Add detection for Hack files with ".hh" file extension

Hack is Facebook's dialect of PHP: http://hacklang.org/. This adds support for detecting it via the ".hh" file extension; although that extension techincally conflicts with C++ headers, the files look different enough that the existing classifier based on sample code has no trouble distinguising them. This diff deliberately does not deal with detecting ".php" as another valid extension for Hack code. That's much trickier since the code looks basically identical to PHP to the classifier, and needs a different approach.
2025-12-08 20:38:47 +00:00 · 2014-08-06 15:39:10 -07:00
parent 6d07302963
commit b2cb74cabf
29 changed files with 1155 additions and 0 deletions
--- a/samples/Hack/UnescapedString.hh
+++ b/samples/Hack/UnescapedString.hh
@@ -0,0 +1,16 @@
+<?hh // strict
+
+// Outside of this file, no one knows that UNESCAPED_STRING is a string
+newtype UNESCAPED_STRING = string;
+
+// This is how we initially taint a string.
+function unescaped_string(string $s): UNESCAPED_STRING {
+  return $s;
+}
+
+// This is the only thing you can do with an UNESCAPED_STRING (other than pass
+// it around)
+function escape_unescaped_string(UNESCAPED_STRING $s): string {
+  // Your use case will decide how you want to escape your strings
+  return sprintf('Escaped ---> "%s" <--- Escaped', $s);
+}