Hello PHP developers,
A couple of months ago, we decided to use type hints as source of knowledge for our PHP security engine to better infer the runtime types of a variable.
Today, we are happy to announce that we also consider PHPDoc to infer types.
In the following example we were previously saying nothing:
This was linked to the fact that $connection is not initialized in this file so we have no idea by looking at the code itself what’s the type of $connection.
With the update we made in our PHP security engine, we look at the PHPDoc and get the information that $connection is having the type \Doctrine\DBAL\Connection and we can raise the expected issue.
This feature is available on SonarCloud, and will be included in SonarQube 8.7 Developer Edition.
Alex