A statistical code analysis tool for ColdFusion (in the spirit of FindBugs and Lint)
Mature, flawless? No, you can help:
Download at releases page.
See the Jenkins/Hudson plugin here.
Someone has created a SublimeLinter plugin here.
Ray Camden created a CFBuilder plugin here and blogs about CFLint here.
cflint --folder <somefolder>
open cflint-result.html in your browser
cflint --folder c:\source\cfmx
cflint-ui
cflint --help
Note, most of these apply equally to cfscript and CFML.
Variable assigned without a scope. This puts in a large scope that is usually intended. Suggest using the 'var name' statement of explicit 'LOCAL.name' statement.
<cffunction name="function1">
<cfset unsafeVar = 123>
</cffunction>
Nested <cfoutput/> tags, the outer tag has an @query attribute, it should also specify the @group attribute.
<cfoutput query="qry" group="SomeColumn">
<cfoutput>#SomeColumn#</cfoutput>
</cfoutput>
QueryNew should specify the datatypes of the columns.
<cfset var qry = QueryNew('SomeColum','VarChar')>
Variable is varr'd with the same name as one of the arguments. This is confusing or incorrect.
<cffunction name="function1">
<cfargument name="arg1">
<cfset var arg1 = 123>
</cffunction>
Variable referenced both as an unscoped (local) and an argument. Code should consistently use one or the other.
<cffunction name="function1">
<cfargument name="arg1">
<cfset arg1 = 123>
<cfset var y = arguments.arg1>
</cffunction>
Arguments that are not required should specify a default value (@default)
<cffunction name="function1">
<cfargument name="arg1" required="false" default="somestring"/>
</cffunction>
Functions should specify @output="false"
<cffunction name="function1" output="false">
..
</cffunction>
<cfquery name=\"LOCAL.categories\">
SELECT * FROM product_categories p
WHERE p.id = #LOCAL.id#
</cfquery>
Should use
<cfqueryparam value="#LOCAL.id#"/>