PHP return type checking

Using SonarQube, the latest scanner version from docker, and no plugins, I’m scanning a PHP project, but it’s missing what seems like some pretty obvious issues. Does the PHP scanner support finding errors of this type?

declare(strict_types = 1);

namespace App;

class TestA
    public function getA(): TestA
        return new TestB();

class TestB

This seems like a fairly basic check, but it’s not being flagged for me. Is there some rule I need to enable, or is this just not supported?

For reference other static analysis tools for PHP do catch this, eg Psalm (Psalm - a static analysis tool for PHP), Phpstan (Playground | PHPStan).


SonarQube doesn’t have a rule to detect such problem and as you said indeed that looks pretty simple to implement. We will look at it once we will restart our effort to implement new bug detection rules for PHP later in 2021.

Related to PHPStan and Psalm which indeed bring a lot of value to the PHP community, we will allow PHP developers to load the issues raised by these tools in SonarQube/SonarCloud. No time frame to share but this is in our roadmap.


1 Like

It is somewhat later in 2021 now. Any progress on this?
I assume that support for detecting use of typed properties before initialization is also absent at this time?

We added to our Q4 plans to provide a first set of rules based on type inference so I hope to be able to come back with good news for Christmas.