feat(linter): add invalid-open-tag correctness rule (#310)

closes #309

Signed-off-by: azjezz <[email protected]>

Author: azjezz

crates/linter/src/rule/invalid_open_tag.rs

@@ -0,0 +1,126 @@
+use indoc::indoc;
+use serde::Deserialize;
+use serde::Serialize;
+
+use mago_fixer::SafetyClassification;
+use mago_php_version::PHPVersionRange;
+use mago_reporting::Annotation;
+use mago_reporting::Issue;
+use mago_reporting::Level;
+use mago_span::HasSpan;
+use mago_syntax::ast::*;
+
+use crate::category::Category;
+use crate::context::LintContext;
+use crate::integration::IntegrationSet;
+use crate::rule::Config;
+use crate::rule::LintRule;
+use crate::rule_meta::RuleMeta;
+use crate::settings::RuleSettings;
+
+const INVALID_TAGS: &[&str] = &["<php?", "<ph?p", "<p?hp", "<ph?", "<p?"];
+
+#[derive(Debug, Clone)]
+pub struct InvalidOpenTagRule {
+    meta: &'static RuleMeta,
+    cfg: InvalidOpenTagConfig,
+}
+
+#[derive(Debug, Clone, Copy, Eq, PartialEq, Hash, Serialize, Deserialize)]
+#[serde(default, rename_all = "kebab-case", deny_unknown_fields)]
+pub struct InvalidOpenTagConfig {
+    pub level: Level,
+}
+
+impl Default for InvalidOpenTagConfig {
+    fn default() -> Self {
+        Self { level: Level::Note }
+    }
+}
+
+impl Config for InvalidOpenTagConfig {
+    fn level(&self) -> Level {
+        self.level
+    }
+}
+
+impl LintRule for InvalidOpenTagRule {
+    type Config = InvalidOpenTagConfig;
+
+    fn meta() -> &'static RuleMeta {
+        const META: RuleMeta = RuleMeta {
+            name: "Invalid Open Tag",
+            code: "invalid-open-tag",
+            description: indoc! {"
+                Detects misspelled PHP opening tags like `<php?` instead of `<?php`.
+
+                A misspelled opening tag will cause the PHP interpreter to treat the
+                following code as plain text, leading to the code being output directly
+                to the browser instead of being executed. This can cause unexpected
+                behavior and potential security vulnerabilities.
+            "},
+            good_example: indoc! {r#"
+                <?php
+
+                echo 'Hello, world!';
+            "#},
+            bad_example: indoc! {r#"
+                <php?
+
+                echo 'Hello, world!';
+            "#},
+            category: Category::Correctness,
+            php: PHPVersionRange::any(),
+            requires: IntegrationSet::empty(),
+        };
+
+        &META
+    }
+
+    fn targets() -> &'static [NodeKind] {
+        const TARGETS: &[NodeKind] = &[NodeKind::Inline];
+
+        TARGETS
+    }
+
+    fn build(settings: RuleSettings<Self::Config>) -> Self {
+        Self { meta: Self::meta(), cfg: settings.config }
+    }
+
+    fn check<'ast, 'arena>(&self, ctx: &mut LintContext<'_, 'arena>, node: Node<'ast, 'arena>) {
+        let Node::Inline(inline_stmt) = node else {
+            return;
+        };
+
+        let content = inline_stmt.value;
+        let trimmed_content = content.trim_start();
+
+        for &invalid_tag in INVALID_TAGS {
+            let invalid_tag_len = invalid_tag.len();
+            if trimmed_content.len() < invalid_tag_len {
+                continue;
+            }
+
+            let prefix_to_check = &trimmed_content[..invalid_tag_len];
+
+            if prefix_to_check.eq_ignore_ascii_case(invalid_tag) {
+                let start_offset = content.len() - trimmed_content.len();
+                let invalid_tag_span = inline_stmt.span().subspan(start_offset as u32, invalid_tag_len as u32);
+
+                let issue = Issue::new(self.cfg.level(), format!("Misspelled PHP opening tag `{}`.", invalid_tag))
+                    .with_code(self.meta.code)
+                    .with_annotation(
+                        Annotation::primary(invalid_tag_span).with_message("This looks like a typo for `<?php`."),
+                    )
+                    .with_note("Code following a misspelled tag will be treated as plain text and output directly.")
+                    .with_help("Replace this with the correct `<?php` opening tag.");
+
+                ctx.collector.propose(issue, |plan| {
+                    plan.replace(invalid_tag_span.to_range(), "<?php", SafetyClassification::PotentiallyUnsafe);
+                });
+
+                break;
+            }
+        }
+    }
+}

crates/linter/src/rule/mod.rs

@@ -33,6 +33,7 @@ pub mod function_name;
 pub mod halstead;
 pub mod identity_comparison;
 pub mod interface_name;
+pub mod invalid_open_tag;
 pub mod kan_defect;
 pub mod literal_named_argument;
 pub mod loop_does_not_iterate;
@@ -137,6 +138,7 @@ pub use function_name::*;
 pub use halstead::*;
 pub use identity_comparison::*;
 pub use interface_name::*;
+pub use invalid_open_tag::*;
 pub use kan_defect::*;
 pub use literal_named_argument::*;
 pub use loop_does_not_iterate::*;
@@ -378,8 +380,9 @@ define_rules! {
     NoAssignInCondition(no_assign_in_condition @ NoAssignInConditionRule),
     NoAliasFunction(no_alias_function @ NoAliasFunctionRule),
     LowercaseTypeHint(lowercase_type_hint @ LowercaseTypeHintRule),
-    InterfaceName(interface_name @ InterfaceNameRule),
     IdentityComparison(identity_comparison @ IdentityComparisonRule),
+    InterfaceName(interface_name @ InterfaceNameRule),
+    InvalidOpenTag(invalid_open_tag @ InvalidOpenTagRule),
     FunctionName(function_name @ FunctionNameRule),
     ExplicitOctal(explicit_octal @ ExplicitOctalRule),
     ExplicitNullableParam(explicit_nullable_param @ ExplicitNullableParamRule),

