The PHP extension requires that PHP (which includes all third-party items such as Code Sniffer) is installed on the analysis machine before an analysis is run: PHP is bundled with the PHP extension (third party PHP installations are not compatible with the PHP extension and must be removed and replaced with PHP bundled with the PHP extension.
PHP 1.1.x bundles new versions of the Code Sniffer and PHPMD third party items with PHP (see PHP 1.1 - Release Notes), which must be installed before an analysis is run, therefore please take note of the important information listed below:
- If you have already installed a previous version of the PHP extension (for example PHP 1.0.x and legacy releases prior to PHP 1.0) on your analysis machine and already have a functioning PHP install from that extension, please ensure that you uninstall PHP before proceeding with the instructions below. To remove the PHP installation provided with the PHP extension, you simply need to delete the folder into which it was installed (by default this is usually set to C:\php).
- Please check that you do not have an existing third party (i.e. not provided by CAST) installation of PHP on this machine (particularly if you have never installed any version of the PHP extension on your analysis machine). If a third party version already exists, please follow the PHP uninstall procedure for the install method that was used, before proceeding with the instructions below. Third party PHP installations are not compatible with the PHP extension.
The following steps describe how to install PHP to the analysis machine:
- Go to the "TOOLS" folder - this folder is created after unpacking the extension archive file.
- Extract the archive "php_sniffer_install.zip" into a folder called "php_sniffer_install"
Inside the "php_sniffer_install" folder, open the file "PHPINSTALL.bat" in edit mode.
Set the values in the variables SET PHPINSTL_DRIVE and SET PHPINSTL_DIR. In the example below, PHP will be installed to C:\php
Save and close the batch file "PHPINSTALL.bat"
- Run the batch file "PHPINSTALL.bat" - this will start the installation process. Please follow below the installation process steps:
When prompted: "Are your installations a system wide PEAR or a local copy ?", two choices are available: system or local. Both installation types are OK for the PHP extension, but CAST recommends the system wide installation.
When prompted: "Below is a suggested file layout for your new PEAR installation. To change individual locations, type the number in front of the directory. Type 'all' to change all of them or simply press Enter to accept these locations." The recommendation for this step is to type ENTER and therefore accept the default configuration.
- Go to the "C:\Windows" folder and check if the "php.ini" file exists.
If it does, add the following lines anywhere in the file:
- If the file "php.ini" does not exist, create it and add the following lines:
- Create a System Environment Variable called"PHP_HOME" with the value of the physical folder where PHP has been installed - for example "C:\php"
The installation is now complete.
Source code requirements
- Only files with following extensions will be analyzed *.php; *.php4; *.php5; *.php6; *.inc; *.phtml
The *.yml and *.yaml extensions are also supported since PHP 1.1 for Symfony framework support
- The analysis of XML and XSL files contained in the PHP application is not supported.
Source code preprocessing
PHP source code needs to be preprocessed so that CAST can understand it and analyze it correctly. In previous releases of the PHP extension, this preprocessing was a manual action that needed to be completed before the code was analyzed. However, in this release and all future releases, the code preprocessing is actioned automatically when an analysis is launched or a snapshot is generated (the code is preprocessed before the analysis starts). In other words you only need to package, deliver and launch an analysis/generate a snapshot for the preprocessing to be completed.
If for any reason you are requested to manually preprocess the PHP source code before you package and deliver it, then you can do so as follows:
- Place all of the source code into the Tools\PHP_PreProcessor\input folder - this folder is created after unpacking the extension archive file.
- Run Tools\PHP_PreProcessor\launch.bat
- The resulting preprocessed code will be placed in the Tools\PHP_PreProcessor\output folder - the source code in this folder needs to be packaged in the CAST Delivery Manager Tool.
Application Source code delivery and Snapshot generation
When delivering your source code for analysis with CAST, you need to follow the same process as for technologies that are supported by CAST "out of the box". In other words:
- Registering new domains and applications in the CAST AIC Portal
Add and Deliver Application code source - when you create and configure a new package in the CAST Delivery Manager Tool, choose the option Files on your file system as the source location in the Add package wizard:
- Return to the CAST Management Studio and:
- View the results in the CAST Health Dashboard or the CAST Engineering Dashboard.
Analysis results (Symfony Framework)
For an Application that uses the Symfony Framework, New Symfony Objects and links will be created:
- PHP Synfony Controller Class
- PHP Synfony Controller
- PHP Synfony Service
- PHP Synfony Route
In CAST Enlighten, all Symfony objects will appear under their respective folders as shown below :
PHP Symfony Controller Class
- Supported scenario: If the Class name ends with Controller, we will create PHP Symfony Controller Class objects
- PHP Symfony Controller Class ----Refer Link---> PHP Class
- Limitations: Alternate syntax where you can give the class name that does not have suffix "Controller" is not supported
PHP Symfony Controller
- Supported scenario: If the method or function ends with suffix "Action", then PHP Symfony Controller Object will be created
- PHP Symfony Controller --- Refer Link ---> PHP Symfony Route
- PHP Symfony Controller --- Refer Link ---> PHP Method\Function
PHP Symfony Route
- Supported scenario:
- If a route has been declared in the yml file, a route object will be created
- If a route has been declared in PHP file an annotation route object will be created as follows:
- Default naming convention for route annotation when declared without name above class "<classname>_Class_Annotation_<number>"
- Default naming convention for route annotation when declared without name above method "<methodname>_Method_Annotation_<number>"
- PHP Symfony Route --- Call Link ---> PHP Symfony Controller
PHP Symfony Service
- Supported scenario: If a service has been declared in the yml configuration files, PHP Symfony Service Object will be created
- PHP Symfony Service --- Call Link ---> PHP Method
- PHP Symfony Service --- Call Link ---> PHP Property
- PHP Symfony Service --- Call Link ---> PHP Class constructor
- Limitation: Inheritance is not supported while determining property setter or constructor injection - they need to be defined in the same class which is being referred to in the service
Errors and Warnings
The PHP configuration included in the extension uses external plugins. During the analysis, the Universal Analyzer or the plugin can throw errors or warnings. The table below list the most significant errors/warnings and lists a suggested remediation action:
|Tool||Error or Warning||Action|
|Analyzer & Code Sniffer||UA Plugin : No property (......) found in meta model for php...||No action required. The analyzer is telling you that not all the properties are considered to be injected into the Analysis Service.|