SonarCloud is not catching Syntax Error in PHP codes

waleedmazhar · June 18, 2022, 1:29pm

Hello Support,

Very unfortunately, there is no support email/contact from SonarCloud. I can’t share my repo in public.

Sonarcloud is not catching Syntax error in php codes. I have integrated it with bitbucket pull request. It Pass all 6 Parameters e.g. Bugs, Security, Coverage, Maintainability, Security Review with “A”

This was bug: “$” is missing in this->getChildHtml

<?= trim(this->getChildHtml('global_messages'));?>

Please check it ASAP

Thanks,

Waleed

Nils_Werner · June 20, 2022, 7:24am

Hi @waleedmazhar,

SonarCloud can detect Syntax Errors. However, the rule is disabled by default. You can enable it in your PHP Quality Profile.

However, the rule should not indicate an issue regarding your test case since it is a valid PHP code. In PHP 8, the keyword this may be declared a constant. If it is not present, then a Fatal Error will occur at runtime, but not a Parse Error.

Best,
Nils

waleedmazhar · June 20, 2022, 4:42pm

Thank you very much @Nils_Werner for you reply.

I enabled parse failure rule but I see few issues, please check attached images.
It detect parse error as code smell and only first line e.g.(->getChildHtml catch but ignored immediately below two syntax error lines.

This is critical errors it should throw error/break pipeline and this rule should be part of Bug. Please check below image it PASS everything with A grade and show 1 code smell, which is our syntax error and that can be ignored by developers, assuming that everything is great. Would you suggest any solution for it.

Thanks in advance,
Waleed

waleedmazhar · June 23, 2022, 4:57pm

Can anybody from SonarCloud Support answer my question. We have paid account and my production site is effecting. Please look into it ASAP

thanks

Nils_Werner · June 24, 2022, 7:11am

Hi @waleedmazhar,

The main goal of our analyzers is not to detect syntax errors. Among other reasons, this is why they are not included in the standard profile. The PHP Analyzer parser stops parsing a file as soon as it encounters a syntax error. This is to prevent us from applying our analysis for bugs, code smells, and vulnerabilities based on a non-valid code state.

We will still discuss in the team if for languages that are not compiled the severity of a syntax error can be increased and it can be considered as a blocker. This way the pipeline would not be passed.

Best,

waleedmazhar · June 24, 2022, 10:05am

thanks @Nils_Werner for your response.

system · July 1, 2022, 10:06am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.