Releases: SonarSource/sonar-php
Releases · SonarSource/sonar-php
3.21.0.8193
New Feature
- [SONARPHP-1185] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
- [SONARPHP-1188] - Rule S6019: Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
- [SONARPHP-1192] - Rule S5867: Unicode-aware versions of character classes should be preferred
- [SONARPHP-1193] - Rule S6001: Back references in regular expressions should only refer to capturing groups that are matched before the reference
- [SONARPHP-1198] - Rule S5857: Character classes should be preferred over reluctant quantifiers in regular expressions
- [SONARPHP-1200] - Rule S6002: Regex lookahead assertions should not be contradictory
- [SONARPHP-1201] - Rule S5843: Regular expressions should not be too complicated
- [SONARPHP-1204] - Rule S5856: Regular expressions should be syntactically valid
3.20.0.8080
New Feature
- [SONARPHP-1180] - Add PCRE recursion feature to regex parser
- [SONARPHP-1189] - Rule S6035: Single-character alternations in regular expressions should be replaced with character classes
- [SONARPHP-1190] - Rule S5996: Regex boundaries should not be used in a way that can never be matched
- [SONARPHP-1191] - Rule S5855: Regex alternatives should not be redundant
- [SONARPHP-1194] - Rule S5868: Unicode Grapheme Clusters should be avoided inside regex character classes
- [SONARPHP-1196] - Rule S5869: Character classes in regular expressions should not contain the same character twice
- [SONARPHP-1199] - Rule S5994: Regex patterns following a possessive quantifier should not always fail
- [SONARPHP-1202] - Rule S5842: Regex repetition pattern's body should not match the empty String
- [SONARPHP-1203] - Rule S5361: `str_replace` should be preferred to `preg_replace`
Task
- [SONARPHP-1216] - Collect statistics to recognize and identify time consumers
Improvement
- [SONARPHP-1182] - Parse regex flags after delimiter
- [SONARPHP-1183] - Add PCRE conditional subpatterns feature to regex parser
- [SONARPHP-1209] - Parser should match PHP POSIX style expressions
- [SONARPHP-1220] - Map regex character location to location in files
- [SONARPHP-1227] - Fix location of characters when using escape sequences
- [SONARPHP-1229] - Handle whitespaces before delimiter
- [SONARPHP-1230] - S5361: Add secondary location on regex pattern
False-Positive
- [SONARPHP-1219] - S1808 NamespaceAndUseStatementCheck does not consider group use statements
- [SONARPHP-1234] - Rule S4792: Invalid exceptions for error_reporting
3.19.0
New Feature
- [SONARPHP-1179] - Rule S6339: Secret keys and salt values should be robust
- [SONARPHP-1206] - Rule S6341: WordPress theme and plugin editors are security-sensitive
- [SONARPHP-1207] - Rule S6342: Allowing themes and plugins to be managed in WordPress admin area is security-sensitive
- [SONARPHP-1208] - Rule S6343: Disabling automatic updates is security-sensitive
- [SONARPHP-1210] - Rule S6344: Constants should not be redefined
- [SONARPHP-1211] - Rule S6345: Allowing all external requests from a WordPress server is security-sensitive
- [SONARPHP-1212] - Rule S6346: Allowing unauthenticated database repair in WordPress is security-sensitive
- [SONARPHP-1213] - Rule S6347: WordPress options should not be defined at the end of "wp-config.php"
- [SONARPHP-1214] - Rule S6348: Allowing unfiltered HTML content in WordPress is security-sensitive
- [SONARPHP-1215] - Rule S6349: WordPress option names should not be misspelled
Improvement
- [SONARPHP-1176] - WordPress: S4507 should consider WP_DEBUG option
- [SONARPHP-1177] - WordPress: S5332 should consider FORCE_SSL_ADMIN and FORCE_SSL_LOGIN options
3.18.0.7718
Bug
- [SONARPHP-1151] - LoopExecutingAtMostOnceCheck crashes on loop inside "declare" statement
- [SONARPHP-1152] - NullPointerException in S4824 UnsetForeachReferenceVariableCheck
