Skip to content

SonarSource/sonar-php

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,615 Commits

.github

.github

 
 

doc

doc

 
 

its

its

 
 

php-checks

php-checks

 
 

php-custom-rules

php-custom-rules

 
 

php-frontend

php-frontend

 
 

sonar-php-plugin

sonar-php-plugin

 
 

.cirrus.star

.cirrus.star

 
 

.cirrus.yml

.cirrus.yml

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

LICENSE.txt

LICENSE.txt

 
 

NOTICE.txt

NOTICE.txt

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

sonarpedia.json

sonarpedia.json

 
 

third-party-licenses.sh

third-party-licenses.sh

 
 

wss-unified-agent.config

wss-unified-agent.config

 
 

Repository files navigation

Code Quality and Security for PHP

Cirrus CI - Task and Script Build Status Quality Gate Status Coverage Maven Central GitHub

This SonarSource project is a static code analyzer for PHP language used as an extension for the SonarQube platform. It will allow you to produce stable and easily supported Clean Code by helping you find and correct bugs, vulnerabilities, and code smells.

Features

Useful links

More documentation

Have questions or feedback?

To provide feedback (request a feature, report a bug, etc.) use the SonarSource Community Forum. Please do not forget to specify the language (PHP!), plugin version, and SonarQube version.

If you have a question on how to use plugin (and the docs don't help you), we also encourage you to use the community forum.

Contributing

Topic in SonarSource Community Forum

To request a new feature, please create a new thread in SonarSource Community Forum. Even if you plan to implement it yourself and submit it back to the community, please start a new thread first to be sure that we can follow up on it.

Pull Request (PR)

To submit a contribution, create a pull request for this repository. Please make sure that you follow our code style and that all tests are passing.

Custom Rules

If you have an idea for a rule but you are not sure that everyone needs it you can implement a custom rule available only for you.

Custom Rules API Changes

  • 3.32 (October 2023)
    • Additional newIssue endpoint added to the CheckContext API interface
  • 3.15 (January 2021)
    • PHPCustomRulesDefinition was removed, it was deprecated since version 2.13 (March 2018)
    • Removed dependency on sslr-squid-bridge which is not maintained anymore
  • 3.11, support of PHP 8:
    • ParameterTree#type() is deprecated. Use ParameterTree#declaredType() instead.
    • ReturnTypeClauseTree#type() is deprecated. Use ReturnTypeClauseTree#declaredType() instead.
    • ClassPropertyDeclarationTree#typeAnnotation() is deprecated. Use ClassPropertyDeclarationTree#declaredType() instead.
    • CatchBlockTree#variable() can now return NULL.
    • FunctionCallTree#arguments() is deprecated. Use FunctionCallTree#callArguments() instead.
    • AnonymousClassTree#arguments() is deprecated. Use AnonymousClassTree#callArguments() instead.
    • New tree: CallArgumentTree. This tree wraps expressions passed as arguments now.
    • New kind of expression: ThrowExpressionTree.
    • New kind of expression: MatchExpressionTree.
    • ParameterTree now has a visibility method.

Testing

To run tests locally follow these instructions.

Build the Project and Run Unit Tests

To build the plugin and run its unit tests, execute this command from the project's root directory (you will need Maven):

mvn clean install

Integration Tests

To run integration tests, you will need to create a properties file like the one shown below, and set its location in an environment variable named ORCHESTRATOR_CONFIG_URL.

# version of SonarQube server
sonar.runtimeVersion=9.9

Before running any of the integration tests make sure the submodules are checked out:

  git submodule init
  git submodule update

Plugin Test

The "Plugin Test" is an additional integration test that verifies plugin features such as metric calculation, coverage, etc. To launch it, execute this command from the directory its/plugin:

mvn clean install

Ruling Test

The "Ruling Test" is a special integration test that launches the analysis of a large code base, saves the issues created by the plugin in report files, and then compares those results to the set of expected issues (stored as JSON files). To launch the ruling test:

cd its/ruling
mvn clean install

This test gives you the opportunity to examine the issues created by each rule and make sure they're what you expect. You can inspect new/lost issues by checking the web pages mentioned in the logs at the end of the analysis:

INFO  - HTML Issues Report generated: /path/to/project/sonar-php/its/sources/src/.sonar/issues-report/issues-report.html
INFO  - Light HTML Issues Report generated: /path/to/project/sonar-php/its/sources/src/.sonar/issues-report/issues-report-light.html

If everything looks good to you, you can copy the file with the actual issues located at

sonar-php/its/ruling/target/actual/

into the directory with the expected issues

sonar-php/its/ruling/src/test/resources/expected/

License

Copyright 2010-2024 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0

About

🐘 SonarPHP: PHP static analyzer for SonarQube & SonarLint

Topics

php static-code-analysis static-analysis sonarqube code-quality language-team

Resources

Readme

License

LGPL-3.0 license
Activity
Custom properties

Stars

372 stars

Watchers

51 watching

Forks

143 forks
Report repository

Releases 45

3.35.0.11659 Latest
Apr 4, 2024
+ 44 releases

Packages

No packages published

Contributors 64

+ 50 contributors

Languages