Page tree
Skip to end of metadata
Go to start of metadata

Summary: This page explains how to prepare and configure the analysis of your PHP source code.

PHP Installation

The PHP extension requires that PHP is installed on the analysis machine. 


  • Please check that you do not have an existing third party (i.e. not provided by CAST) installation of PHP on your machine. If a version exists, please follow the PHP uninstall procedure for the install method that was used, before proceeding with the instructions below. Third party PHP installations are not compatible with the PHP extension.
  • If you have already installed version 1.0 of the PHP extension, have a functioning PHP install already from that extension, and are now installing a Service Pack (version 1.0.x) of the PHP extension, then you DO NOT need to re-install PHP: EXCEPT for PHP 1.0.2 where CAST has supplied updates to the PHP Code Sniffer installation (see PHP 1.0 - Release Notes) - in this case only, please delete the PHP installation folder to uninstall PHP from the previous version of the extension before proceeding with the instructions below.
  • If the existing installation was carried out by a previous legacy extension (i.e. prior to PHP 1.0), please delete the PHP installation folder to uninstall PHP before proceeding with the instructions below.

The following steps describe how to install PHP and Pear to the analysis machine:

  • Go to the "Tools" folder - this folder is created after unpacking the extension archive file.
  • Extract the archive "" into a folder called "php_sniffer_install"
  • Inside the "php_sniffer_install" folder, open the file "PHPINSTALL.bat" in edit mode.

  • Set the values in the variables SET PHPINSTL_DRIVE and SET PHPINSTL_DIR. In the example below, PHP and Pear will be installed to C:\php

REM *****************************************************
REM Specify the Directory where PHP would be installed **
REM Specify the directory where PHP would be installed **
REM A directory PHP would be created inside it.        **
REM *****************************************************
  • Save and close the batch file "PHPINSTALL.bat"

  • Run the batch file  "PHPINSTALL.bat" - this will start the installation process. Please follow below the installation process steps:
    • When prompted: "Are your installations a system wide PEAR or a local copy ?", two choices are available: system or local. Both installation types are OK for the PHP extension, but CAST recommends the system wide installation.

    • When prompted: "Below is a suggested file layout for your new PEAR installation. To change individual locations, type the number in front of the directory.  Type 'all' to change all of them or simply press Enter to accept these locations."  The recommendation for this step is to type ENTER and therefore accept the default configuration.

  • Go to the "C:\Windows" folder and check if the "php.ini" file exists.
    •  If it does, add the following lines anywhere in the file:

;Increase of the memory of the Code Sniffer
memory_limit = 3072M
    • If the file "php.ini" does not exist, create it and add the following lines:
;Increase of the memory of the Code Sniffer
memory_limit = 3072M
  • Create a System Environment Variable called"PHP_HOME" with the value of the physical folder where PHP has been installed - for example "C:\PHP"
  • The installation is now complete.

The PHP installation needs to be completed once on each machine that will be used to analyze PHP.

Source code

Source code requirements

  • Only files with following extensions will be analyzed *.php; *.php4; *.php5; *.php6; *.inc; *.phtml
  • The analysis of XML and XSL files contained in the PHP application is not supported. 
  • The analysis of HTML and JavaScript source code is managed by the JEE or the .NET analyzer, to be configured in addition to the UA for PHP analysis

Source code preprocessing

PHP source code needs to be preprocessed so that CAST can understand it and analyze it correctly. In previous releases of the PHP extension, this preprocessing was a manual action that needed to be completed before the code was analyzed. However, in this release and all future releases, the code preprocessing is actioned automatically when an analysis is launched or a snapshot is generated (the code is preprocessed before the analysis starts). In other words you only need to package, deliver and launch an analysis/generate a snapshot for the preprocessing to be completed.

Note that the CAST Management Studio will use the LISA folder (see CAST Management Studio help for more information about this folder).

Manual preprocessing

If for any reason you are requested to manually preprocess the PHP source code before you package and deliver it, then you can do so as follows:

  • Place all of the source code into the Tools\PHP_PreProcessor\input folder - this folder is created after unpacking the extension archive file.
  • Run Tools\PHP_PreProcessor\launch.bat
  • The resulting preprocessed code will be placed in the Tools\PHP_PreProcessor\output folder - the source code in this folder needs to be packaged in the CAST Delivery Manager Tool.

Application Source code delivery and Snapshot generation 

When delivering your source code for analysis with CAST, you need to follow the same process as for technologies that are supported by CAST "out of the box". In other words:

Errors & Warnings

The PHP configuration included in the extension uses external plugins. During the analysis, the Universal Analyzer or the plugin can throw errors or warnings. The table below list the most significant errors/warnings and lists a suggested remediation action:

ToolError or WarningAction
Analyzer & Code SnifferUA Plugin : No property (......) found in meta model for php...No action required. The analyzer is telling you that not all the properties are considered to be injected into the Analysis Service.
  • No labels