3.6.0.5808

Bug

• [SONARPHP-735] - Parse error: use an array to invoke a method
• [SONARPHP-903] - Parse error on indirect call from constant
• [SONARPHP-928] - Parsing error when calling function called 'null'
• [SONARPHP-968] - Crash in DataEncryptionCheck

New Feature

• [SONARPHP-822] - Rule S4824: References used in "foreach" loops should be "unset"
• [SONARPHP-935] - Update S4830 to match new RSPEC content
• [SONARPHP-936] - Rule S5527: Server hostnames should be verified during SSL/TLS connections
• [SONARPHP-938] - Rule S5547: Cipher algorithms should be robust
• [SONARPHP-940] - RSPEC-5542 Encryption algorithms should be used with secure mode and padding scheme

Task

• [SONARPHP-971] - Update dependencies on Apache commons-lang

Improvement

• [SONARPHP-939] - Deprecate S2278 in favor of S5547
• [SONARPHP-941] - Deprecate S2277 in favor of S5542
• [SONARPHP-967] - Rule S4790: its content should be replaced by S2070
• [SONARPHP-969] - Update commons.io.version to 2.7+
• [SONARPHP-970] - Improve S1192 to reduce noise of duplicated string literals
• [SONARPHP-972] - Rule S4790 should raise when insecure algos are passed to hash(), hash_init(), hash_pbkdf2(), mhash()

False-Positive

• [SONARPHP-857] - FP S1854: "use" clause of function expression

3.5.0.5655

Release Notes - SonarSource Analyzer for PHP - Version 3.5

New Feature

• [SONARPHP-693] - Rule S1226: Method parameters, caught exceptions and foreach variables' initial values should not be ignored
• [SONARPHP-751] - Rule S2166: Classes named like "Exception" should extend "Exception" or a subclass
• [SONARPHP-764] - Rule: Array values should not be replaced unconditionally
• [SONARPHP-765] - Rule: Unary prefix operators should not be repeated
• [SONARPHP-769] - Rule: Methods should not be empty
• [SONARPHP-772] - Rule: Octal values should not be used
• [SONARPHP-774] - Rule: "switch" statements should not be nested
• [SONARPHP-775] - Rule: Parameters should be passed in the correct order
• [SONARPHP-790] - Rule S1155: "empty()" should be used to test for emptiness
• [SONARPHP-791] - Rule S1940: Boolean checks should not be inverted

3.4.0.5461

Release Notes - SonarPHP - Version 3.4

False-Positive

• [SONARPHP-789] - FP on S2037 (SelfKeywordUsageCheck): constant from parent class declared in another file
• [SONARPHP-853] - FP S1144 when anonymous nested class
• [SONARPHP-884] - RSPEC-1603 should not raise issues on namespaced classes
• [SONARPHP-906] - S1125 should ignore operands of ternary operator
• [SONARPHP-930] - FP on S1185 when a method defines default values for parameters
• [SONARPHP-932] - FP: CodeFollowingJumpStatementCheck should ignore PHP closing tags
• [SONARPHP-949] - False Positive S905: @phan-var statement
• [SONARPHP-959] - Rule S2068: filter string literal that contains the wordlist item
• [SONARPHP-960] - Rule S2068: filter database query parameters
• [SONARPHP-961] - FP on anonymous function for "$this should not be used in a static context"

Task

• [SONARPHP-937] - Remove rule S1536 that can be spotted by PHP interpreter
• [SONARPHP-963] - Change issue type of S3011 to code smell

Improvement

• [SONARPHP-927] - Stop logging warnings when importing test results based on 'dataProvider'
• [SONARPHP-948] - Deprecate RSPEC-2964
• [SONARPHP-951] - The progress report should report the current file instead of the next one
• [SONARPHP-956] - S2068 should detect hardcoded credentials in LDAP and database functions
• [SONARPHP-957] - Rule S2068: support URI userinfo component
• [SONARPHP-962] - Update branding to drop 'SonarPHP'
• [SONARPHP-964] - Fix performance issue on PHPTree.getLastToken()

SonarPHP 2.12-RC1

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.12.

Important: the minimal compatibility has change to SonarQube 6.7 LTS.

This version fixes 7 rules, feeds "Cognitive Complexity Metric" and introduces 20 new rules:

• S1110: Redundant parentheses should be removed
• S3923: All branches in a conditional structure should not have exactly the same implementation
• S2757: "=+" should not be used instead of "+="
• S3972: Conditionals should start on new lines
• S3973: Conditionally executed code should be denoted by either indentation or curly braces
• S3801: Functions should use "return" consistently
• S3699: The output of functions that don't return anything should not be used
• S2201: Return values from functions without side effects should not be ignored
• S3981: Collection sizes and array length comparisons should make sense
• S2123: Values should not be uselessly incremented
• S4144: Methods should not have identical implementations
• S3984: Exception should not be created without being thrown
• S1075: URIs should not be hardcoded
• S4142: Duplicate values should not be passed as arguments
• S1121: Assignments should not be made from within sub-expressions
• S3358: Ternary operators should not be nested
• S2737: "catch" clauses should do more than rethrow
• NoSonar: Track uses of "NOSONAR" comments
• S2251: A "for" loop update clause should move the counter in the right direction
• S836: Variables should be initialized before use

Release Notes

SonarPHP 2.11-RC1

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.11.

This release adds support for PHP 7.1 and PHP 7.2.

Release notes.

PHP Plugin 2.10 RC1

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.10.

The main changes in this release include :

• New rule: Cognitive Complexity of functions should not be too high
• Up-to-date SonarLint integration
• Import any number of test coverage reports to SonarQube 6.2 and above

But there's much more, see the release notes: https://jira.sonarsource.com/jira/secure/ReleaseNote.jspa?projectId=10956&version=13456

PHP Plugin 2.9 RC1

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.9.
This version requires SonarQube 5.6 (LTS version) and Java 8.
Here are the main changes:

• Rule metadata was reviewed to fit the new SonarQube quality model
• Precise issue locations for all rules
• 7 new rules for php.ini files
• New rule "Alias functions should not be used" (thanks to @pdaw!)

PHP Plugin 2.8 RC1

PHP Plugin 2.8 brings support of PHP7 syntax

PHP Plugin 2.7 RC2

2.7-RC2

Fix NPE in NamespaceAndUseStatementCheck

PHP Plugin 2.7 RC1

2.7-RC1

SONARPHP-581 Support cancellation of analysis