ci: Rule Added for using frappe.qb over db.sql* (#28000)

ERPNext port of https://github.com/frappe/frappe/pull/14481 Co-authored-by: Ankush Menat <ankush@iwebnotes.com> Co-authored-by: abhishek <as7122000@gmail.com>
3 years ago · 9916b87767
1 changed files with 13 additions and 1 deletions
--- a/.github/helper/semgrep_rules/frappe_correctness.yml
+++ b/.github/helper/semgrep_rules/frappe_correctness.yml
@ -132,7 +132,6 @@ rules:
  languages: [python]
  severity: ERROR

-
 - id: frappe-manual-commit
  patterns:
    - pattern: frappe.db.commit()
@ -149,3 +148,16 @@ rules:
        - "**/demo/**"
  languages: [python]
  severity: ERROR
+
+- id: frappe-using-db-sql
+  pattern-either:
+    - pattern: frappe.db.sql(...)
+    - pattern: frappe.db.sql_ddl(...)
+    - pattern: frappe.db.sql_list(...)
+  paths:
+    exclude:
+      - "test_*.py"
+  message: |
+    The PR contains a SQL query that may be re-written with frappe.qb (https://frappeframework.com/docs/user/en/api/query-builder) or the Database API (https://frappeframework.com/docs/user/en/api/database)
+  languages: [python]
+  severity: ERROR