3.28.0.9490

Release notes - SonarPHP - 3.28

Bug

SONARPHP-1349 Remove ITs related to removed "Common Server Rules"

False-Positive

SONARPHP-1327 Rule S1192: Exclude duplicate literal starting with underscore

SONARPHP-1329 Rule S1808: Handle named arguments properly

SONARPHP-1342 Rule S5361: Do not suggest to replace preg_replace if 4 or 5 parameter is set

SONARPHP-1345 Rule S1313: Add broadcast address to exceptions

New Feature

SONARPHP-1244 Rule S3330: Using Symfony's cookie helper method without the "HttpOnly" flag is security-sensitive

SONARPHP-1247 Rule S2068: Using hard-coded credentials for Laravel's encryption methods is security-sensitive

Improvement

SONARPHP-1338 Remove LegacyIssue, Issue completely

SONARPHP-1348 Raise warning when coverage or test report file does not contain any record

3.27.1.9352

Release notes - SonarPHP - 3.27.1

Bug

SONARPHP-1344 Verify file status by file hashes before restoring from cache

3.27.0.9339

Release notes - SonarPHP - 3.27

Bug

SONARPHP-1341 Using file hash when writing and reading from cache

3.26.0.9313

Release notes - SonarPHP - 3.26

Bug

SONARPHP-1085 Parse error on namespace using keywords

Task

SONARPHP-1330 Serialize and deserialize the project level symbol table

SONARPHP-1331 Write/read Project Symbol Tables to/from cache

SONARPHP-1332 Avoid scanning files that don't need to be analyzed

SONARPHP-1333 Add integration tests for incremental PR analysis

SONARPHP-1334 `PHPSensor.AnalysisScanner` should become a stand-alone class

SONARPHP-1335 All constructors of the `PHPSensor` should be covered with UTs and ITs

SONARPHP-1336 Update API to expose data related to caching

SONARPHP-1339 Cache CPD tokens for main files

Improvement

SONARPHP-1337 Get rid of LegacyIssue class

3.25.0.9077

Release notes - SonarPHP - Version 3.25

Bug

SONARPHP-1316 Import of PHPStan reports without issues should not raise an error

SONARPHP-1313 PHP sensor should be executed also on TEST files.

SONARPHP-1308 The namespace resolver should not look into other namespaces to resolve

False-Positive

SONARPHP-1311 Rule S1313: Exclude reserved documentation IP ranges

Improvement

SONARPHP-1318 Adapt PHPUnit integration tests to reflect state-of-the art testing in PHP

SONARPHP-1312 External report information on files that are excluded from the analysis should not be processed

SONARPHP-1282 Adjust fully qualified path of external reports to prevent incorrect allocation

New Feature

SONARPHP-1315 Support readonly class syntax

3.24.0.8949

Release notes - SonarPHP - Version 3.24

Bug

SONARPHP-1300 Parsing error on the order of constructor promoted property characteristics

SONARPHP-1296 Parse error on keywords as enum case identifier

False Negative

SONARPHP-1267 Parser: All keywords should be case insensitive

SONARPHP-1170 S2050: FN on fully qualified name

SONARPHP-1168 S2755: FN with fully qualified names

False-Positive

SONARPHP-1303 Rule S1313: Exclude local IPv4-mapped IPv6 address

SONARPHP-1299 S1144 should take into account PHPDoc @uses

SONARPHP-1238 S5996 FP on line breaks after end boundaries

SONARPHP-1169 FP for S2277 when using fully qualified name

Improvement

SONARPHP-1298 Update Analyzer Commons to 1.25: minor changes on Regex checks

SONARPHP-1294 Rule S1192: Add period as allowed character for exceptions

SONARPHP-1136 S2755 should support cakephp xml utils

SONARPHP-593 Make S1697 cover PHP idiomatic cases

New Feature

SONARPHP-1306 Rules support PCI DSS Security Standard

SONARPHP-1293 Provide OWASP Top 10 2021 security standards for rules metadata

Task

SONARPHP-1309 Add Windows build and plugin qa step to CI

SONARPHP-1301 Remove deprecated DuplicatedBlocks rule from Sonar Way

3.23.1.8766

Improvement

• [SONARPHP-1295] - Provide descriptions for rule properties of S1808

False-Positive

• [SONARPHP-1291] - S6328 should not raise on parsing error

3.23.0.8726

New Feature

• [SONARPHP-1270] - Rule S6393: Regular expressions should have valid delimiters
• [SONARPHP-1272] - Rule S6396: Superfluous curly brace quantifiers should be avoided
• [SONARPHP-1273] - Rule S6397: Character classes in regular expressions should not contain only one character
• [SONARPHP-1274] - Rule S6323: Alternation in regular expressions should not contain empty alternatives
• [SONARPHP-1275] - Rule S6326: Regular expressions should not contain multiple spaces
• [SONARPHP-1276] - Rule S6353: Regular expression quantifiers and character classes should be used concisely
• [SONARPHP-1277] - Rule S6328: Replacement strings should reference existing regular expression groups
• [SONARPHP-1278] - Rule S6331: Regular expressions should not contain empty groups
• [SONARPHP-1279] - Rule S6395: Non-capturing groups without quantifier should not be used

False-Positive

• [SONARPHP-1268] - S3699 should not raise on arrow functions or match clauses

3.22.1.8626

Bug

• [SONARPHP-1269] - CFG building should not fail when enum is encountered

3.22.0.8482

Bug

• [SONARPHP-1262] - PHPStan report import should not fail on paths with class context

New Feature

• [SONARPHP-1251] - Parser should support Enums
• [SONARPHP-1252] - Parser should support `new` in initializers
• [SONARPHP-1253] - Parser should support readonly properties
• [SONARPHP-1254] - Parser should support first-class callable syntax
• [SONARPHP-1255] - Parser should support pure intersection types
• [SONARPHP-1256] - Parser should support explicit octal integer literal notation
• [SONARPHP-1260] - Parser should support final class constants
• [SONARPHP-1264] - S1144 UnusedPrivateMethodCheck should raise on enum private and protected methods
• [SONARPHP-1265] - Parser should allow enums as inner statements

Improvement

• [SONARPHP-1261] - Move to Java 11