Process .phtml files as PHP #10009
Comments
2 tasks
aryx
pushed a commit
to semgrep/semgrep-interfaces
that referenced
this issue
Mar 27, 2024
Sometimes PHP application use the .phtml extension, especially for files which contain a mix of html and php code instead of just php. In the PHP specs, everything that is not within the `<?php` and `?>` tags is considered unstructured text: ``` script: script-section script script-section script-section: text start-tag statement-list end-tag text start-tag: <?php <?= end-tag: ?> text: arbitrary text not containing any of start-tag sequences ``` Our grammar seems to follow this rather closely. Associating .phtml with PHP basically means: - we will be able to apply PHP rules to .phtml files, without parsing errors (thanks to the arbitrary text syntactic element) - we will not parse the arbitrary text as html (which it usually is), we'd need something like extract mode for that, but it's probably a minor issue with smaller impact than having to use generic mode for every .phtml files like today I did some *cursory* testing on .phtml files to confirm that they parse fine (using pointer from [](semgrep/semgrep#10009)) and it seems to be the case. Here's an example of rule for PHP running on a phtml file: https://semgrep.dev/playground/s/d8EkP - [ ] I ran `make setup && make` to update the generated code after editing a `.atd` file (TODO: have a CI check) - [ ] I made sure we're still backward compatible with old versions of the CLI. For example, the Semgrep backend need to still be able to *consume* data generated by Semgrep 1.17.0. See https://atd.readthedocs.io/en/latest/atdgen-tutorial.html#smooth-protocol-upgrades
|
This is now fixed in Semgrep 1.67.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PHP scripts sometimes use the extension
.phtml. It would be nice if semgrep processed phtml files as PHP files, i.e. applying all PHP rules on them.The text was updated successfully, but these errors were encountered: