Releases: SonarSource/sonar-php
Releases · SonarSource/sonar-php
SonarPHP 3.15.0.7197
New Feature
- [SONARPHP-952] - Rule S2755: XML parsers should not be vulnerable to XXE attacks
- [SONARPHP-1102] - Rule S5332: Using clear-text protocols is security-sensitive
- [SONARPHP-1103] - Rule S5042: Expanding archive files is security-sensitive
- [SONARPHP-1104] - Rule S5808: Authorizations should be based on strong decisions
- [SONARPHP-1105] - Rule S2612: Setting loose file permissions is security-sensitive
- [SONARPHP-1106] - Rule S4502: Disabling CSRF protections is security-sensitive
- [SONARPHP-1107] - Rule S5693: Allowing requests with excessive content length is security-sensitive
- [SONARPHP-1112] - Rule S5122: Having a permissive Cross-Origin Resource Sharing policy is security-sensitive
- [SONARPHP-1114] - Rule S5876: A new session should be created during user authentication
Task
- [SONARPHP-1125] - Remove deprecated API: PHPCustomRulesDefinition
SonarPHP 3.14.0.6990
Bug
- [SONARPHP-1073] - Parsing issue message should be readable
- [SONARPHP-1084] - Parse error on named argument using keyword value
- [SONARPHP-1116] - No symbol is created for lower case superglobals
- [SONARPHP-1121] - Qualified name of class member symbol should be case sensitive
Improvement
- [SONARPHP-896] - Update S126 to add an exception
- [SONARPHP-1087] - Deactivate ASP-like opening tags in parser
False-Positive
- [SONARPHP-1115] - Revise rule S3358 to exclude shorthand ternary operator
- [SONARPHP-1117] - FP on S2115 where a variable is reassigned using "list"
SonarPHP 3.13.0.6849
Improvement
- [SONARPHP-1086] - S1862: Add a message on the secondary location
- [SONARPHP-1089] - S1763: Add a message on the secondary location
- [SONARPHP-1090] - S1192: Add a message on the secondary location
- [SONARPHP-1091] - S1117: Add a message on the secondary location
- [SONARPHP-1092] - S1142: Add a message on the secondary location
- [SONARPHP-1093] - S110: Add a message on the secondary location
- [SONARPHP-1094] - S1045: Add a message on the secondary location
- [SONARPHP-1095] - S5632: Add a message on the secondary location
- [SONARPHP-1096] - S930: Add a message on the secondary location
- [SONARPHP-1097] - S5708: Add a message on the secondary location
- [SONARPHP-1098] - S5713: Add a message on the secondary location
- [SONARPHP-1099] - S3699: Add a message on the secondary location
- [SONARPHP-1100] - S3415: Add a message on secondary locations
- [SONARPHP-1101] - S3801: Add a message on the secondary location
SonarPHP 3.12.0.6710
Bug
- [SONARPHP-1081] - Parsing error on capitalized __Construct method with property promotion
- [SONARPHP-1083] - NPE in S2001 "PHPDeprecatedFunctionUsageCheck"
New Feature
- [SONARPHP-1082] - Add fully-qualified class names to declared types.
Improvement
- [SONARPHP-1072] - Update SSLR to 1.24
False-Positive
- [SONARPHP-1079] - FP on EmptyMethodCheck for PHP 8 Constructor Property Promotion
- [SONARPHP-1080] - FP on UnusedFunctionParametersCheck for PHP 8 Constructor Property Promotion
3.11.0.6645
Bug
- [SONARPHP-1055] - S1451 should not crash on short files
- [SONARPHP-1077] - OufOfMemory in InheritanceDepthCheck
Task
- [SONARPHP-1060] - Update README with PHP 8 support
- [SONARPHP-1075] - S4784 should be deprecated because it's too noisy
Improvement
- [SONARPHP-1034] - Parser should handle union types
- [SONARPHP-1035] - Parser should handle new nullsafe operator syntax
- [SONARPHP-1036] - Parser should handle named arguments
- [SONARPHP-1037] - Parser should handle new annotation attribute syntax
- [SONARPHP-1038] - Parser should handle match expression
- [SONARPHP-1039] - Parser should handle constructor property promotion
- [SONARPHP-1040] - Parser should handle new static return type
- [SONARPHP-1041] - Parser should handle new mixed type
- [SONARPHP-1042] - Parser should handle new throw expression syntax
- [SONARPHP-1044] - Parser should handle ::class on objects
- [SONARPHP-1045] - Parser should handle non-capturing catches
- [SONARPHP-1046] - Parser should handle trailing comma in parameter lists
- [SONARPHP-1047] - Parser should handle trailing comma in closure use lists
- [SONARPHP-1054] - Adapt existing rules to named arguments
3.10.0.6474
Bug
