commit 9916b877676477d546d1afe15e56acc2cfdfbdb3
author gavin <gavin18d@gmail.com> Tue Oct 19 14:20:09 2021 +0530
committer GitHub <noreply@github.com> Tue Oct 19 14:20:09 2021 +0530
tree 4868db9d79f235e26e799c0cafb34ca0560cd48f
parent 01bb97bd0979c474d50f2bc654d42aed48b10b37

ci: Rule Added for using frappe.qb over db.sql* (#28000)

ERPNext port of https://github.com/frappe/frappe/pull/14481


Co-authored-by: Ankush Menat <ankush@iwebnotes.com>
Co-authored-by: abhishek <as7122000@gmail.com>

.github/helper/semgrep_rules/frappe_correctness.yml

diff --git a/.github/helper/semgrep_rules/frappe_correctness.yml b/.github/helper/semgrep_rules/frappe_correctness.yml
index 166e98a..0cf4e78 100644
--- a/.github/helper/semgrep_rules/frappe_correctness.yml
+++ b/.github/helper/semgrep_rules/frappe_correctness.yml
@@ -132,7 +132,6 @@
   languages: [python]
   severity: ERROR
 
-
 - id: frappe-manual-commit
   patterns:
     - pattern: frappe.db.commit()
@@ -149,3 +148,16 @@
         - "**/demo/**"
   languages: [python]
   severity: ERROR
+
+- id: frappe-using-db-sql
+  pattern-either:
+    - pattern: frappe.db.sql(...)
+    - pattern: frappe.db.sql_ddl(...)
+    - pattern: frappe.db.sql_list(...)
+  paths:
+    exclude:
+      - "test_*.py"
+  message: |
+    The PR contains a SQL query that may be re-written with frappe.qb (https://frappeframework.com/docs/user/en/api/query-builder) or the Database API (https://frappeframework.com/docs/user/en/api/database)
+  languages: [python]
+  severity: ERROR
\ No newline at end of file