sonar php
3.41.0.12692
This SonarSource project is a static code analyzer for PHP language used as an extension for the SonarQube platform. It will allow you to produce stable and easily supported Clean Code by helping you find and correct bugs, vulnerabilities, and code smells.
To provide feedback (request a feature, report a bug, etc.) use the SonarSource Community Forum. Please do not forget to specify the language (PHP!), plugin version, and SonarQube version.
If you have a question on how to use plugin (and the docs don't help you), we also encourage you to use the community forum.
To request a new feature, please create a new thread in SonarSource Community Forum. Even if you plan to implement it yourself and submit it back to the community, please start a new thread first to be sure that we can follow up on it.
To submit a contribution, create a pull request for this repository. Please make sure that you follow our code style and that all tests are passing.
If you have an idea for a rule but you are not sure that everyone needs it you can implement a custom rule available only for you.
newIssue endpoint added to the CheckContext API interfacePHPCustomRulesDefinition was removed, it was deprecated since version 2.13 (March 2018)ParameterTree#type() is deprecated. Use ParameterTree#declaredType() instead.ReturnTypeClauseTree#type() is deprecated. Use ReturnTypeClauseTree#declaredType() instead.ClassPropertyDeclarationTree#typeAnnotation() is deprecated. Use ClassPropertyDeclarationTree#declaredType() instead.CatchBlockTree#variable() can now return NULL.FunctionCallTree#arguments() is deprecated. Use FunctionCallTree#callArguments() instead.AnonymousClassTree#arguments() is deprecated. Use AnonymousClassTree#callArguments() instead.CallArgumentTree. This tree wraps expressions passed as arguments now.ThrowExpressionTree.MatchExpressionTree.ParameterTree now has a visibility method.To run tests locally follow these instructions.
To build the plugin and run its unit tests, execute this command from the project's root directory:
./gradlew buildTo run integration tests, you will need to create a properties file like the one shown below, and set its location in an environment variable named ORCHESTRATOR_CONFIG_URL.
# version of SonarQube server
sonar.runtimeVersion=9.9Before running any of the integration tests make sure the submodules are checked out:
git submodule update --initThe "Plugin Test" is an additional integration test that verifies plugin features such as metric calculation, coverage, etc. To launch it:
./gradlew its:plugin:integrationTestThe "Ruling Test" is a special integration test that launches the analysis of a large code base, saves the issues created by the plugin in report files, and then compares those results to the set of expected issues (stored as JSON files). To launch the ruling test:
./gradlew its:ruling:integrationTestThis test gives you the opportunity to examine the issues created by each rule and make sure they're what you expect. You can inspect new/lost issues by checking the SonarQube local URL mentioned in the logs at the end of the analysis. If everything looks good to you, you can copy the file with the actual issues located at
sonar-php/its/ruling/target/actual/
into the directory with the expected issues
sonar-php/its/ruling/src/test/resources/expected/
To update all rule descriptions:
./gradlew ruleApiUpdateTo fetch static files for a rule SXXXX from RSPEC:
./gradlew ruleApiGenerateRule -Prule=SXXXXSame for a specific RSPEC branch (master by default):
./gradlew ruleApiGenerateRule -Prule=SXXXX -Pbranch=my-branchCopyright 2010-2024 SonarSource.
SonarQube analyzers released after November 29, 2024, including patch fixes for prior versions, are published under the Sonar Source-Available License Version 1 (SSALv1).
See individual files for details that specify the license applicable to each file. Files subject to the SSALv1 will be noted in their headers.
