Skip to content

Releases: SonarSource/sonar-php

SonarPHP 3.15.0.7197

29 Jan 13:29
d9ce5c6
Compare
Choose a tag to compare

New Feature

  • [SONARPHP-952] - Rule S2755: XML parsers should not be vulnerable to XXE attacks
  • [SONARPHP-1102] - Rule S5332: Using clear-text protocols is security-sensitive
  • [SONARPHP-1103] - Rule S5042: Expanding archive files is security-sensitive
  • [SONARPHP-1104] - Rule S5808: Authorizations should be based on strong decisions
  • [SONARPHP-1105] - Rule S2612: Setting loose file permissions is security-sensitive
  • [SONARPHP-1106] - Rule S4502: Disabling CSRF protections is security-sensitive
  • [SONARPHP-1107] - Rule S5693: Allowing requests with excessive content length is security-sensitive
  • [SONARPHP-1112] - Rule S5122: Having a permissive Cross-Origin Resource Sharing policy is security-sensitive
  • [SONARPHP-1114] - Rule S5876: A new session should be created during user authentication

Task

  • [SONARPHP-1125] - Remove deprecated API: PHPCustomRulesDefinition

SonarPHP 3.14.0.6990

08 Jan 12:09
c13ae65
Compare
Choose a tag to compare

Bug

  • [SONARPHP-1073] - Parsing issue message should be readable
  • [SONARPHP-1084] - Parse error on named argument using keyword value
  • [SONARPHP-1116] - No symbol is created for lower case superglobals
  • [SONARPHP-1121] - Qualified name of class member symbol should be case sensitive

Improvement

False-Positive

  • [SONARPHP-1115] - Revise rule S3358 to exclude shorthand ternary operator
  • [SONARPHP-1117] - FP on S2115 where a variable is reassigned using "list"

SonarPHP 3.13.0.6849

30 Nov 10:59
305515f
Compare
Choose a tag to compare

Improvement

SonarPHP 3.12.0.6710

29 Oct 14:11
70c8431
Compare
Choose a tag to compare

Bug

  • [SONARPHP-1081] - Parsing error on capitalized __Construct method with property promotion
  • [SONARPHP-1083] - NPE in S2001 "PHPDeprecatedFunctionUsageCheck"

New Feature

  • [SONARPHP-1082] - Add fully-qualified class names to declared types.

Improvement

False-Positive

  • [SONARPHP-1079] - FP on EmptyMethodCheck for PHP 8 Constructor Property Promotion
  • [SONARPHP-1080] - FP on UnusedFunctionParametersCheck for PHP 8 Constructor Property Promotion

3.11.0.6645

20 Oct 08:30
e7d82ea
Compare
Choose a tag to compare

Bug

Task

Improvement

3.10.0.6474

05 Oct 09:06
4e140ba
Compare
Choose a tag to compare

Bug

  • [SONARPHP-983] - Object instantiation with method should raise parser error
  • [SONARPHP-1032] - S3699: Issue message contains "null" due to wrong method name resolving
  • [SONARPHP-1033] - StackOverflow in S1764 IdenticalOperandsInBinaryExpressionCheck
  • [SONARPHP-1052] - StackOverflow when scanning Abantecart

Task

False-Positive

  • [SONARPHP-885] - S2077: Resolve variable constant values to avoid noisy issues
  • [SONARPHP-973] - Rule S5527 should not raise when CURLOPT_SSL_VERIFYHOST is set to 1/TRUE
  • [SONARPHP-1028] - Revise rule S125 to reduce false positive noise
  • [SONARPHP-1030] - S1172 shoudn't raise issues on functions which call "func_get_args"
  • [SONARPHP-1031] - Reduce noise of S1172 unused function parameters should be removed
  • [SONARPHP-1049] - Private constant's are reported as unused when used before init

False Negative

  • [SONARPHP-754] - UseOfUninitializedVariableCheck should use a CFG to find new issues

3.9.0.6331

25 Aug 07:10
5951b3f
Compare
Choose a tag to compare

Bug

  • [SONARPHP-1022] - Regex in S1186 implementation leads to a StackOverflowError
  • [SONARPHP-1024] - NCLOC and other metrics should not be fed for PHP test files

New Feature

  • [SONARPHP-371] - S110: Inheritance tree of classes should not be too deep
  • [SONARPHP-1009] - S930: The number of arguments passed to a function should match the number of parameters

Task

  • [SONARPHP-1025] - Compliant and Noncompliant code examples of S5915 are the same.

Improvement

  • [SONARPHP-1010] - S3699: consider cross-file knowledge of method declarations to get possible returns
  • [SONARPHP-1011] - S2234: consider cross-file knowledge of function declarations to get parameter order
  • [SONARPHP-1018] - S100: exclude overriding methods based on cross-file resolution of hierarchy
  • [SONARPHP-1019] - S107: exclude overriding methods based on cross-file resolution of hierarchy
  • [SONARPHP-1020] - S1172: exclude overriding methods based on cross-file resolution of hierarchy
  • [SONARPHP-1021] - Log the currently analyzed file name when a StackOverflowError happens
  • [SONARPHP-1023] - S1186: Check only comments that are directly above the method

3.8.1.6222

14 Aug 09:59
Compare
Choose a tag to compare

Bug

  • [SONARPHP-1024] - NCLOC and other metrics should not be fed for PHP test files

3.8.0.6152

07 Aug 08:38
d53fe2e
Compare
Choose a tag to compare

New Feature

  • [SONARPHP-984] - Add rule S2699: Tests should include assertions
  • [SONARPHP-986] - Add rule S2187: TestCases should contain tests
  • [SONARPHP-987] - Add rule S5785: PHPUnit assertTrue/assertFalse should be simplified to the corresponding dedicated assertion
  • [SONARPHP-989] - Add rule S3415: Assertion arguments should be passed in the correct order
  • [SONARPHP-990] - Add rule S2701: Literal boolean values should not be used in assertions
  • [SONARPHP-991] - Add rule S5783: Only one method invocation is expected when testing checked exceptions
  • [SONARPHP-992] - Add rule S1607: Tests should not be ignored
  • [SONARPHP-993] - Add rule S5779: Assertion methods should not be used within the try block of a try-catch catching an Exception
  • [SONARPHP-994] - Add rule S5899: Test methods should be discoverable
  • [SONARPHP-995] - Add rule S5863: Assertions should not compare an object to itself
  • [SONARPHP-999] - Add rule S3360: Test class names should end with "Test"
  • [SONARPHP-1006] - Create an abstract PhpUnitCheck class
  • [SONARPHP-1007] - Add rule S5935: Framework-provided functions should be used to test exceptions
  • [SONARPHP-1008] - Add rules S5915: Assertions should not be made at the end of blocks expecting an exception

Improvement

3.7.0.5943

24 Jul 13:38
cde3658
Compare
Choose a tag to compare

Release Notes - Version 3.7

New Feature

  • [SONARPHP-976] - Rule S5708: Caught Exceptions must derive from Throwable
  • [SONARPHP-977] - Rule S1045: All "catch" blocks should be able to catch exceptions
  • [SONARPHP-978] - Rule S5713: A subclass should not be in the same "catch" clause as a parent class
  • [SONARPHP-979] - Rule S5632: Raised Exceptions must derive from Throwable
  • [SONARPHP-1000] - RSPEC-5911 Class of caught exception should be defined

Improvement

  • [SONARPHP-980] - S3984 should check whether a class extends Exception
  • [SONARPHP-981] - Fix issue message for S2166
  • [SONARPHP-982] - S2166 detects exception classes case-insensitive