<@U070SQMD1> I can't find anything about these que...
# luceea
Adam Cameron
09/07/2022, 5:26 PM
@zackster I can't find anything about these query listeners other than this:
https://southofshasta.com/blog/cfcamp-notes-on-railo/#:~:text=CFquery%20listener%3D%22%23listener%23%22
https://www.google.com/search?q=lucee+%22query+listener%22
Should I take this to mean they are not documented? I searched for a few things. Both in Google and in yer docs.
z
zackster
09/08/2022, 4:34 AMYeah that was my take away from my research yesterday after you asked me that question. Needs to be written up. One thing we recently experienced which needs to be included in the docs is that queries results aren't always queries, they can also be structs or arrays
zackster
09/08/2022, 5:27 AMI'm writing this up
zackster
09/08/2022, 6:33 AMJust added some documentation for query listeners https://dev.lucee.org/t/query-listeners/11051
a
Adam Cameron
09/08/2022, 6:51 AM
Ah nice one man. Thanks for that.
f
foundeo
09/08/2022, 3:36 PM
Thanks for writing it up @zackster - very cool feature — what if you could do this to any tag 🤔 or function 🤔
foundeo
09/08/2022, 3:37 PM
sure it would be a footgun, but I can think of some nice uses for security
z
zackster
09/08/2022, 3:37 PMcflog for sure
f
foundeo
09/08/2022, 3:38 PM
cffile, and all the functions that access file system
z
zackster
09/08/2022, 3:39 PMyou mean resource logging?
f
foundeo
09/08/2022, 3:39 PM
I would use it for sanity checking the paths
foundeo
09/08/2022, 3:39 PM
for example why is the developer trying to read /etc/passwd
foundeo
09/08/2022, 3:39 PM
or write to whereever…
foundeo
09/08/2022, 3:41 PM
and then you could block accesses to paths not on allow list… would be handy because most people are really bad at configuring the OS file system permissions properly
foundeo
09/08/2022, 3:41 PM
or they are running as root so it doesn’t matter
foundeo
09/08/2022, 3:43 PM
maybe something to think about for Lucee 7, I could be the only one that wants it though 🤷
foundeo
09/08/2022, 3:47 PM
aware of that setting, but the problem with that is to use
localz
zackster
09/08/2022, 3:48 PMyeah, that we can easily improve i reckon
f
foundeo
09/08/2022, 3:48 PM
so you almost always want local + one folder 🙂
foundeo
09/08/2022, 3:50 PM
I don’t want to distract from Lucee 6 getting released so let’s talk about this idea again in the future
z
zackster
09/08/2022, 3:52 PMplz file a bug, I'd like to check that's still working with single mode too in 6.0
f
foundeo
09/08/2022, 3:52 PM
ok will do
foundeo
09/08/2022, 4:04 PM
hmm - It looks like local actually does support custom paths
z
zackster
09/08/2022, 4:31 PMthis code?
else throw new SecurityException("invalid access value [" + accessValue + "]", "valid access values are [all,local,no,none,yes,1,...,10]");zackster
09/08/2022, 4:32 PMwould just creating a mapping grant access?
zackster
09/08/2022, 5:31 PMAhh long day today for me, sighs
f
foundeo
09/08/2022, 5:32 PM
are these file access settings exposed to Application.cfc? that would be cool I didn’t see it when I exported Application.cfc from admin, or in the Application.cfc docs so I’m assuming it is not supported there