[sonar-php] Type hints rules


(Julien Herr) #1


Codesniffer has some interesting rules on type hinting:
It helps to have a useful auto-completion in IDE and use the language as a more static one.

=> Is it planned to copy codesniffer rules on type hinting?

With type hints, a more dynamic analysis will be possible (and helpful), like sonar-java.

  • warn when a wrong type is passed ;
  • warn when a function is used on a wrong type ;

  • As PHP doesn’t have a compiler, the awesome feature would be to be warned about type issues at “sonar time” instead of runtime.

(Alexandre Gigleux) #4


There is no plan on our side to just copy CodeSniffer rules but we can get some inspiration from them :slight_smile: We want to develop more Bug Detection rules and these hints can easily fit with this goal.

These past months we have been implementing a Type Inference stack for PHP with the goal to detect PHP vulnerabilities (feature provided for Java and C# with the SonarQube Developer Edition).
This Type Inference stack is not yet part of SonarPHP but if we imagine that one day it is moved there, we could implement such Bug Detection rules.

Would you be able to list CodeSniffer’s rules that are related to “wrong type” ?


(Julien Herr) #5

I can’t wait for the bug detection rules :heart_eyes:

In fact, we use

as base rules which is an extension of CodeSniffer.
I’d love to be able to remove this extra tool and use Sonar exclusively.

If I summarize:

  • I miss some Built-in PHP profiles: PSR-1, PSR-2 and PSR-12
  • Type inferences will be awesome
  • Type hinting rules like slevomat’s could be an intermediate step
  • (SonarLint could warn if we break things with method signature modification; not the case of phpstorm)