Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: remove warning rules

Browse Source 
semgrep-action doesn't consider severity, hence ignoring these rules for now.
This commit is contained in:
Ankush Menat 2021-07-21 19:54:06 +05:30
parent 6fbb2d3507
commit 28d52c4a95
No known key found for this signature in database
GPG Key ID: 8EA82E09BBD13AAF
1 changed files with 0 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.github/helper/semgrep_rules/security.yml vendored
View File

@ -8,18 +8,3 @@ rules:
dynamic content. Avoid it or use safe_eval().
languages: [python]
severity: ERROR
- id: frappe-sqli-format-strings
patterns:
- pattern-inside: |
@frappe.whitelist()
def $FUNC(...):
...
- pattern-either:
- pattern: frappe.db.sql("..." % ...)
- pattern: frappe.db.sql(f"...", ...)
- pattern: frappe.db.sql("...".format(...), ...)
message: |
Detected use of raw string formatting for SQL queries. This can lead to sql injection vulnerabilities. Refer security guidelines - https://github.com/frappe/erpnext/wiki/Code-Security-Guidelines
languages: [python]
severity: WARNING