Page tree
Skip to end of metadata
Go to start of metadata

Summary: This page explains how to prepare and configure the analysis of your PHP source code.

PHP Installation

The PHP extension requires that PHP (which includes all third-party items such as Code Sniffer) is installed on the analysis machine before an analysis is run: PHP is bundled with the PHP extension (third party PHP installations are not compatible with the PHP extension and must be removed and replaced with PHP bundled with the PHP extension).

In PHP 1.1.x and above, new versions of the Code Sniffer and PHPMD third party items are delivered with the extension, which must be installed before an analysis is run, therefore please take note of the important information listed below:

  • If you have already installed a previous version of the PHP extension (for example PHP 1.0.x and legacy releases prior to PHP 1.0) on your analysis machine and already have a functioning PHP install from that extension, please ensure that you uninstall PHP before proceeding with the instructions below. To remove the PHP installation provided with the PHP extension, you simply need to delete the folder into which it was installed (by default this is usually set to C:\php).
  • Please check that you do not have an existing third party (i.e. not provided by CAST) installation of PHP on this machine (particularly if you have never installed any version of the PHP extension on your analysis machine). If a third party version already exists, please follow the PHP uninstall procedure for the install method that was used, before proceeding with the instructions below. Third party PHP installations are not compatible with the PHP extension.

The following steps describe how to install PHP to the analysis machine:

  • Go to the "TOOLS" folder - this folder is created after unpacking the extension archive file.
  • Inside the "php_sniffer_install" folder, open the file "PHPINSTALL.bat" in edit mode.

  • Set the values in the variables SET PHPINSTL_DRIVE and SET PHPINSTL_DIR. In the example below, PHP will be installed to C:\php

REM *****************************************************
REM Specify the Directory where PHP would be installed **
REM Specify the directory where PHP would be installed **
REM A directory PHP would be created inside it.        **
REM *****************************************************
set local_path=%0
set batch_path=%~dp0
set local_path=%local_path:PHPINSTALL.bat=%
set local_path=%local_path:"=%
SET PHPINSTL_DRIVE=C:
SET PHPINSTL_DIR=%PHPINSTL_DRIVE%\php
  • Save and close the batch file "PHPINSTALL.bat"

  • Run the batch file  "PHPINSTALL.bat" - this will start the installation process. Please follow below the installation process steps:
    • When prompted: "Are your installations a system wide PEAR or a local copy ?", two choices are available: system or local. Both installation types are OK for the PHP extension, but CAST recommends the system wide installation.

    • When prompted: "Below is a suggested file layout for your new PEAR installation. To change individual locations, type the number in front of the directory.  Type 'all' to change all of them or simply press Enter to accept these locations."  The recommendation for this step is to type ENTER and therefore accept the default configuration.

  • Go to the "C:\Windows" folder and check if the "php.ini" file exists.
    •  If it does, add the following lines anywhere in the file:

;Increase of the memory of the Code Sniffer
memory_limit = 3072M
    • If the file "php.ini" does not exist, create it and add the following lines:
;Increase of the memory of the Code Sniffer
memory_limit = 3072M
  • Create a System Environment Variable called"PHP_HOME" with the value of the physical folder where PHP has been installed - for example "C:\php"
  • The installation is now complete.

The PHP installation needs to be completed once on each machine that will be used to analyze PHP.

Source code

Source code requirements

  • Only files with following extensions will be analyzed *.php; *.php4; *.php5; *.php6; *.inc; *.phtml 
    The *.yml and *.yaml extensions are also supported since PHP 1.1 for Symfony framework support
  • The analysis of XML and XSL files contained in the PHP application is not supported. 
  • The analysis of HTML and JavaScript source code is managed by the JEE or the .NET analyzer, to be configured in addition to the UA for PHP analysis

Source code preprocessing

PHP source code needs to be preprocessed so that CAST can understand it and analyze it correctly. In previous releases of the PHP extension, this preprocessing was a manual action that needed to be completed before the code was analyzed. However, in this release and all future releases, the code preprocessing is actioned automatically when an analysis is launched or a snapshot is generated (the code is preprocessed before the analysis starts). In other words you only need to package, deliver and launch an analysis/generate a snapshot for the preprocessing to be completed.

Note that the CAST Management Studio will use the LISA folder (see CAST Management Studio help for more information about this folder).

JRE and JAVA_HOME

In certain circumstances, the PHP extension requires a JAVA_HOME system environment variable to be present on the machine pointing to an installation of Java JRE 1.7, so that the preprocessor can run. See Prerequisites for more information.

Application Source code delivery and Snapshot generation 

When delivering your source code for analysis with CAST, you need to follow the same process as for technologies that are supported by CAST "out of the box". In other words:


Analysis results (Symfony Framework)

For an Application that uses the Symfony Framework, New Symfony Objects and links will be created:

  • PHP Symfony Controller Class
  • PHP Symfony Controller
  • PHP Symfony Service
  • PHP Symfony Route

In CAST Enlighten, all Symfony objects will appear under their respective folders as shown below :

PHP Symfony Controller Class

  • Supported scenario: If the Class name ends with Controller, we will create PHP Symfony Controller Class objects
  • Links:
    • PHP Symfony Controller Class ----Refer Link---> PHP Class
  • Limitations: Alternate syntax where you can give the class name that does not have suffix "Controller" is not supported

PHP Symfony Controller 

  • Supported scenario: If the method or function ends with suffix "Action", then PHP Symfony Controller Object will be created
  • Links:
    • PHP Symfony Controller --- Refer Link ---> PHP Symfony Route
    • PHP Symfony Controller --- Refer Link ---> PHP Method\Function

PHP Symfony Route

  • Supported scenario:
    • If a route has been declared in the yml file, a route object will be created
    • If a route has been declared in PHP file an annotation route object will be created as follows:
      • Default naming convention for route annotation when declared without name above class "<classname>_Class_Annotation_<number>"
      • Default naming convention for route annotation when declared without name above method "<methodname>_Method_Annotation_<number>"
  • Links:
    • PHP Symfony Route --- Call Link ---> PHP Symfony Controller

PHP Symfony Service

  • Supported scenario: If a service has been declared in the yml configuration files, PHP Symfony Service Object will be created
  • Links:
    • PHP Symfony Service --- Call Link ---> PHP Method
    • PHP Symfony Service  --- Call Link ---> PHP Property
    • PHP Symfony Service  --- Call Link ---> PHP Class constructor
  • Limitation: Inheritance is not supported while determining property setter or constructor injection - they need to be defined in the same class which is being referred to in the service

Errors and Warnings

The PHP configuration included in the extension uses external plugins. During the analysis, the Universal Analyzer or the plugin can throw errors or warnings. The table below list the most significant errors/warnings and lists a suggested remediation action:

ToolError or WarningAction
Analyzer & Code SnifferUA Plugin : No property (......) found in meta model for php...No action required. The analyzer is telling you that not all the properties are considered to be injected into the Analysis Service.
  • No labels