How Does Fixinator Work
Fixinator operates in a client / server model. The client gathers the code to scan, sends it to the server and then formats the results. The server does the actual processing of the code to look for issues.
The fixinator client source code is fully open source and can be found here. The client is packaged such that it can be run from the CommandBox cli, but since it is all written in CFML, you could actually build your own applications or tools that utilize fixinator as well if you wanted to.
- Run Scan - the client accepts the file path and config.
- Determine Files - based on the config it builds an array of files to scan
- Batch Files in to Chunks - the client then creates batches of files that can be sent to the server. The batch is limited to 35 files / 512kb per batch.
- Batches are sent to a Fixinator server
- Results are aggregated and displayed in the cli or in a report file.
Unlike the client, the fixinator server is not open source. You can either use our Hosted / Cloud Based Fixinator server or you can run the server on your own premises with an enterprise license.
- Server Accepts a Scan Request
- Parses the CFML and runs it through a number of different scanners
- Returns scan results as JSON
No, the scanning is done in memory, so it is disposed of once the request completes. Further the Cloud Based server runs in an AWS Lambda serverless architecture. This means that the entire server instance your scan runs on is terminated / recycled / disposed of within an hour or so. Sorry, no offense, but we don't want your code!
Yes, this requires an Enterprise License.
Fixinator can run on Lucee 5+ or Adobe ColdFusion 2016, 2018+. It can run on any operating system that CF can run on (Windows, Linux, Mac, etc). There are no external dependencies or databases to setup, just drop a folder in a web root.
