Releases: SonarSource/sonar-php
3.40.0.12590
Release notes - SonarPHP - 3.40
False Positive
SONARPHP-1535 S1172 should not raise an issue on throwaway variables
Improvement
SONARPHP-1578 Updating to SONAR Source-Available License v1.0 (SSALv1)
3.39.0.12526
Release notes - SonarPHP - 3.39
New Feature
SONARPHP-1369 S6418: Hard-coded secrets are security-sensitive
SONARPHP-1533 Support Disjunctive Normal Form Types (PHP 8.2 feature)
SONARPHP-1543 Support Property hooks (PHP 8.4 feature)
SONARPHP-1544 Support new without parentheses
3.38.0.12239
Release notes - SonarPHP - 3.38
New Feature
SONARPHP-1017 S5797: Constants should not be used as conditions
Improvement
SONARPHP-1471 Adopt the new Clean Code Taxonomy
3.37.0.12086
Release notes - SonarPHP - 3.37
Bug
SONARPHP-1498 Crash (Stack Overflow) when scanning a file from the Drupal project
SONARPHP-1503 PHPstan report is not imported UnsupportedOperationException: null
False-Positive
SONARPHP-1508 S1764 should not report exponent operator "**"
New Feature
SONARPHP-1505 Add STIG metadata support
SONARPHP-1509 Implement a FrameworkDetectionVisitor to identify usage of the Drupal framework
SONARPHP-1512 Allow users to deactive the Drupal Framework detection and adaption of rules
Improvement
SONARPHP-1502 Import of PHPUnit test reports should allow specifying multiple files
SONARPHP-1510 Adapt S100 to change the default pattern based on the identified Framework
SONARPHP-1511 Adapt S1781 to change the behavior based on the identified Framework
SONARPHP-1513 Scanner constructor should be provided a charset directly instead of its name
SONARPHP-1514 S1131 should skip lines with very common last characters
SONARPHP-1516 Analyzer should avoid pattern recompilation
SONARPHP-1517 Remove the usage of `LinkedList` in `IteratorUtils`
3.36.0.11813
Release notes - SonarPHP - 3.36
- Update rule descriptions
3.35.0.11659
Release notes - SonarPHP - 3.35
Bug
SONARPHP-1491 Ensure CPD tokens for readonly property promotion are submitted in the right order
False-Positive
SONARPHP-1381 S905 should not raise issue on string concatenation if separate function is called
SONARPHP-1383 FP S5856 Regex: Expected octal digit, but found '\'
SONARPHP-1390 S5328 should not raise issue in specific case when session id is not user supplied
SONARPHP-1391 S2068 should not raise issue on invalid uri
SONARPHP-1395 S122 should have a clearer message in case of multiple function expressions per line
SONARPHP-1399 S3699 Do not raise issue when method is overridden
SONARPHP-1453 S3415 should not raise an issue when expected is a field of a parameter
SONARPHP-1490 S2201: ignored return value of strtok() should not be reported as an issue
False Negative
SONARPHP-1400 S4423 should raise if sensitive value is assigned into an existing array
Improvement
SONARPHP-1414 S1820 include promoted property in our count of fields
SONARPHP-1415 S107 adapt rule to exclude promoted properties in its count
SONARPHP-1467 S4144 Align logic for top-level functions and class methods
SONARPHP-1480 Deprecate rule S6339
SONARPHP-1486 Deprecate rule S4792
SONARPHP-1495 S1820 should not count constants as fields
3.34.0.11311
SonarPHP - 3.34
Improvement
SONARPHP-1468 Use Java 17 to build project
SONARPHP-1477 Support on-demand plugin downloading
3.33.0.11274
Release notes - SonarPHP - 3.33
- Update rule descriptions to include Learn as You Code changes
False-Positive
SONARPHP-1476 S1144 should not raise an issue when a magic method is available via a trait
3.32.0.10180
Release notes - SonarPHP - 3.32
Bug
SONARPHP-1374 Wrong line detected for S1757
SONARPHP-1441 Solve ruling test results due to nondeterministic symbol creation
False-Positive
SONARPHP-1373 S2046 should not raise an issue for a shebang line
SONARPHP-1379 S4144 should not raise an issue when number of parameters or declared return type differ
SONARPHP-1387 S5899 public static methods should not raise issue on test discoverable
SONARPHP-1394 S115 raises issue if namespace is defined in constant
SONARPHP-1396 S5785 assertSame is suggested, but assertTrue will be better
SONARPHP-1397 S125 should not be raised on annotations that follow a comment opener
SONARPHP-1401 S2187 should not raise an issue when there are test methods in a parenting test class
SONARPHP-1407 S1185 should not raise an issue when method input parameters have different type declarations or change in signature visibility
SONARPHP-1408 S1144 should not raise an issue when a private method is called externally via the magic method __call()
SONARPHP-1412 S1848 Allow object creation for format validation when used in try-catch block
SONARPHP-1413 S2187 does not recognize test methods with attributes
SONARPHP-1440 S1144 raises an issue when a private method is used as a first class callable
Improvement
SONARPHP-1366 Get rid of `SetUtils::immutableSetOf`
SONARPHP-1376 Change title of S1200 and add secondary location to clarify detection logic
SONARPHP-1377 S1131 should only highlight the useless trailing whitespace
SONARPHP-1410 S117 allow use of underscore in variables
SONARPHP-1460 S4144 Add exceptions for simple return statements
3.31.0.9993
Release notes - SonarPHP - 3.31
False-Positive
SONARPHP-1378 S2001 should not raise an issue in case the FQN is not a deprecated function name
SONARPHP-1385 S3415 wrong arguments order in assertInstanceOf
SONARPHP-1386 S3415 wrong arguments order in assertSame($expected, $actual);
SONARPHP-1392 S1451 raises issue when header is included
New Feature
SONARPHP-1411 Support Anonymous readonly classes
SONARPHP-1430 Add support for typehinting class constants
Improvement
SONARPHP-1143 Remove dependency on guava
SONARPHP-1422 Make use of `InputFile::md5Hash()` for Streamlined File Fingerprinting