From 9229ee1745d864656ddee0b216a33078b7a932c6 Mon Sep 17 00:00:00 2001 From: Ankush Menat Date: Sat, 17 Apr 2021 15:41:10 +0530 Subject: [PATCH 1/3] fix: update shipment status in database Caught by semgrep rule: https://github.com/frappe/erpnext/blob/develop/.github/helper/semgrep_rules/frappe_correctness.yml#L4 --- erpnext/stock/doctype/shipment/shipment.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/erpnext/stock/doctype/shipment/shipment.py b/erpnext/stock/doctype/shipment/shipment.py index 4697a7b323..01fcee4cac 100644 --- a/erpnext/stock/doctype/shipment/shipment.py +++ b/erpnext/stock/doctype/shipment/shipment.py @@ -23,10 +23,10 @@ class Shipment(Document): frappe.throw(_('Please enter Shipment Parcel information')) if self.value_of_goods == 0: frappe.throw(_('Value of goods cannot be 0')) - self.status = 'Submitted' + self.db_set('status', 'Submitted') def on_cancel(self): - self.status = 'Cancelled' + self.db_set('status', 'Cancelled') def validate_weight(self): for parcel in self.shipment_parcel: From e972ceb79840783f3947a1856551d477154ec4be Mon Sep 17 00:00:00 2001 From: Ankush Menat Date: Sat, 17 Apr 2021 15:42:03 +0530 Subject: [PATCH 2/3] fix: patch for updating shipment status --- erpnext/patches.txt | 1 + erpnext/patches/v13_0/update_shipment_status.py | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 erpnext/patches/v13_0/update_shipment_status.py diff --git a/erpnext/patches.txt b/erpnext/patches.txt index 112f6d8a83..620cc5be62 100644 --- a/erpnext/patches.txt +++ b/erpnext/patches.txt @@ -772,3 +772,4 @@ erpnext.patches.v12_0.purchase_receipt_status erpnext.patches.v13_0.fix_non_unique_represents_company erpnext.patches.v12_0.add_document_type_field_for_italy_einvoicing erpnext.patches.v13_0.make_non_standard_user_type #13-04-2021 +erpnext.patches.v13_0.update_shipment_status diff --git a/erpnext/patches/v13_0/update_shipment_status.py b/erpnext/patches/v13_0/update_shipment_status.py new file mode 100644 index 0000000000..c425599e26 --- /dev/null +++ b/erpnext/patches/v13_0/update_shipment_status.py @@ -0,0 +1,14 @@ +import frappe + +def execute(): + frappe.reload_doc("stock", "doctype", "shipment") + + # update submitted status + frappe.db.sql("""UPDATE `tabShipment` + SET status = "Submitted" + WHERE status = "Draft" AND docstatus = 1""") + + # update cancelled status + frappe.db.sql("""UPDATE `tabShipment` + SET status = "Cancelled" + WHERE status = "Draft" AND docstatus = 2""") From c28fcba77964edb57609fee17b0470638596e5a3 Mon Sep 17 00:00:00 2001 From: Ankush Menat Date: Sat, 17 Apr 2021 15:47:34 +0530 Subject: [PATCH 3/3] ci(semgrep): add correctness rule for on_cancel Changes done to doctype object in `on_submit` are not commited to database. Add rule to catch similar bugs. --- .../semgrep_rules/frappe_correctness.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/helper/semgrep_rules/frappe_correctness.yml b/.github/helper/semgrep_rules/frappe_correctness.yml index 394abbf74d..54df062480 100644 --- a/.github/helper/semgrep_rules/frappe_correctness.yml +++ b/.github/helper/semgrep_rules/frappe_correctness.yml @@ -7,11 +7,29 @@ rules: - pattern-inside: | def on_submit(self, ...): ... + - metavariable-regex: + metavariable: '$ATTR' + # this is negative look-ahead, add more attrs to ignore like (ignore|ignore_this_too|ignore_me) + regex: '^(?!status_updater)(.*)$' message: | Doctype modified after submission. Please check if modification of self.$ATTR is commited to database. languages: [python] severity: ERROR +- id: frappe-modifying-after-cancel + patterns: + - pattern: self.$ATTR = ... + - pattern-inside: | + def on_cancel(self, ...): + ... + - metavariable-regex: + metavariable: '$ATTR' + regex: '^(?!ignore_linked_doctypes|status_updater)(.*)$' + message: | + Doctype modified after cancellation. Please check if modification of self.$ATTR is commited to database. + languages: [python] + severity: ERROR + - id: frappe-print-function-in-doctypes pattern: print(...) message: |