brotherton-erpnext/.github/helper/semgrep_rules/security.yml

rules:
- id: frappe-codeinjection-eval
  patterns:
  - pattern-not: eval("...")
  - pattern: eval(...)
  message: |
    Detected the use of eval(). eval() can be dangerous if used to evaluate
    dynamic content. Avoid it or use safe_eval().
  languages: [python]
  severity: ERROR
ci(semgrep): Add semgrep testing (#24871) Adds semgrep testing in CI. Refer to: - https://github.com/frappe/frappe/pull/12524 - https://github.com/frappe/frappe/pull/12577 2021-04-16 16:14:49 +00:00			`rules:`
			`- id: frappe-codeinjection-eval`
			`patterns:`
			`- pattern-not: eval("...")`
			`- pattern: eval(...)`
			`message: \|`
			`Detected the use of eval(). eval() can be dangerous if used to evaluate`
			`dynamic content. Avoid it or use safe_eval().`
			`languages: [python]`
			`severity: ERROR`