Avaliação das ferramentas de análise estática de códigos PHP utilizando templates de websites eGov baseados em CMS

Diego Comis; Samuel Forrati; Maicon Bernardino; Elder de Macedo Rodrigues; João Pablo da Silva

doi:10.5753/eres.2022.227749

Diego Comis UNIPAMPA
Samuel Forrati UNIPAMPA
Maicon Bernardino UNIPAMPA https://orcid.org/0000-0003-2776-8020
Elder de Macedo Rodrigues UNIPAMPA
João Pablo da Silva UNIPAMPA

DOI: https://doi.org/10.5753/eres.2022.227749

Abstract

Static code analysis is a software verification technique, where a tool identifies defects prior to the execution of code snippets. This work proposes to analyze and compare some of these tools for PHP. To achieve this goal, five tools were selected among the 70 found, which passed criteria such as: having open source, providing documentation and covering code metrics. The tools were classified according to efficiency and effectiveness and their evaluation took place through tests with three projects in PHP for websites of the Federal Government of Brazil (eGOV), based on the CMS’s Drupal, Joomla and WordPress.

References

Boehm, B. W. (1976). Software engineering. IEEE Trans. Computers, 25(12):1226–1241.

Corporation, I. (2022). Dynamic analysis vs. static analysis. Disponível em: [link]. Acesso em 29 Jul. 2022.

DevMedia (2022). Como adotar a análise estática de código. Disponível em: [link]. Acesso em 13 Jul. 2022.

Dijkstra, E. (1979). Go to statement considered harmful. In Classics in software engineering (incoll), pages 27–33. Yourdon Press, Upper Saddle River, NJ, USA.

Fatima, A., Bibi, S., and Hanif, R. (2018). Comparative study on static code analysis tools for c/c++. In 15th International Bhurban Conference on Applied Sciences and Technology (IBCAST’18), pages 465–469.

Hovemeyer, D. and Pugh, W. (2004). Finding bugs is easy. SIGPLAN Not., 39(12):92–106.

Lima, Y., Fonseca, I., Chagas, J., Rodrigues, E., Bernardino, M., and Silva, J. (2021). Comparação de ferramentas de análise estática para detecção de defeitos de software usando mutantes. In V ERES’21, pages 159–168, Porto Alegre, RS, Brasil. SBC.

Louridas, P. (2006). Static code analysis. IEEE Software, 23(4):58–61.

Mafereka, M. and Winberg, S. (2017). Analysis and development of an online knowledge management support system for a community of practice: Comparing joomla, wordpress and drupal with regard to development of community of practice website. In International Conference on Information System and Data Mining, pages 6–10. ACM.

Metrics, P. (2022). Main metrics. Disponível em: [link]. Acesso em 20 Jul. 2022.

Muske, T., Talluri, R., and Serebrenik, A. (2018). Repositioning of static analysis alarms. In 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 187–197. ACM.

Rios, Emerson; Moreira Filho, T. (2013). Teste de software. Alta Books, third edition.

SECOM (2014). Manual de diretrizes identidade padrão de comunicação digital do poder executivo federal, versão 3.4.

Souza, I., Campello, L., Rodrigues, E., Guedes, G., and Bernardino, M. (2021). An Analysis of Automated Code Inspection Tools for PHP Available on Github Marketplace, pages 10-17. ACM, New York, USA.

Terra, R. and Bigonha, R. S. (2008). Ferramentas para análise estática de códigos java. Trabalho de Conclusão de Curso de Ciência da Computação da UFMG, page 63.

W3Techs (2022). Usage statistics of content management systems. Disponível em: https://w3techs.com/technologies/overview/content_management. Acesso em 16 Jul. 2022.

Zalas, J. (2022). Quality assurance tools for php | toolbox | phpqa. Disponível em: https://jakzal.github.io/toolbox. Acesso em 19 Jul. 2022.