Skip to content

Releases: SonarSource/sonar-php

3.8.0.6152

07 Aug 08:38
d53fe2e
Compare
Choose a tag to compare

New Feature

  • [SONARPHP-984] - Add rule S2699: Tests should include assertions
  • [SONARPHP-986] - Add rule S2187: TestCases should contain tests
  • [SONARPHP-987] - Add rule S5785: PHPUnit assertTrue/assertFalse should be simplified to the corresponding dedicated assertion
  • [SONARPHP-989] - Add rule S3415: Assertion arguments should be passed in the correct order
  • [SONARPHP-990] - Add rule S2701: Literal boolean values should not be used in assertions
  • [SONARPHP-991] - Add rule S5783: Only one method invocation is expected when testing checked exceptions
  • [SONARPHP-992] - Add rule S1607: Tests should not be ignored
  • [SONARPHP-993] - Add rule S5779: Assertion methods should not be used within the try block of a try-catch catching an Exception
  • [SONARPHP-994] - Add rule S5899: Test methods should be discoverable
  • [SONARPHP-995] - Add rule S5863: Assertions should not compare an object to itself
  • [SONARPHP-999] - Add rule S3360: Test class names should end with "Test"
  • [SONARPHP-1006] - Create an abstract PhpUnitCheck class
  • [SONARPHP-1007] - Add rule S5935: Framework-provided functions should be used to test exceptions
  • [SONARPHP-1008] - Add rules S5915: Assertions should not be made at the end of blocks expecting an exception

Improvement

3.7.0.5943

24 Jul 13:38
cde3658
Compare
Choose a tag to compare

Release Notes - Version 3.7

New Feature

  • [SONARPHP-976] - Rule S5708: Caught Exceptions must derive from Throwable
  • [SONARPHP-977] - Rule S1045: All "catch" blocks should be able to catch exceptions
  • [SONARPHP-978] - Rule S5713: A subclass should not be in the same "catch" clause as a parent class
  • [SONARPHP-979] - Rule S5632: Raised Exceptions must derive from Throwable
  • [SONARPHP-1000] - RSPEC-5911 Class of caught exception should be defined

Improvement

  • [SONARPHP-980] - S3984 should check whether a class extends Exception
  • [SONARPHP-981] - Fix issue message for S2166
  • [SONARPHP-982] - S2166 detects exception classes case-insensitive

3.6.0.5808

03 Jul 15:35
dd01918
Compare
Choose a tag to compare

Bug

New Feature

  • [SONARPHP-822] - Rule S4824: References used in "foreach" loops should be "unset"
  • [SONARPHP-935] - Update S4830 to match new RSPEC content
  • [SONARPHP-936] - Rule S5527: Server hostnames should be verified during SSL/TLS connections
  • [SONARPHP-938] - Rule S5547: Cipher algorithms should be robust
  • [SONARPHP-940] - RSPEC-5542 Encryption algorithms should be used with secure mode and padding scheme

Task

  • [SONARPHP-971] - Update dependencies on Apache commons-lang

Improvement

  • [SONARPHP-939] - Deprecate S2278 in favor of S5547
  • [SONARPHP-941] - Deprecate S2277 in favor of S5542
  • [SONARPHP-967] - Rule S4790: its content should be replaced by S2070
  • [SONARPHP-969] - Update commons.io.version to 2.7+
  • [SONARPHP-970] - Improve S1192 to reduce noise of duplicated string literals
  • [SONARPHP-972] - Rule S4790 should raise when insecure algos are passed to hash(), hash_init(), hash_pbkdf2(), mhash()

False-Positive

  • [SONARPHP-857] - FP S1854: "use" clause of function expression

3.5.0.5655

28 May 08:26
01929a7
Compare
Choose a tag to compare

Release Notes - SonarSource Analyzer for PHP - Version 3.5

New Feature

  • [SONARPHP-693] - Rule S1226: Method parameters, caught exceptions and foreach variables' initial values should not be ignored
  • [SONARPHP-751] - Rule S2166: Classes named like "Exception" should extend "Exception" or a subclass
  • [SONARPHP-764] - Rule: Array values should not be replaced unconditionally
  • [SONARPHP-765] - Rule: Unary prefix operators should not be repeated
  • [SONARPHP-769] - Rule: Methods should not be empty
  • [SONARPHP-772] - Rule: Octal values should not be used
  • [SONARPHP-774] - Rule: "switch" statements should not be nested
  • [SONARPHP-775] - Rule: Parameters should be passed in the correct order
  • [SONARPHP-790] - Rule S1155: "empty()" should be used to test for emptiness
  • [SONARPHP-791] - Rule S1940: Boolean checks should not be inverted

3.4.0.5461

11 May 15:22
dd9dcf1
Compare
Choose a tag to compare

Release Notes - SonarPHP - Version 3.4

False-Positive

  • [SONARPHP-789] - FP on S2037 (SelfKeywordUsageCheck): constant from parent class declared in another file
  • [SONARPHP-853] - FP S1144 when anonymous nested class
  • [SONARPHP-884] - RSPEC-1603 should not raise issues on namespaced classes
  • [SONARPHP-906] - S1125 should ignore operands of ternary operator
  • [SONARPHP-930] - FP on S1185 when a method defines default values for parameters
  • [SONARPHP-932] - FP: CodeFollowingJumpStatementCheck should ignore PHP closing tags
  • [SONARPHP-949] - False Positive S905: @phan-var statement
  • [SONARPHP-959] - Rule S2068: filter string literal that contains the wordlist item
  • [SONARPHP-960] - Rule S2068: filter database query parameters
  • [SONARPHP-961] - FP on anonymous function for "$this should not be used in a static context"

Task

  • [SONARPHP-937] - Remove rule S1536 that can be spotted by PHP interpreter
  • [SONARPHP-963] - Change issue type of S3011 to code smell

Improvement

  • [SONARPHP-927] - Stop logging warnings when importing test results based on 'dataProvider'
  • [SONARPHP-948] - Deprecate RSPEC-2964
  • [SONARPHP-951] - The progress report should report the current file instead of the next one
  • [SONARPHP-956] - S2068 should detect hardcoded credentials in LDAP and database functions
  • [SONARPHP-957] - Rule S2068: support URI userinfo component
  • [SONARPHP-962] - Update branding to drop 'SonarPHP'
  • [SONARPHP-964] - Fix performance issue on PHPTree.getLastToken()

SonarPHP 2.12-RC1

17 Nov 16:54
Compare
Choose a tag to compare
SonarPHP 2.12-RC1 Pre-release
Pre-release

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.12.

Important: the minimal compatibility has change to SonarQube 6.7 LTS.

This version fixes 7 rules, feeds "Cognitive Complexity Metric" and introduces 20 new rules:

  • S1110: Redundant parentheses should be removed
  • S3923: All branches in a conditional structure should not have exactly the same implementation
  • S2757: "=+" should not be used instead of "+="
  • S3972: Conditionals should start on new lines
  • S3973: Conditionally executed code should be denoted by either indentation or curly braces
  • S3801: Functions should use "return" consistently
  • S3699: The output of functions that don't return anything should not be used
  • S2201: Return values from functions without side effects should not be ignored
  • S3981: Collection sizes and array length comparisons should make sense
  • S2123: Values should not be uselessly incremented
  • S4144: Methods should not have identical implementations
  • S3984: Exception should not be created without being thrown
  • S1075: URIs should not be hardcoded
  • S4142: Duplicate values should not be passed as arguments
  • S1121: Assignments should not be made from within sub-expressions
  • S3358: Ternary operators should not be nested
  • S2737: "catch" clauses should do more than rethrow
  • NoSonar: Track uses of "NOSONAR" comments
  • S2251: A "for" loop update clause should move the counter in the right direction
  • S836: Variables should be initialized before use

Release Notes

SonarPHP 2.11-RC1

26 Oct 13:18
Compare
Choose a tag to compare
SonarPHP 2.11-RC1 Pre-release
Pre-release

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.11.

This release adds support for PHP 7.1 and PHP 7.2.

Release notes.

PHP Plugin 2.10 RC1

08 Mar 13:53
Compare
Choose a tag to compare
PHP Plugin 2.10 RC1 Pre-release
Pre-release

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.10.

The main changes in this release include :

But there's much more, see the release notes: https://jira.sonarsource.com/jira/secure/ReleaseNote.jspa?projectId=10956&version=13456

PHP Plugin 2.9 RC1

24 Oct 08:46
Compare
Choose a tag to compare
PHP Plugin 2.9 RC1 Pre-release
Pre-release

SNAPSHOT version of the plugin to allow users to test the plugin during the request for feedback for the release 2.9.
This version requires SonarQube 5.6 (LTS version) and Java 8.
Here are the main changes:

  • Rule metadata was reviewed to fit the new SonarQube quality model
  • Precise issue locations for all rules
  • 7 new rules for php.ini files
  • New rule "Alias functions should not be used" (thanks to @pdaw!)

PHP Plugin 2.8 RC1

11 Mar 16:18
Compare
Choose a tag to compare
PHP Plugin 2.8 RC1 Pre-release
Pre-release

PHP Plugin 2.8 brings support of PHP7 syntax