Merge branch 'dev' into queryparamchecker-fix

.github/workflows/gradle.yml

@@ -0,0 +1,32 @@
+name: Gradle
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+      - dev
+
+jobs:
+  gradle:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Set up JDK 8
+      uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version: 8
+
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@v3
+      with:
+        gradle-version: wrapper
+
+    - name: Build with Gradle
+      run: ./gradlew build

BUILDING.md

@@ -1,51 +1,63 @@
-![CFLint](/src/main/resources/CFLint-logo.jpg)
+![CFLint](/src/main/resources/logos/CFLint-logo.jpg)
 
-Building CFLint
-====================
+# Building CFLint
+
+## Quick Start
 
-# Quick Start
     git clone https://github.com/cflint/CFLint.git
     cd CFLint
     git checkout dev
     gradlew clean build
     CFLint will be built to build\libs
 
-# Using Eclipse
+## Using Eclipse
+
     Start eclipse
     Help>Eclipse Marketplace
     Install 'BuildShip' for Gradle integration
-## Eclipse - Import existing project     
+
+### Eclipse - Import existing project
+
     File>New>Other>Gradle>Gradle Project
     Name the project, uncheck 'Use default location', browse to your git clone.
-## OR, Eclipse - check out with eGit
+
+### OR, Eclipse - check out with eGit
+
     Window>Show View>Git Repositories
     past the git url for CFLint
     CFLint>Branches>Remote Tracking>origin/dev  
     right click on origin/dev and checkout.
-
-## Eclipse - Refresh and Build Eclipse CFLint project
+
+### Eclipse - Refresh and Build Eclipse CFLint project
+
     Right click on CFLint in the project navigator,
     Gradle>Refresh Gradle Project.
     (use when the build.gradle file changes)
-
-## Eclipse - Running Junit tests
+
+### Eclipse - Running JUnit tests
+
     Right click on src/test/java/com/cflint/integration/TestFiles.java
     Run As>JUnit Test
     This will run most the majority of the unit tests.
-
-# Adding a Junit test
+
+## Adding a JUnit test
+
 The best way to add a new test to the CFLint test suite is to add it to:
 
     src\test\resources\com\cflint\tests\
-    
-as pure CF code.  Give the file a name that describes the scenario you are testing and a '.cfm' or '.cfc' extension.  The first time you run TestFiles, the build will create
-a file with the same name as your input, but with an extension of ".expected.txt".  Future runs will only pass if the actual results match the 
+
+as pure CF code.  Give the file a name that describes the scenario you are testing and a `.cfm` or `.cfc` extension.  The first time you run TestFiles, the build will create
+a file with the same name as your input, but with an extension of `.expected.txt`.  Future runs will only pass if the actual results match the 
 expected file.
 For CFLint, this is better practice than writing the JUnit test yourself.
 
-# Contributing.
+## Contributing
+
 Contributions are welcome.  Here's how you make your first code or test contributions:
-* Fork CFLint on github.
-* Make your changes in the dev branch.
-* Push your changes to your github repo.
-* Create a pull request.
+
+* Fork CFLint on GitHub.
+* Make your changes in a local branch created from the `dev` branch.
+* Push your changes to your GitHub repo.
+* Create a pull request targeting the `dev` branch of the main repository.
+
+Also see [CONTRIBUTING.md](/CONTRIBUTING.md)

CODE_OF_CONDUCT.md

@@ -1,23 +1,21 @@
-![CFLint](/src/main/resources/CFLint-logo.jpg)
+![CFLint](/src/main/resources/logos/CFLint-logo.jpg)
 
-Code of Conduct
-===============
+# Code of Conduct
+
+## TL;DR
 
-### TL;DR 
 Don't be a dick!
 
-### What we stand for
+## What we stand for
 
-CFLint is a project developed and worked on by volunteers. Please be nice and considerate, we're here to help. We really appreciate fixes and improvements, feel free to talk to us and/or provide pull requests.
+CFLint is a project developed and worked on by volunteers. Please be nice and considerate -- we're here to help. We really appreciate fixes and improvements, so feel free to talk to us and/or provide pull requests.
 
 This is a place where considerate positive people, who enjoy fun and care about their craft and its impact, come together to code, learn, talk, hang out and build a product for the greater good of the CFML community.
 
 We're inclusive and harassment-free based on treating everyone with respect and kindness, regardless of gender, sexual orientation, age, physical ability or appearance, ethnicity or religious beliefs.
 
-We try to do everything we can to ensure that only the good stuff happens. If somebody violates that, or makes you feel uncomfortable or unsafe in any way, please let us know. We’ll take it seriously and their behaviour will be dealt with as deemed necessary. They’ll certainly be asked to stop the inappropriate behaviour and will be expected to comply immediately. It may also include ejection from the project.
+We try to do everything we can to ensure that only the good stuff happens. If somebody violates that, or makes you feel uncomfortable or unsafe in any way, please let us know. We'll take it seriously and their behaviour will be dealt with as deemed necessary. They'll certainly be asked to stop the inappropriate behaviour and will be expected to comply immediately. It may also include ejection from the project.
 
-We respect all participants, and assume everyone joins in good faith. We won’t attempt to list all the behaviours that are unacceptable and inappropriate when you are interacting with your peers, in case we inadvertently exclude the one very thing leads to an incident. To quote the folks from the Kiwicon conference, the “inventive genius of random assholes” is limitless. It surely goes without saying however, that offensive comments, intimidation, stalking, sustained disruption of discussions and unwelcome sexual attention are totally inappropriate.
+We respect all participants, and assume everyone joins in good faith. We won't attempt to list all the behaviours that are unacceptable and inappropriate when you are interacting with your peers, in case we inadvertently exclude the one very thing leads to an incident. To quote the folks from the Kiwicon conference, the “inventive genius of random assholes” is limitless. It surely goes without saying however, that offensive comments, intimidation, stalking, sustained disruption of discussions and unwelcome sexual attention are totally inappropriate.
 
 If you have any concerns whatsoever, about the comfort and safety of yourself or someone else, please contact [Ryan](https://github.com/ryaneberly) or [Kai](https://github.com/TheRealAgentK) at any time.
-
-

CONTRIBUTING.md

@@ -1,20 +1,19 @@
-![CFLint](/src/main/resources/CFLint-logo.jpg)
+![CFLint](/src/main/resources/logos/CFLint-logo.jpg)
 
-Contributing to CFLint
-======================
+# Contributing to CFLint
 
-# Project and library organisation
+## Project and library organisation
 
-CFLint is a project developed and worked on by volunteers. When logging issues please be nice and considerate, we're here to help. We really appreciate fixes and improvements, feel free to talk to us and/or provide pull requests.
+CFLint is a project developed and worked on by volunteers. When logging issues please be nice and considerate -- we're here to help. We really appreciate fixes and improvements, so feel free to talk to us and/or provide pull requests.
 
-/src/main contains the source code. Tests can be found in /src/test. CFLint relies heavily on the [CFParser](https://github.com/cfparser/cfparser) project as well as a bunch of 3rd party Java libraries.
+`/src/main` contains the source code. Tests can be found in `/src/test`. CFLint relies heavily on the [CFParser](https://github.com/cfparser/cfparser) project as well as a bunch of 3rd party Java libraries.
 
-The master branch is considered our stable codebase. Most of the development happens in the dev branch resp. local development branches for specific issues.
+The `master` branch is considered our stable codebase. Most of the development happens in the `dev` branch resp. local development branches for specific issues.
 
-# How to contribute?
+## How to contribute?
 
-The main repository of this project is https://github.com/cflint/CFLint.
+The main repository of this project is <https://github.com/cflint/CFLint>.
 
-Please fork from there, create a local dev branch from origin/dev (named so that it explains the work in the branch), and submit a pull request against the main repository's dev branch. Even better, get in touch with us here on Github before you undertake any work so that it can be coordinated with what we're doing.
+Please fork from there, create a local dev branch from `origin/dev` (named so that it explains the work in the branch), and submit a pull request against the main repository's `dev` branch. Even better, get in touch with us here on GitHub before you undertake any work so that it can be coordinated with what we're doing.
 
 If you're interested in contributing on a regular basis, get in touch with [Ryan](https://github.com/ryaneberly) and we can add you to the internal CFLint Slack team.

Dockerfile

@@ -1,7 +1,7 @@
-FROM gradle:4.7.0-jdk8-alpine AS build
+FROM gradle:5.6.2-jdk8 AS build
 COPY --chown=gradle:gradle . /home/gradle/src
 WORKDIR /home/gradle/src
-RUN gradle build -x test --no-daemon 
+RUN gradle build -x test --no-daemon
 
 FROM openjdk:8-jre-slim
 

README.md

@@ -1,26 +1,28 @@
-![CFLint](/src/main/resources/CFLint-logo.jpg)
+![CFLint](/src/main/resources/logos/CFLint-logo.jpg)
 
-# CFLint [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6f4b01d4d2cb4860b60ac666452071f1)](https://www.codacy.com/app/ryaneberly/CFLint?utm_source=github.com&utm_medium=referral&utm_content=cflint/CFLint&utm_campaign=Badge_Grade) [![Build Status](https://travis-ci.org/cflint/CFLint.svg?branch=master)](https://travis-ci.org/cflint/CFLint)
+# CFLint
+
+[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.cflint/CFLint) [![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/6f4b01d4d2cb4860b60ac666452071f1)](https://www.codacy.com/app/ryaneberly/CFLint?utm_source=github.com&utm_medium=referral&utm_content=cflint/CFLint&utm_campaign=Badge_Grade) [![Build Status](https://travis-ci.org/cflint/CFLint.svg?branch=master)](https://travis-ci.org/cflint/CFLint)
 
 A static code analysis tool for CFML.
 