crates/linter/src/rule/strict_types.rs

@@ -92,38 +92,54 @@ impl LintRule for StrictTypesRule {
         };
 
         let mut found = false;
+        let mut has_useful_statements = false;
         for statement in program.statements.iter() {
-            if let Statement::Declare(declare) = statement {
-                for item in declare.items.iter() {
-                    if item.name.value != STRICT_TYPES_DIRECTIVE {
-                        continue;
-                    }
+            let declare = match statement {
+                Statement::Declare(declare) => declare,
+                _ => {
+                    has_useful_statements |= !matches!(
+                        statement,
+                        Statement::OpeningTag(_) | Statement::ClosingTag(_) | Statement::Inline(_) | Statement::Noop(_)
+                    );
+
+                    break;
+                }
+            };
 
-                    match &item.value {
-                        Expression::Literal(Literal::Integer(integer)) => {
-                            if integer.value == Some(0) && !self.cfg.allow_disabling {
-                                let issue = Issue::new(self.cfg.level(), "The `strict_types` directive is disabled.")
-                                    .with_code(self.meta.code)
-                                    .with_annotation(
-                                        Annotation::primary(item.span())
-                                            .with_message("The `strict_types` is disabled here"),
-                                    )
-                                    .with_note("Disabling `strict_types` can lead to type safety issues.")
-                                    .with_help("Consider setting `strict_types` to `1` to enforce strict typing.");
-
-                                ctx.collector.report(issue);
-                            }
-                        }
-                        _ => {
-                            // ignore other values, as they will be caught by the semantics checker
+            for item in declare.items.iter() {
+                if item.name.value != STRICT_TYPES_DIRECTIVE {
+                    continue;
+                }
+
+                match &item.value {
+                    Expression::Literal(Literal::Integer(integer)) => {
+                        if integer.value == Some(0) && !self.cfg.allow_disabling {
+                            let issue = Issue::new(self.cfg.level(), "The `strict_types` directive is disabled.")
+                                .with_code(self.meta.code)
+                                .with_annotation(
+                                    Annotation::primary(item.span())
+                                        .with_message("The `strict_types` is disabled here"),
+                                )
+                                .with_note("Disabling `strict_types` can lead to type safety issues.")
+                                .with_help("Consider setting `strict_types` to `1` to enforce strict typing.");
+
+                            ctx.collector.report(issue);
                         }
-                    };
+                    }
+                    _ => {
+                        // ignore other values, as they will be caught by the semantics checker
+                    }
+                };
 
-                    found = true;
-                }
+                found = true;
             }
         }
 
+        if !has_useful_statements {
+            // empty file or file with only opening/closing tags, inline HTML, or no-op statements
+            return;
+        }
+
         if !found {
             let issue = Issue::new(
                 self.cfg.level(),

crates/linter/src/settings.rs

@@ -90,8 +90,9 @@ pub struct RulesSettings {
     pub no_assign_in_condition: RuleSettings<NoAssignInConditionConfig>,
     pub no_alias_function: RuleSettings<NoAliasFunctionConfig>,
     pub lowercase_type_hint: RuleSettings<LowercaseTypeHintConfig>,
-    pub interface_name: RuleSettings<InterfaceNameConfig>,
     pub identity_comparison: RuleSettings<IdentityComparisonConfig>,
+    pub interface_name: RuleSettings<InterfaceNameConfig>,
+    pub invalid_open_tag: RuleSettings<InvalidOpenTagConfig>,
     pub function_name: RuleSettings<FunctionNameConfig>,
     pub explicit_nullable_param: RuleSettings<ExplicitNullableParamConfig>,
     pub explicit_octal: RuleSettings<ExplicitOctalConfig>,

docs/tools/linter/rules/correctness.md

@@ -12,6 +12,7 @@ This document details the rules available in the `Correctness` category.
 | :--- | :---------- |
 | Assert Description | [`assert-description`](#assert-description) |
 | Identity Comparison | [`identity-comparison`](#identity-comparison) |
+| Invalid Open Tag | [`invalid-open-tag`](#invalid-open-tag) |
 | No Assign In Condition | [`no-assign-in-condition`](#no-assign-in-condition) |
 | No Boolean Literal Comparison | [`no-boolean-literal-comparison`](#no-boolean-literal-comparison) |
 | No Empty Catch Clause | [`no-empty-catch-clause`](#no-empty-catch-clause) |
@@ -96,6 +97,44 @@ if ($a == $b) {
 
 ---
 
+## <a id="invalid-open-tag"></a>`invalid-open-tag`
+
+Detects misspelled PHP opening tags like `<php?` instead of `<?php`.
+
+A misspelled opening tag will cause the PHP interpreter to treat the
+following code as plain text, leading to the code being output directly
+to the browser instead of being executed. This can cause unexpected
+behavior and potential security vulnerabilities.
+
+
+
+### Configuration
+
+| Option | Type | Default |
+| :--- | :--- | :--- |
+| `enabled` | `boolean` | `true` |
+| `level` | `string` | `"note"` |
+
+### Examples
+
+#### Correct Code
+
+```php
+<?php
+
+echo 'Hello, world!';
+```
+
+#### Incorrect Code
+
+```php
+<php?
+
+echo 'Hello, world!';
+```
+
+---
+
 ## <a id="no-assign-in-condition"></a>`no-assign-in-condition`
 
 Detects assignments in conditions which can lead to unexpected behavior and make the code harder