- [SONARPHP-983] - Object instantiation with method should raise parser error
- [SONARPHP-1032] - S3699: Issue message contains "null" due to wrong method name resolving
- [SONARPHP-1033] - StackOverflow in S1764 IdenticalOperandsInBinaryExpressionCheck
- [SONARPHP-1052] - StackOverflow when scanning Abantecart
Task
- [SONARPHP-1048] - Fix outdated URLs in pom.xml
- [SONARPHP-1050] - Update orchestrator to version 3.30.0.2630
False-Positive
- [SONARPHP-885] - S2077: Resolve variable constant values to avoid noisy issues
- [SONARPHP-973] - Rule S5527 should not raise when CURLOPT_SSL_VERIFYHOST is set to 1/TRUE
- [SONARPHP-1028] - Revise rule S125 to reduce false positive noise
- [SONARPHP-1030] - S1172 shoudn't raise issues on functions which call "func_get_args"
- [SONARPHP-1031] - Reduce noise of S1172 unused function parameters should be removed
- [SONARPHP-1049] - Private constant's are reported as unused when used before init
False Negative
- [SONARPHP-754] - UseOfUninitializedVariableCheck should use a CFG to find new issues
3.9.0.6331
Bug
- [SONARPHP-1022] - Regex in S1186 implementation leads to a StackOverflowError
- [SONARPHP-1024] - NCLOC and other metrics should not be fed for PHP test files
New Feature
- [SONARPHP-371] - S110: Inheritance tree of classes should not be too deep
- [SONARPHP-1009] - S930: The number of arguments passed to a function should match the number of parameters
Task
- [SONARPHP-1025] - Compliant and Noncompliant code examples of S5915 are the same.
Improvement
- [SONARPHP-1010] - S3699: consider cross-file knowledge of method declarations to get possible returns
- [SONARPHP-1011] - S2234: consider cross-file knowledge of function declarations to get parameter order
- [SONARPHP-1018] - S100: exclude overriding methods based on cross-file resolution of hierarchy
- [SONARPHP-1019] - S107: exclude overriding methods based on cross-file resolution of hierarchy
- [SONARPHP-1020] - S1172: exclude overriding methods based on cross-file resolution of hierarchy
- [SONARPHP-1021] - Log the currently analyzed file name when a StackOverflowError happens
- [SONARPHP-1023] - S1186: Check only comments that are directly above the method
3.8.1.6222
Bug
- [SONARPHP-1024] - NCLOC and other metrics should not be fed for PHP test files
3.8.0.6152
New Feature
- [SONARPHP-984] - Add rule S2699: Tests should include assertions
- [SONARPHP-986] - Add rule S2187: TestCases should contain tests
- [SONARPHP-987] - Add rule S5785: PHPUnit assertTrue/assertFalse should be simplified to the corresponding dedicated assertion
- [SONARPHP-989] - Add rule S3415: Assertion arguments should be passed in the correct order
- [SONARPHP-990] - Add rule S2701: Literal boolean values should not be used in assertions
- [SONARPHP-991] - Add rule S5783: Only one method invocation is expected when testing checked exceptions
- [SONARPHP-992] - Add rule S1607: Tests should not be ignored
- [SONARPHP-993] - Add rule S5779: Assertion methods should not be used within the try block of a try-catch catching an Exception
- [SONARPHP-994] - Add rule S5899: Test methods should be discoverable
- [SONARPHP-995] - Add rule S5863: Assertions should not compare an object to itself
- [SONARPHP-999] - Add rule S3360: Test class names should end with "Test"
- [SONARPHP-1006] - Create an abstract PhpUnitCheck class
- [SONARPHP-1007] - Add rule S5935: Framework-provided functions should be used to test exceptions
- [SONARPHP-1008] - Add rules S5915: Assertions should not be made at the end of blocks expecting an exception
Improvement
- [SONARPHP-1005] - Enable checks on project test files
3.7.0.5943
Release Notes - Version 3.7
New Feature
- [SONARPHP-976] - Rule S5708: Caught Exceptions must derive from Throwable
- [SONARPHP-977] - Rule S1045: All "catch" blocks should be able to catch exceptions
- [SONARPHP-978] - Rule S5713: A subclass should not be in the same "catch" clause as a parent class
- [SONARPHP-979] - Rule S5632: Raised Exceptions must derive from Throwable
- [SONARPHP-1000] - RSPEC-5911 Class of caught exception should be defined
Improvement
- [SONARPHP-980] - S3984 should check whether a class extends Exception
- [SONARPHP-981] - Fix issue message for S2166
- [SONARPHP-982] - S2166 detects exception classes case-insensitive