codescrubber is a static analyzer for PHP source code. It spots bugs in PHP programs that are not apparent until the program is run.
codescrubber runs on Linux operating systems Ubuntu 14 and Ubuntu 16.
Use apt
to install codescrubber.
sudo apt-key adv --fetch-keys http://apt.codescrubber.com.s3-website-us-east-1.amazonaws.com/codescrubber.key sudo apt-add-repository 'http://apt.codescrubber.com.s3-website-us-east-1.amazonaws.com trusty main' sudo apt-get update sudo apt-get install codescrubber-php
sudo apt-key adv --fetch-keys http://apt.codescrubber.com.s3-website-us-east-1.amazonaws.com/codescrubber.key sudo apt-add-repository 'http://apt.codescrubber.com.s3-website-us-east-1.amazonaws.com xenial main' sudo apt-get update sudo apt-get install codescrubber-php
codescrubber looks for its license key in an environment variable named CS_KEY
.
Once you buy a license key, create an environment variable for the
license. This can be done in many ways:
CS_KEY=... codescrubber_php --directory=...
export CS_KEY=...
codescrubber is a command line program. It accepts options via the command line. Once the program starts, it will analyze the given files for errors (bugs) and print out each bug found to the console, one bug per line. If codescrubber encounters at least 1 error that is not suppressed, then codescrubber will exit witn an exit code of 1. If codescrubber finds zero errors, or all errors are suppressed, then codescrubber exits with an exit code of zero (0). codescrubber will not stop checking files if it encounters errors. codescrubber accepts the following arguments:
*.php
.
For example, the following wildcard expression includes all files with extensions phtml, php, php3, as well
as files prefixed with "class.".
*.phtml;class.*.php;*.php3?
Include wildcards are only used when --directory is specified. See wildcards for more info.
tmp/*;*.cache.php
.
Exclude wildcards are only used when --directory is specified.
Exclude wildcards are optional. See wildcards for more info.
2
is just an example, you can define up to 20 different source directories.
2
is just an example, you can define up to 20 different library directories.
The INI file that is given to --config can have any option that is accepted in the command line. The only exception is that libraries and sources directories are "grouped" with their include/exclude wilcard pairs. A quirk with this is relative paths. If a source (or library) is a relative path, it is considered relative to the current working directory where the command is run from. See this example:
# This is a sample codescrubber.ini file. It can be checked into your source # control repo so that all your team plus your Continuous Integration environment # uses the same settings. check_variables=true check_identifiers=true php_version=5.3 suppression_file=codescrubber-php/tests/php_fixtures/suppressions.ini [source_1] root_directory=codescrubber-php/tests/php_fixtures include=*.php;*.phtml exclude=*/tmp/* [library_1] root_directory=codescrubber-php/tests/lib include=*.php;*.phtml exclude=*/tmp/*
A suppression file is used to skip over errors that codescrubber would otherwise notify you of. This is of great utility when you are working with legacy code; you run codescrubber on an existing project and craft a suppression file that ignores all errors. Then, on future program runs, codescrubber will show only newly introduced errors. This setup gives you the benefit of static analysis without needing to fix all existing errors.
Each supression is in its own line, in comma-separated form. Each line has 3 columns: type, target, location Examples:
# type, target, location SKIP_UNKNOWN_CLASS,Couchbase,/home/user/www/project SKIP_ALL,,/home/user/www/project/vendor
Possible types
target is the name of variable, function, class to ignore. location is the full path or drectory where the error to ignore is located in.
An wilcard expression can contain multiple wildcard expressions; where each expression has only 3 wildcard symbols:
tmp/*;*.cache.php
.
A wildcard is matched against the entire file path, meaning that the wildcard mechanism
can be used to include or exclude entire sub-directories.