This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

Analysis of XML and XSL files contained in the PHP application

The analysis of XML and XSL files contained in the PHP application is not supported. Any links between these files and any other file in the application will not be detected. This will impact the results of all the Quality Rules using these files.

Analysis of very big PHP applications

Very big PHP applications might need to be divided and analyzed in multiple small analyses instead of one analysis for the entire application.  

Support of JavaScript source code

The PHP Configuration pack does not support JavaScript and as such, any JavaScript source code located in .PHP or JavaScript  files will not be analyzed. CAST recommends using the .NET Analyzer to analyze JavaScript files in the source code.

Support of PHTML files

PHTML files are supported with some limitations. If the files contain calls to functions or methods defined in other files and these other files are not specifically included, then these links will be lost.

Support of UNICODE

Unicode is supported in the current version of PHP Language Pack

Links between PHP and database objects

Calls to database objects from PHP are not typed (for example Us (Use Select), Ui (Use Insert)) - instead all calls are recorded as U links.

If a php class has members declared on the same line, only the first member will be detected. For example:

class Test {

public $first, $second, $third;

}

After analysis only object for "first" will be created.

Links between methods

The PHP extension is not able to distinguish between identically named methods in an Application, therefore, when a Method "A" calls a Method "B" that has multiple copies with the same name, links will be created between Method "A" and all the methods named "B".

Limitations specific to Quality Rules

  • Avoid artifacts having recursive calls (7388 - a standard CAST Quality Rule) - in some cases, a false positive may be detected: a call to a parent function can be detected as a recursive call.
  • Avoid using break statement in FOR loops (1007176 - PHP) - if the break statement is located in JavaScript functions, no violations will be detected. JavaScript source code located in .PHP or JavaScript files is not analyzed (see limitation listed above).
  • Avoid using exit and die expression (1007158 - PHP) - a violation will only be detected when the exit and die expression is defined within a PHP class or function.