- [SONARPHP-1156] - Symbols should be created for the right hand side of constant declarations
- [SONARPHP-1171] - Empty method check fails when JVM's default locale uses Eastern Arabic digits
New Feature
- [SONARPHP-1154] - SonarPHP should load external PHPStan JSON reports
- [SONARPHP-1155] - SonarPHP should load external Psalm reports
Improvement
- [SONARPHP-1175] - Collect errors when importing reports and display them in UI
3.17.0.7439
Bug
- [SONARPHP-1120] - [S1121] Fix rule description
Improvement
- [SONARPHP-812] - [S1313] Detect IPv6 addresses only at the beginning of strings
False-Positive
- [SONARPHP-1140] - [S1488] False Positives when Assigned Value Depends on the Variable Itself
3.16.0.7320
Task
- [SONARPHP-1139] - Drop dependency on commons-io
SonarPHP 3.15.0.7197
New Feature
- [SONARPHP-952] - Rule S2755: XML parsers should not be vulnerable to XXE attacks
- [SONARPHP-1102] - Rule S5332: Using clear-text protocols is security-sensitive
- [SONARPHP-1103] - Rule S5042: Expanding archive files is security-sensitive
- [SONARPHP-1104] - Rule S5808: Authorizations should be based on strong decisions
- [SONARPHP-1105] - Rule S2612: Setting loose file permissions is security-sensitive
- [SONARPHP-1106] - Rule S4502: Disabling CSRF protections is security-sensitive
- [SONARPHP-1107] - Rule S5693: Allowing requests with excessive content length is security-sensitive
- [SONARPHP-1112] - Rule S5122: Having a permissive Cross-Origin Resource Sharing policy is security-sensitive
- [SONARPHP-1114] - Rule S5876: A new session should be created during user authentication
Task
- [SONARPHP-1125] - Remove deprecated API: PHPCustomRulesDefinition
SonarPHP 3.14.0.6990
Bug
- [SONARPHP-1073] - Parsing issue message should be readable
- [SONARPHP-1084] - Parse error on named argument using keyword value
- [SONARPHP-1116] - No symbol is created for lower case superglobals
- [SONARPHP-1121] - Qualified name of class member symbol should be case sensitive
Improvement
- [SONARPHP-896] - Update S126 to add an exception
- [SONARPHP-1087] - Deactivate ASP-like opening tags in parser
False-Positive
- [SONARPHP-1115] - Revise rule S3358 to exclude shorthand ternary operator
- [SONARPHP-1117] - FP on S2115 where a variable is reassigned using "list"
SonarPHP 3.13.0.6849
Improvement
- [SONARPHP-1086] - S1862: Add a message on the secondary location
- [SONARPHP-1089] - S1763: Add a message on the secondary location
- [SONARPHP-1090] - S1192: Add a message on the secondary location
- [SONARPHP-1091] - S1117: Add a message on the secondary location
- [SONARPHP-1092] - S1142: Add a message on the secondary location
- [SONARPHP-1093] - S110: Add a message on the secondary location
- [SONARPHP-1094] - S1045: Add a message on the secondary location
- [SONARPHP-1095] - S5632: Add a message on the secondary location
- [SONARPHP-1096] - S930: Add a message on the secondary location
- [SONARPHP-1097] - S5708: Add a message on the secondary location
- [SONARPHP-1098] - S5713: Add a message on the secondary location
- [SONARPHP-1099] - S3699: Add a message on the secondary location
- [SONARPHP-1100] - S3415: Add a message on secondary locations
- [SONARPHP-1101] - S3801: Add a message on the secondary location
SonarPHP 3.12.0.6710
Bug
- [SONARPHP-1081] - Parsing error on capitalized __Construct method with property promotion
- [SONARPHP-1083] - NPE in S2001 "PHPDeprecatedFunctionUsageCheck"
New Feature
- [SONARPHP-1082] - Add fully-qualified class names to declared types.
Improvement
- [SONARPHP-1072] - Update SSLR to 1.24
False-Positive
- [SONARPHP-1079] - FP on EmptyMethodCheck for PHP 8 Constructor Property Promotion
- [SONARPHP-1080] - FP on UnusedFunctionParametersCheck for PHP 8 Constructor Property Promotion