PHP Zend Framework

SonarQube Developer Edition 9.1.0

Do I need to configure SonarQube somehow to cover issues in PHP code based on Zend Framework?

Hi,

Assuming you have the right rules turned on, this should just work. Could you share details about what’s happening that shouldn’t or vice versa?

 
Ann

We use Zend as a basis and just run the scan on the code. The scan doesn’t catch the issues which we know are there. I didn’t change anything in PHP rules (I cannot, because it is the Developer Edition). Tracing the flow of one SQLi manually I realize that the call of query is not like a standard PHP query call, but some “custom” query call. Not sure if it exactly comes from the depth of Zend or defined in our libraries, but I guess eventually it goes down to some standard PHP call. Probably this long path is not traced by SQ now.

In this case, is there a special plugin or SQ tweak to make it know the framework-specific calls?

Hi,

Would you mind sharing a reproducer?

 
Thx!
Ann