Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Once the extension is downloaded and installed, you can now package your source code and run an analysis. The process of preparing and delivering your source code is described below.

Upgrading from previous releases of the PHP Analyzer

Previous releases of the PHP Analyzer required that an instance of PHP was installed on the AIP Node (i.e. the machine on which the analysis is run). This requirement has been removed in ≥ 3.1.0. The PHP Analyzer now uses an instance of PHP embedded within the extension.

...

Prepare and deliver the source code

Once the extension is downloaded and installed, you can now package your source code and run an analysis. The process of preparing and delivering your source code is described below:

Source code preparation

...

Therefore, please note the following:

  • If you have already installed a previous version of the PHP Analyzer on your AIP Node and already have a functioning PHP install from that extension, please ensure that you uninstall PHP before proceeding with the instructions below. To remove the PHP installation provided with the PHP Analyzer:
    • delete the folder into which it was installed (by default this is usually set to C:\php).
    • delete the system environment variable PHP_HOME
  • Please check that you do not have an existing third party (i.e. not provided by CAST) installation of PHP on this machine. If a third party installation of PHP already exists, please follow the PHP uninstall procedure for the install method that was used, before starting an analysis. Third party PHP installations are not compatible with the PHP extension.

Prepare and deliver the source code

Source code preparation

  • Only files with following extensions will be analyzed *.php; *.php4; *.php5; *.php6; *.inc; *.phtml. The *.yml and *.yaml extensions are also supported for Symfony framework.
  • The analysis of XML and XSL files contained in the PHP application is not supported. 
  • The analysis of any HTML and JavaScript source code delivered with the PHP code is managed by the HTML and JavaScript extension / .NET analyzer, to be configured in addition to the PHP analysis.

...

PHP source code needs to be preprocessed so that CAST can understand it and analyze it correctly. In previous releases of the PHP extension, this preprocessing was a manual action that needed to be completed before the code was analyzed. However, in this release and all future releases, the code preprocessing is actioned automatically when an analysis is launched or a snapshot is generated (the code is preprocessed before the analysis starts). In other words you only need to package, deliver and launch an analysis/generate a snapshot for the preprocessing to be completed.

...

This code preprocessing is actioned automatically when an analysis is launched or a snapshot is generated (the code is preprocessed before the analysis starts). In other words you only need to package, deliver and launch an analysis/generate a snapshot for the preprocessing to be completed. The PHP Preprocessor log file is stored in the following location:

Code Block
%PROGRAMDATA%\CAST\CAST\Logs\<application_name>\Execute_Analysis_<guid>\com.castsoftware.php.<_extension_version>.prepro_YYYYMMDDHHMMSS.log


Info
Note that the LISA folder will be used to analyze the preprocessed files.

Short tags

PHP short tags <? and <?= in the delivered source code cannot be handled as is, therefor the analyzer will automatically convert them to <?php tags with an added comment, for example: <?=$string?> will be transformed into <?php /*php short tag*/echo $string>.

Deliver the source code

Using AIP Console

...

The following structural rules are provided:

...