Hello PHP developers,
A couple of months ago, we decided to use type hints as source of knowledge for our PHP security engine to better infer the runtime types of a variable.
Today, we are happy to announce that we also consider PHPDoc to infer types.
In the following example we were previously saying nothing:
This was linked to the fact that
$connection is not initialized in this file so we have no idea by looking at the code itself what’s the type of
With the update we made in our PHP security engine, we look at the PHPDoc and get the information that
$connection is having the type
\Doctrine\DBAL\Connection and we can raise the expected issue.
This feature is available on SonarCloud, and will be included in SonarQube 8.7 Developer Edition.