PHP return type checking

cody · June 17, 2021, 5:44am

Using SonarQube 8.9.0.43852, the latest scanner version from docker, and no plugins, I’m scanning a PHP project, but it’s missing what seems like some pretty obvious issues. Does the PHP scanner support finding errors of this type?

<?php
declare(strict_types = 1);

namespace App;

class TestA
{
    public function getA(): TestA
    {
        return new TestB();
    }
}

class TestB
{
}

This seems like a fairly basic check, but it’s not being flagged for me. Is there some rule I need to enable, or is this just not supported?

For reference other static analysis tools for PHP do catch this, eg Psalm (Psalm - a static analysis tool for PHP), Phpstan (Playground | PHPStan).

Alexandre_Gigleux · June 17, 2021, 7:59am

Hello,

SonarQube doesn’t have a rule to detect such problem and as you said indeed that looks pretty simple to implement. We will look at it once we will restart our effort to implement new bug detection rules for PHP later in 2021.

Related to PHPStan and Psalm which indeed bring a lot of value to the PHP community, we will allow PHP developers to load the issues raised by these tools in SonarQube/SonarCloud. No time frame to share but this is in our roadmap.

Alex

rulatir · October 2, 2021, 1:14am

It is somewhat later in 2021 now. Any progress on this?
I assume that support for detecting use of typed properties before initialization is also absent at this time?

Alexandre_Gigleux · October 4, 2021, 7:17am

We added to our Q4 plans to provide a first set of rules based on type inference so I hope to be able to come back with good news for Christmas.