29 Aug, 2008  |  Written by  |  under ColdFusion

This has been an issue for a long time, but the past few weeks, we’ve started to see some automated attacks against ColdFusion sites trying to inject rogue SQL via forms and other parameters.  Ugh.  I’ve been working with a great piece of code called Portcullis, but it has a few rough edges that make it hard to deploy.  Here’s my application.cfm, in case it’s useful for anybody else fighting this:

<cftry>
	<cfif isdefined("application.Portcullis") eq false or isdefined("url.reset")>
	<cfset application.Portcullis = createObject("component","com.fusionlink.Portcullis").init()/>
	</cfif>

	<cfset application.Portcullis.scan(url,"url",cgi.remote_addr)>
	<cfset application.Portcullis.scan(form,"form",cgi.remote_addr)>
	<cfset application.Portcullis.scan(cookie,"cookie",cgi.remote_addr)>

	<cfif application.Portcullis.isBlocked(cgi.remote_addr) eq true>
	 Sorry, there was an error detected.
	 <cfmail from="you@you.com"
	  to="you@you.com"
	  subject="SEI Portcullis: User Blocked" type="html">
	  <cfdump var="#cgi#"/>
	 </cfmail>
	 <cfabort/>
	</cfif>

	<cfcatch type="any">
	 <cfmail from="you@you.com"
	  to="you@you.com"
	  subject="SEI Portcullis Threw Exception" type="html">
<a href="http://#CGI.SERVER_NAME##CGI.SCRIPT_NAME#?#CGI.QUERY_STRING#">Page URL</a>
#cfcatch.message#
	detail: #cfcatch.Detail# <br />
	<cfif IsDefined("cfcatch.SQLState")>
	sqlstate: #cfcatch.SQLState# <br />
	</cfif>
	type: #cfcatch.type# <br />
	  <cfdump var="#cgi#"/>
	 </cfmail>
	</cfcatch>
</cftry>