);
 			} else {
-				throw(message="Invalid .fixinator.json config file, was not valid JSON");
+				throw(message="Invalid .fixinator.json config file, was not valid JSON: #fixinatorJSONPath#");
 			}
 		}
 
@@ -408,22 +416,24 @@ component singleton="true" {
 				throw(message="Fixinator API Returned 429 Status Code (Too Many Requests). This is usually due to an exceded monthly quote limit. You can either purchase a bigger plan or request a one time limit increase.", type="FixinatorClient");
 			} else {
 				//retry it once
-				sleep(500);
+				sleep(1500);
 				return sendPayload(payload=arguments.payload, isRetry=1);
 			}
-		} else if (httpResult.statusCode contains "502" || httpResult.statusCode contains "504") { 
-			//502 BAD GATEWAY or 504 Gateway Timeout - lambda timeout issue
+		} else if (httpResult.statusCode contains "502" || httpResult.statusCode contains "504" || httpResult.statusCode contains "408") { 
+			//502 BAD GATEWAY or 504 Gateway Timeout - lambda timeout issue, 408 general request timeout
 			if (arguments.isRetry >= 2) {
 				local.payloadPaths = arrayMap(arguments.payload.files, function(item) {
 					return item.path;
 				});
 				throw(message="Fixinator API Returned #httpResult.statusCode# Status Code. Please try again shortly or contact Foundeo Inc. if the problem persists.", detail="Paths: #serializeJSON(local.payloadPaths)#", type="FixinatorClient");
 			} else {
-				//retry it
-				sleep(500);
+
 				if (isDebugModeEnabled()) {
-					debugger("Attempting Retry of Payload #local.payloadID#");
+					debugger("#httpResult.statusCode# Status Code -- #httpResult.fileContent#");
+					debugger("Attempting Retry #arguments.isRetry# of Payload #local.payloadID#");
 				}
+				//retry it
+				sleep(500 + (val(arguments.isRetry)*500));
 				//split payload in to two
 				if (arrayLen(arguments.payload.files) > 2) {
 					local.payloadA = {"config"=arguments.payload.config, files=[]};