Managed Hosting



Project Home Wiki Known Issues External Project Link Contact Project

Author: Chris Weller (All RIAForge projects by this author)
Last Updated: June 3, 2013 5:31 AM
Version: 1.0.1
Views: 6,032
Downloads: 493
License: Apache License, Version 2


CodeChecker is a code review automation tool that helps take away the tedious (and boring) aspects of reviewing code.

It has a UI to be ran from the browser, or you can call the CFCs directly in MXUnit.

All rules are fully customizable, and you can easily add new rules.

- Rule Categories
* Security
* Performance
* Standards
* Mainenance

- Rules
* Prohibit client scoped variables in a CFM page
* File upload warnings to ensure they use the accept attribute and check for valid file extension and MIME type.
* Prohibit nested cflock tags
* Prohibit ParameterExists()
* Prohibit IsDefined()
* Prohibit Evaluate()
* Prohibit DE()
* Prohibit IIF()
* Prohibit StructFind()
* Prohibit DecrementValue()
* Prohibit IncrementValue()
* Use Len() instead of is "", is not "", etc.
* Prohibit SetVariable()
* Prohibit cfquery in a CFM page
* Prohibit shared scope variables (form, application, url, session, cgi, client, request, cookie) in a CFC
* Prohibit IS and GT for boolean tests
* Prohibit IS/IS NOT when comparing numbers
* Prohibit EQ/NEQ when comparing strings
* Prohibit mathematical operations on strings
* Prohibit the ampersand concatenator on numbers
* Prohibit empty cfcatch blocks
* Prohibit output=true in cfcomponent and cffunction
* Require init method in CFCs
* Require onMissingMethod method in CFCs
* Require hints in cfcomponent, cffunction, and cfargument
* Use ArrayNew() instead of ArrayNew(1)
* Prohibit arguments-scoped datasource (since the datasource should be set on object instantiation)
* Prohibit cfabort and abort()
* Prohibit cfdump and writedump()
* Prohibit cflog and writelog()
* Prohibit console.log()

- Third Party Plugins
* QueryParamScanner by Peter Boughton
* VarScoper by Mike Schierberl

Last Update:

modified "Use Len method" rule pattern (replaced double quotes with octal value 042 to eliminate false
positives; added octal 047 for single quote expressions); modified ArrayNew(1) rule message

Issue Tracker:

This project has an external bug tracker. You can find it here: