Releases: SonarSource/sonar-php
3.42.0.12795
Release notes - SonarPHP - 3.42
Bug
SONARPHP-1600 Parser should support match statements in unary expressions
3.41.0.12692
Release notes - SonarPHP - 3.41
New Feature
SONARPHP-1584 Support Asymmetric Property Visibility
False Negative
SONARPHP-1530 S1125 should raise an issue when a boolean literal is used in a xor expression
False Positive
SONARPHP-1538 S1144 should not raise in PHPUnit tests with DataProviders
SONARPHP-1569 S1448 should not raise on test classes
SONARPHP-1582 S3330: Only raise for variable cookies
Improvement
SONARPHP-1583 Constructor promoted properties should generate class member symbol
3.40.0.12590
Release notes - SonarPHP - 3.40
False Positive
SONARPHP-1535 S1172 should not raise an issue on throwaway variables
Improvement
SONARPHP-1578 Updating to SONAR Source-Available License v1.0 (SSALv1)
3.39.0.12526
Release notes - SonarPHP - 3.39
New Feature
SONARPHP-1369 S6418: Hard-coded secrets are security-sensitive
SONARPHP-1533 Support Disjunctive Normal Form Types (PHP 8.2 feature)
SONARPHP-1543 Support Property hooks (PHP 8.4 feature)
SONARPHP-1544 Support new without parentheses
3.38.0.12239
Release notes - SonarPHP - 3.38
New Feature
SONARPHP-1017 S5797: Constants should not be used as conditions
Improvement
SONARPHP-1471 Adopt the new Clean Code Taxonomy
3.37.0.12086
Release notes - SonarPHP - 3.37
Bug
SONARPHP-1498 Crash (Stack Overflow) when scanning a file from the Drupal project
SONARPHP-1503 PHPstan report is not imported UnsupportedOperationException: null
False-Positive
SONARPHP-1508 S1764 should not report exponent operator "**"
New Feature
SONARPHP-1505 Add STIG metadata support
SONARPHP-1509 Implement a FrameworkDetectionVisitor to identify usage of the Drupal framework
SONARPHP-1512 Allow users to deactive the Drupal Framework detection and adaption of rules
Improvement
SONARPHP-1502 Import of PHPUnit test reports should allow specifying multiple files
SONARPHP-1510 Adapt S100 to change the default pattern based on the identified Framework
SONARPHP-1511 Adapt S1781 to change the behavior based on the identified Framework
SONARPHP-1513 Scanner constructor should be provided a charset directly instead of its name
SONARPHP-1514 S1131 should skip lines with very common last characters
SONARPHP-1516 Analyzer should avoid pattern recompilation
SONARPHP-1517 Remove the usage of `LinkedList` in `IteratorUtils`
3.36.0.11813
Release notes - SonarPHP - 3.36
- Update rule descriptions
3.35.0.11659
Release notes - SonarPHP - 3.35
Bug
SONARPHP-1491 Ensure CPD tokens for readonly property promotion are submitted in the right order
False-Positive
SONARPHP-1381 S905 should not raise issue on string concatenation if separate function is called
SONARPHP-1383 FP S5856 Regex: Expected octal digit, but found '\'
SONARPHP-1390 S5328 should not raise issue in specific case when session id is not user supplied
SONARPHP-1391 S2068 should not raise issue on invalid uri
SONARPHP-1395 S122 should have a clearer message in case of multiple function expressions per line
SONARPHP-1399 S3699 Do not raise issue when method is overridden
SONARPHP-1453 S3415 should not raise an issue when expected is a field of a parameter
SONARPHP-1490 S2201: ignored return value of strtok() should not be reported as an issue
False Negative
SONARPHP-1400 S4423 should raise if sensitive value is assigned into an existing array
Improvement
SONARPHP-1414 S1820 include promoted property in our count of fields
SONARPHP-1415 S107 adapt rule to exclude promoted properties in its count
SONARPHP-1467 S4144 Align logic for top-level functions and class methods
SONARPHP-1480 Deprecate rule S6339
SONARPHP-1486 Deprecate rule S4792
SONARPHP-1495 S1820 should not count constants as fields
3.34.0.11311
SonarPHP - 3.34
Improvement
SONARPHP-1468 Use Java 17 to build project
SONARPHP-1477 Support on-demand plugin downloading
3.33.0.11274
Release notes - SonarPHP - 3.33
- Update rule descriptions to include Learn as You Code changes
False-Positive
SONARPHP-1476 S1144 should not raise an issue when a magic method is available via a trait