e0d89f9957
- Fix SQL injection in displayprofile.asp (parameterized query) - Add HTMLEncode to XSS-vulnerable output in 5 display pages - Add Option Explicit to computers.asp, displaymachines.asp, displaypcs.asp, displayapplication.asp, displayprofile.asp - Update STANDARDS.md with test script reference, secrets management, column naming gotchas - Fix equipment type ranges in CLAUDE.md and QUICK_REFERENCE.md (1-15, 21-25) - Add migration SQL to cleanup redundant PC machinetypes (34-46) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
6.1 KiB
6.1 KiB
ShopDB - Claude Code Instructions
Project Overview
ShopDB is a Classic ASP/VBScript web application for managing manufacturing shop floor infrastructure at GE Aerospace. It tracks machines, PCs, printers, and network devices.
Technology Stack
- Backend: Classic ASP (VBScript)
- Database: MySQL 5.6
- Frontend: Bootstrap 4.6, jQuery, DataTables
- Server: IIS on Windows VM (192.168.122.151:8080)
- Version Control: Gitea (localhost:3000)
Environment Access
Claude can access (dev environment):
- Dev MySQL database via Docker (localhost:3306)
- Dev IIS via Windows VM (192.168.122.151:8080)
- Local files and Gitea
Claude CANNOT access (production):
- Production IIS server
- Production IIS logs
- Production MySQL database
- Zabbix server (10.48.130.113)
For production tasks, user must:
- Relay production data/logs to Claude
- Deploy files to production IIS
- Execute database changes on production
Key Architecture
Database Schema (Phase 2 - Current)
machines table (unified)
├── Equipment (machinetypeid 1-15 and 21-25, pctypeid IS NULL)
├── PCs (machinetypeid 33+, pctypeid IS NOT NULL)
└── Network Devices (machinetypeid 16-20)
printers table (separate)
communications table (all network interfaces)
machinerelationships table (PC↔equipment links)
Key Queries
-- All PCs
SELECT * FROM machines WHERE pctypeid IS NOT NULL;
-- All Equipment (excludes network devices and PCs)
SELECT * FROM machines WHERE pctypeid IS NULL
AND machinetypeid NOT IN (16,17,18,19,20) AND machinetypeid < 33;
-- Network devices
SELECT * FROM machines WHERE machinetypeid IN (16,17,18,19,20);
File Structure
/home/camp/projects/windows/shopdb/
├── *.asp # Main ASP pages
├── api.asp # REST API for PowerShell
├── includes/ # Shared includes (header, footer, sql)
├── js/ # JavaScript files
├── css/ # Stylesheets
├── images/ # Images and icons
├── docs/ # Documentation
├── sql/ # SQL scripts
│ ├── migration_phase1/
│ ├── migration_phase2/
│ └── migration_phase3/
└── logs/ # Application logs
Log Locations
IIS Logs (Windows VM): /home/camp/projects/windows/logs/shopdb/
- Format:
ex[YYMMDD].log(e.g.,ex251201.logfor Dec 1, 2025) - These are synced from the Windows VM via Samba share
- Contains HTTP request logs with status codes and error messages
API Logs: Check logs/ folder in shopdb directory on IIS
Coding Standards
ASP/VBScript
- Always use parameterized queries - Never concatenate user input into SQL
- Use HTMLEncode for output - Prevent XSS attacks
- Convert text fields to strings - Use
& ""to avoid type mismatch errors - Use Option Explicit - Declare all variables
Example Safe Query
Dim cmd, rs
Set cmd = Server.CreateObject("ADODB.Command")
cmd.ActiveConnection = objConn
cmd.CommandText = "SELECT * FROM machines WHERE machineid = ?"
cmd.Parameters.Append cmd.CreateParameter("@id", 3, 1, , machineId)
Set rs = cmd.Execute()
Example Safe Output
' Always convert to string and encode
Dim hostname
hostname = ""
If NOT IsNull(rs("hostname")) Then hostname = rs("hostname") & ""
Response.Write(Server.HTMLEncode(hostname))
Common Tasks
Reading Files
- Main pages are in project root (*.asp)
- Includes are in /includes/
- Check docs/ for documentation
Making Changes
- Read the file first
- Use parameterized queries for any SQL
- Test on dev server (192.168.122.151:8080)
- Check IIS logs for errors
Database Access
docker exec -it dev-mysql mysql -u root -prootpassword shopdb
Important Notes
VBScript Limitations
- No
IIf()function - use If-Then-Else instead - No Try-Catch - use On Error Resume Next carefully
- Strings are 1-indexed, not 0-indexed
Column Name Gotchas
addressnotipaddressin communications table (but printers usesipaddress)defaultgatewaynotgatewayin communications tablemachinenotesnotnotesin machines tablemachineidnotpcidfor PCs in machines tablecommconfiganddncconfigtables (not pc_comm_config, pc_dnc_config)
PC Identification
PCs are in the machines table, identified by:
pctypeid IS NOT NULLmachinetypeid IN (33, 34, 35)
API Endpoints
Base URL: http://192.168.122.151:8080/api.asp
| Action | Method | Description |
|---|---|---|
| updateCompleteAsset | POST | PC data collection |
| getDashboardData | GET | Health check |
| updatePrinterMapping | POST | Printer assignments |
External Integrations
| Page | Purpose |
|---|---|
printerlookup.asp?ip=x.x.x.x |
Zabbix printer lookup by IP/FQDN |
Zabbix API
- Config File:
includes/zabbix.asp - Used For: Printer supply levels, host monitoring
- Credentials: See
secrets.md
Gitea (Version Control)
- URL:
http://localhost:3000 - Repo:
cproudlock/shopdb - Credentials: See
secrets.md
Testing
Run Form Tests
After making changes to ASP pages, run the test suite to verify all forms work:
./tests/test_forms.sh
Tests 41 endpoints: page loads, add forms, create operations (notifications, equipment, printers, subnets, applications, KB articles, vendors, models, network devices), and API endpoints.
Cleanup test data:
docker exec dev-mysql mysql -u root -prootpassword shopdb -e "DELETE FROM notifications WHERE notification LIKE 'AUTOTEST_%';"
# (similar for other tables - see tests/cleanup_test_data.sql)
Quick Reference
Start Dev Environment
~/start-dev-env.sh
~/status-dev-env.sh
Git Commands
cd /home/camp/projects/windows/shopdb
git status
git add .
git commit -m "message"
git push
Test a Page
curl -s http://192.168.122.151:8080/pagename.asp | head -50