Development » PHPAnalysis
Login|Register|Print
Advanced Wiki Search

Analysing PHP applications

Static analysis of a PHP application is achieved by parsing a PHP application, building lists of program constructs (functions, methods and classes) which are declared in the application and comparing them with lists of program constructs that are referenced (called, invoked, instantiated) to give a set of 'missing' constructs.

The list of 'missing' constructs is compared against the sMash PHP implementation and against known PHP constructs. To determine whether a construct has been implemented in sMash the functions function_exists(), class_exists() and method_exists() are used against the instance of sMash that is being executed. The results of doing this can be regarded as a 'best guess'; the guess an optimistic one because there may be skeleton implementations of classes, methods etc in sMash for some time before a construct is formally supported. The list of constructs supported in sMash is given here ProjectZero under the documentation tab in the Developer's Guide.

To determine whether or not a construct is part of PHP it is compared against the function summary index of the PHP manual. Since not every function, method or class method is listed in the index the result also represents a 'best guess', but in this case a pessimistic one.

Running the PHP analyzer

The PHP analyzer is a Project Zero (WebSphere Smash) application. It currently requires a Monza driver.

Once you have a Monza CLI installed, you can get the analyser from the the Project Zero repository using: 

zero create appscanner from zero.analyzer.php

The code is checked in the ProjectZero repository under MODULES/zero.analyzer.php.

Starting the application and navigating to http://localhost:8080 will give a screen that looks like this:

appscanner.png
Application scanner start-up screen

In the first box, enter the full path name of the top level directory that contains your application source code. The default behaviour of the scanner is to analyze all files that end with .inc, .php, .htm and .html. Additional file types can be requested by adding a comma separated list in the second box on the screen.

Pressing the submit button initiates the scan, analysis can take some time for large applications. The analyzer prints a '.' for every 5 files it scans.

After analysis is complete, navigate to the results screen. There are two option on this screen. If the 'verbose' button is checked all of the missing constructs will be displayed, including those for which there is believed to be an implementation in sMash; this can be quite a lot of output. If the 'verbose' button is not checked that analyzer just lists constructs which are not declared in the application source and are not implemented in sMash.

The second option is to write the output to a file. The file output is always verbose and is written in .csv format.

Internal and development information

Information useful to developers of the PHP application scanner can be found in the child topic PHPAnalysisDeveloper

  Attachment Action Size Date Who Comment
png appscanner.png props, move 17.5 K 30 Jul 2009 - 11:52 zoe front screen of scanner
r13 - 17 Aug 2009 - 12:54:57 - robinf
Quick Links: Forum | Bugzilla| Blog| Getting Started| Developer's Guide| FAQ
Syndicate this site RSS ATOM
Copyright 2007 © IBM Corporation | Privacy | Terms of Use | About this site