Adding a new PHP project

When you add a new PHP: Hypertext Preprocessor (PHP) project to the application, you specify the project name, browse to the working directory, and then specify the source roots and project dependencies. The project dependencies can also be set in the Project Dependencies tab of the project properties after the project has been created.

About this task

The steps in this topic direct you to complete all pages in the New Project Wizard (or New Application Wizard, if you are creating the project in it). However, some of the pages in the wizard are optional (required settings are complete when the Finish button is activated). Settings made in the wizard can be modified after project creation in the Properties view for a selected project. If you complete the New Project Wizard without completing optional pages, you can change the settings from those pages later on in the Properties view.

Note: For Classic ASP, only ISO-8859-1 (Western Europe), UTF-8, and UTF-16 character sets are supported.

Procedure

  1. In the Explorer view, select the application that you want to add the project to (if you have not already added an application, see Configuring applications).
  2. Complete one of these actions to open the New Project Wizard:
    1. Select File > Add Project > New Project from the main workbench menu.
    2. Right-click the selected application and choose Add Project > New Project from the context menu.
  3. In the Select Project Type page of the wizard, select PHP as the project type and then click Next to advance to the next wizard page.
  4. In the Project Sources wizard page:
    1. Identify the project sources. Project sources consist of the directories in which you find project files, and any additional individual files to include in the project.

      Name the project and specify the working directory. The Working Directory is the location in which the AppScan® Source project file (.ppf) will reside. It is also the base for all relative paths.

    2. Select Enable secrets for scanner to invoke scanning for secrets along with other relevant scanners.
      When invoked, the engine checks for hardcoded passwords, credit card numbers, and Social Security numbers (SSN) when those secrets are detected in the code being scanned.
    3. Click Add Source Root to specify a source code root and the directories or files to include or exclude from the scan.
      After adding the source root, you can exclude certain directories or files from it. To do this, select the directory or file (or multiselect these items) in the source root, right-click the selection, and then choose Exclude from the menu. If you include or exclude files, the icon to the left of the file name changes.
  5. PHP Project Configuration: In the PHP Document Root field, enter or browse to a directory that represents the root of your PHP application. This is the file system directory that is mapped to the site's base URL. If a PHP document root is not specified, the source root that was specified in the Project Sources page will be used.
  6. Optional: Set an Include Path. Include path directories are used to resolve relative paths to files used in PHP include statements (for example, include, include_once, require, require_once).
  7. Optional: Set a Class Include Path. Class include path directories are used to find files that contain PHP class definitions.
  8. Click Finish.

Example: Creating a new PHP project

About this task

This example shows you how to use the New Application Wizard to create a PHP project.

Procedure

  1. Complete one of these actions:
    • Select File > Add Application > Create a new application from the main menu bar.
    • In the Explorer view toolbar, click the Add Application Menu down-arrow button and select Create a new application from the menu.
    • In the Explorer view, right-click All Applications and then select Add Application > Create a new application from the menu.
  2. Enter a Name for the application.
  3. Browse to the Working Directory in which to save the application. The new application file name extension will be .paf.
  4. Click Next to configure the project.
  5. In the Select Project Type page of the wizard, select PHP as the project type and then click Next to advance to the next wizard page.
  6. In the Project Sources page:
    1. In the Name field, enter a name for the project - for example MyProject.
    2. In the Working Directory field, browse to the location in which you want to store the project file that will be created - for example, C:\Apps\MyProject.
    3. Click Add Source Root to add all directories that contain PHP files that should be scanned. For example, in the Select a File or Directory dialog box, browse to C:\Apps\MyProject\root and then click OK to close the dialog box.
    Click Next.
  7. In the PHP Project Configuration page:
    1. In the PHP Document Root field, enter or browse for the directory that represents the root of your PHP application. This is the file system directory that is mapped to the site's base URL. By default, this field pre-populates with the source root that was specified in the Project Sources page.
    2. Optional: Add include path directories. These are used to resolve relative paths to files used in PHP Include statements (for example, include, include_once, require, require_once).
    3. Optional: Add class path directories. These are used to find files that contain PHP class definitions.
  8. Click Finish. You now have a PHP project that is ready to be scanned.