[Coldbox 4.3.0][windows IIS] Coldbox trying to access forbidden files on shared hosting service

Hi

[Note, this is a new thread, but it kind of follows on from this one: Google Groups]

My application is running fine on my DEV server, which runs OSX. The Coldbox framework files are located inside the application, at the first level under the application root.

When I deploy the files to a shared hosting service, running windows IIS, there is an immediate error because Coldbox is trying to access a custom tag that belongs to a different app on the same server, and of course it doesn’t have access to it.

Here’s the error and stacktrace. My app is called ‘zazzu’. The app on the server that is nothing to do with me is called ‘ronaldthies’.

Security: The requested template has been denied access to D:/Inetpub/ronaldthies/common/tags.

The following is the internal exception message: access denied (“java.io.FilePermission” “D:/Inetpub/ronaldthies/common/tags” “read”)

java.security.AccessControlException: access denied (“java.io.FilePermission” “D:/Inetpub/ronaldthies/common/tags” “read”) at cfModuleService2ecfc1850769240$funcSCANMODULESDIRECTORY.runFunction(D:/Inetpub/zazzu/coldbox/system/web/services/ModuleService.cfc:785) at cfModuleService2ecfc1850769240$funcBUILDREGISTRY.runFunction(D:/Inetpub/zazzu/coldbox/system/web/services/ModuleService.cfc:775) at cfModuleService2ecfc1850769240$funcREBUILDMODULEREGISTRY.runFunction(D:/Inetpub/zazzu/coldbox/system/web/services/ModuleService.cfc:75) at cfModuleService2ecfc1850769240$funcREGISTERALLMODULES.runFunction(D:/Inetpub/zazzu/coldbox/system/web/services/ModuleService.cfc:90) at cfModuleService2ecfc1850769240$funcONCONFIGURATIONLOAD.runFunction(D:/Inetpub/zazzu/coldbox/system/web/services/ModuleService.cfc:41) at cfLoaderService2ecfc304470206$funcLOADAPPLICATION.runFunction(D:/Inetpub/zazzu/coldbox/system/web/services/LoaderService.cfc:52) at cfBootstrap2ecfc1389562529$funcLOADCOLDBOX.runFunction(D:/Inetpub/zazzu/coldbox/system/Bootstrap.cfc:70) at cfApplication2ecfc415942325$funcONAPPLICATIONSTART.runFunction(D:/Inetpub/zazzu/Application.cfc:41)

How do I prevent Coldbox from trying to access files that don’t belong to my app?

This sound like a question you need to be asking your hosting provider, not the ColdBox list :slight_smile: ColdBox really has nothing to do with this. It looks like some ColdFusion setting that is trying to scan someone else’s custom tag folder.

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Hi Brad

Well, of course I already did that. They said:

“It looks like your site is not fully configured. You need to configure your ColdBox template to your account. Since it is trying to access another user’s directory on the server. Your path on the server is D:/Inetpub/zazzu/”

Is there nothing in the Coldbox settings I can tweak to prevent this error? I already tried this:

settings.ModulesLocation = “/zazzu/modules/”;

settings.ModulesExternalLocation = arrayNew(1);

But that just brought on a new error:

Security: The requested template has been denied access to createClassLoader.

The following is the internal exception message: access denied (“java.lang.RuntimePermission” “createClassLoader”)

The error occurred in D:/Inetpub/zazzu/coldbox/system/core/util/Util.cfc: line 222

Called from D:/Inetpub/zazzu/coldbox/system/ioc/config/Mapping.cfc: line 599

Called from D:/Inetpub/zazzu/coldbox/system/ioc/Injector.cfc: line 251

Called from D:/Inetpub/zazzu/coldbox/system/web/services/InterceptorService.cfc: line 285

Called from D:/Inetpub/zazzu/coldbox/system/web/services/InterceptorService.cfc: line 226

Called from D:/Inetpub/zazzu/coldbox/system/web/services/InterceptorService.cfc: line 107

Called from D:/Inetpub/zazzu/coldbox/system/web/services/InterceptorService.cfc: line 73

Called from D:/Inetpub/zazzu/coldbox/system/web/services/LoaderService.cfc: line 52

Called from D:/Inetpub/zazzu/coldbox/system/Bootstrap.cfc: line 70

Called from D:/Inetpub/zazzu/Application.cfc: line 41

If you were me, what would you try?

Sounds like your hosting company is giving you crap. First, search through 100% of your code and make sure there’s no references anywhere to a string called “ronaldthies”.

If not, get them on the phone and figure out what’s going on. You can also try to debug exactly at what point it’s happening. If I were to guess what’s going on, I’d say that they have some caching feature probably enabled (like component caching) and you have a custom tag or CFC named the same as another person on the server. That stupid component cache has caused many issues like this. I’ve never understand why Adobe even has the setting (Lucee doesn’t!) and any hosting company shouldn’t have it enabled for sure.

If you try/catch the error, you can figure out the name of the CFC that is being created/read which might provide clues.

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Hi Brad

I passed your comments on. No response yet.

In the meantime I caught the error in the ModuleService.cfc. It doesn’t tell me anything I couldn’t already see in the stacktrace, but maybe you can see something I can’t? https://zazzu.org/?fwreinit=1

One thing I did notice was that the “arguments.dirpath” which is giving us trouble, and is passed in from ApplicationLoader.cfc, is at this point “/modules_app”. This is a string that is prepended as a ‘convention’ in the ApplicationLoader.cfc parseColdboxSettings() function. What does it do?

Well, you’re just dumping out the error struct. Dump out the actual variables in that code that control what files, etc are being read.

Does this line of code match with the version of Coldbox you have in your app:
https://github.com/ColdBox/coldbox-platform/blob/v4.3.0/system/web/services/ModuleService.cfc#L787

If so, it’s a directory list. Dump out the variables in play such as the expanded directory path being listed as well as the pre-expanded path.

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Hey, are you on CFML Slack? I’m sitting here refreshing that site and watching as you debug. it seems you’re off in the weeks of worrying about all the possible inputs to that function, but the only one we really care about ti one that’s erroring. And specifically, what the expanded path is! (you’re not dumping that yet)

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Hi Brad

I can’t get the expanded path, because it errors(!)

Here’s what I can tell:

rebuildModuleRegistry() builds up the modLocations array. For me it is:

  1. /coldbox/system/modules

  2. /modules

  3. /modules_app

These get passed to buildRegistry() which in turn passes them one-by-one to scanModulesDirectory(). scanModulesDirectory() fails when it tries to expandPath on the third one.

So, I created a new (empty) directory called /modules_app and we have moved the error on.

Security: The requested template has been denied access to createClassLoader.

I guess this probably isn’t therefore the solution.

[PS. From your previous post, Yes, that line of code matches exactly.]

I could be wrong, but it sounds to me like there may be a server-level mapping that is conflicting with the paths you are using in your application.

Have you dumped expandPath( "/modules " ), and expandPath( "/modules_app " ) - or any other modules/externalModules locations you have defined in config/Coldbox.cfc, to make sure there isn’t a server-level mapping that’s overwriting your local directory?

Thanks for input Jon. The expandPath call itself is actually erroring! I just did a quick screenshare and we found the following issues that he’ll need to report to his shared host.

  1. Component caching appears to be turned on which is causing coldbox.etc to map to other random sites on the server (and then erroring out due to sandbox security)
  2. Server wide custom tag paths that point to other random sites on the server are being searched by expandPath() (and then erroring out due to sandbox security)
  3. The ColdFusion 11 server has had zero updates applied, which quite possibly is contributing to issue #2

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com