-License: [BSD](http://www.opensource.org/licenses/bsd-license.html)
+License: [BSD](https://opensource.org/licenses/bsd-license.html)
 
 Current Version: 1.5.x
 
-# Versions
+## Versions
 
 See [CHANGELOG.md](/CHANGELOG.md) for further information.
 
-# Project and library organization
+## Project and library organization
 
 CFLint is a project developed and worked on by volunteers. When logging issues please, be nice and considerate. We're here to help. We really appreciate fixes and improvements, so feel free to talk to us and/or provide pull requests.
 
 `/src/main` contains the source code. Tests can be found in `/src/test`. CFLint relies heavily on the [CFParser](https://github.com/cfparser/cfparser) project as well as a bunch of third-party Java libraries.
 
 The master branch is considered our stable codebase. Most of the development happens in the dev branch resp. local development branches for specific issues.
 
-# Building CFLint
+## Building CFLint
 
 1. Fork the repository into your account and clone or download the codebase as a zip-file.
 1. Install the tooling of your choice and build via Gradle or Maven (deprecated). CFLint requires Java 8.
@@ -39,17 +41,17 @@ The master branch is considered our stable codebase. Most of the development hap
 
     Alternatively, import the CFLint codebase into the IDE of your choice and use its respectively Gradle/Maven integration. This should work out of the box for Eclipse and IntelliJ users.
 
-# Using CFLint - Quickstart Guide
+## Using CFLint - Quickstart Guide
 
-Get the latest version from [Maven Central](http://search.maven.org/#search%7Cga%7C1%7Ccflint) or the [CFLint GitHub release page](https://github.com/cflint/CFLint/releases) or build the project.
+Get the latest version from [Maven Central](https://search.maven.org/search?q=cflint) or the [CFLint GitHub release page](https://github.com/cflint/CFLint/releases) or build the project.
 
 If you want to use CFLint from within another Maven project, use:
 
 ```xml
 <dependency>
     <groupId>com.github.cflint</groupId>
     <artifactId>CFLint</artifactId>
-    <version>1.4.0</version>
+    <version>1.4.1</version>
 </dependency>
 ```
 
@@ -65,19 +67,19 @@ Or always use the latest:
 
 With the binaries retrieved one or the other way, you can now use CFLint on the command line.
 
-#### Use the "-all"-version of the jar-file
+### Use the "-all"-version of the jar-file
 
     CFLint-1.5.0-all.jar
 
-#### Scan a folder with the complete set of rules
+### Scan a folder with the complete set of rules
 
     java -jar CFLint-1.5.0-all.jar -folder <baseFolder>
 
-#### Scan a file with the complete set of rules
+### Scan a file with the complete set of rules
 
     java -jar CFLint-1.5.0-all.jar -file <fullPathToFile>
 
-#### See parameters and help
+### See command line parameters and help
 
     java -jar CFLint-1.5.0-all.jar -help
 
@@ -131,13 +133,13 @@ An example `.cflintrc` file is shown below:
 
 * `inheritParent` configures if the rules set in the global or any parent configuration should be inherited as a base set of rules.
 
-* `parameters` allows configuration of rule parameters. See `cflint.definition.json` for the parameters and their defaults.
+* `parameters` allows configuration of rules. See [RULES.md](/RULES.md) for the parameters of each rule and their defaults. You must precede the parameter name with the rule name separated by a dot.
 
 * Please note: `inheritPlugins` and `output` were marked deprecated in CFLint 1.2.0 and removed in 1.4.0. Plugin inheritance is now always treated as true since the team cannot see a use case in which it should be disabled. The output type can be controlled elsewhere, such as command-line flags.
 
 We provide a [schema with the deprecated properties excluded](/src/main/resources/schemas/.cflintrc.schema.json).
 
-More examples of `.cflintrc` files can be found by browsing the [project test files](/src/test/resources/com/cflint/tests).
+See [Recipes](#recipes) for some usage examples of `.cflintrc`. Example files can be found by browsing the [project test files](/src/test/resources/com/cflint/tests).
 
 ### Annotation-based configuration
 
@@ -232,7 +234,7 @@ The exception is debug mode. In debug mode, CFLint will always ignore user setti
 
 The flag `-html` instructs CFLint to create an HTML document. The full syntax is:
 
-    -html -html <outputFileName>
+    -html -htmlfile <outputFileName>
 
 ### XML
 
@@ -547,7 +549,7 @@ Note: The back slashes must be escaped twice, once for JSON, once for regular ex
 
 Raise issues here on GitHub and we will look at them.
 
-The [CFML Slack team](http://cfml-slack.herokuapp.com/) has a `#cflint` channel you can join and talk to most of the regular contributors and other users.
+The [CFML Slack team](https://cfml-slack.herokuapp.com/) has a `#cflint` channel you can join and talk to most of the regular contributors and other users.
 
 # How to contribute