As the PHP implementation in Project Zero gets more complete it's possible to run quite a few significant applications. It would be nice to know in advance how likely it is that a PHP application would run on Project Zero - without investing a whole lot of time in trying to run it. Well, now you can.
There is a new Project Zero application which will scan your application and tell you whether it thinks it will run on Project Zero. The way it does this is to extract information from the Project Zero PHP parser - for instance it finds out the names of functions that are declared in the application and compares them with the names of functions that are invoked. If the application scanner finds that a function is invoked by the application but is not declared by it, it uses function_exists() to figure out if it is implemented in Project Zero's PHP. Similar analysis is carried out for classes and methods in the application.
The instructions for extracting and running the scanner are here. They assume that you already have a working version of Project Zero.
One of the reasons that I wrote this was that I wanted to figure out if PHPUnit would run on Project Zero. This led to a horrible chicken and egg situation in that I can't write PHP without PHPUnit and most of the scanner is written in PHP. In the end I had to inch forward on both tasks simultaneously, with the final benefit that I worked out how to use PHPUnit at the same time as writing the scanner. The instructions for running PHPUnit are here. I'm not claiming full support for PHPUnit in Project Zero - but there is enough to be able to test PHP classes as you write them.
The application scanner can't say definitely whether an application will run or not, this is because it is using static analysis. However it gives enough information to be able to tell whether it's worth trying or whether you should mail the Project Zero team with your scan results and ask them when they think they will have support for your app :-)
Friday 31 July 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment