I have a PHP project tied to GitHub. Analysis is perfomed automatically every time there is a change, but if I make a mistake in a function call name, Sonar reports no error. From forum discussions I know that such a check exists. What can I do to enable it?
Hello,
It seems to me that this comes up as a new issue when you do your PR or push, but wouldn’t it be wise to use a third-party service like Phpstan for this?
What would be the point of using a free tool while paying for another one that’s supposed to do a better job?
Hi @dmrotstein,
Welcome to the community!
Could you give a code reproducer to demonstrate what kind of mistake we’re talking about here?
Thx,
Ann
Sure, it’s simple really:
myFunction();
There is no myFunction defined in the code and the attempt to run the script causes a fatal error (naturally). But Sonar ignores this problem.
Hi,
Thanks for the example. I suspect this is going to be a question of scope (and not being able to know that it’s not defined somewhere else). But I’ll flag this for the language experts and defer to them.
Ann
Hello @dmrotstein
The idea is not to use one instead of the other, but to use both complementarily.
Let me explain.
In my opinion:
PHPStan can be launched at different times during the life of your code:
- Before a commit (which prevents unstable code from being pushed),
- In the CI
Sonar can be launched in your IDE on a specific file (and I don’t think on the entire project) and in your CI
If I take your example where you call a method that doesn’t exist. Okay, both will detect it, but for me, if your method is in another class, I don’t know if Sonar will detect it natively (especially since, depending on your framework and/or your project, it can be complex). On the other hand, phpstan will tell you during your pre-commit, which allows you to correct it before committing 
“you call a method that doesn’t exist. Okay, both will detect it” - × but that’s exactly my problem, Sonar does NOT detect it.
We tried PHPStan, but it produced too many false positives to be useful.
Hello @dmrotstein and welcome to community!
Thanks for raising awareness on this topic.
I had a look at our existing rules for the PHP analyzer, but it doesn’t seems we have this one.
From my perspective, it seems our PHP analyzer would lack some advanced capabilities to propose such rule reliably. A function can be defined in a lot of places (e.g. another file imported explicitly or implicitly by autoloaders), we would risk being noisy and raise FPs in its current state.
I unfortunately cannot offer much alternative or workaround.
Sorry for this lack of solution.
Best,
Rudy
2 Likes