| Ankush Menat | 67e6472 | 2021-04-16 21:44:49 +0530 | [diff] [blame] | 1 | rules: |
| 2 | - id: frappe-codeinjection-eval | ||||
| 3 | patterns: | ||||
| 4 | - pattern-not: eval("...") | ||||
| 5 | - pattern: eval(...) | ||||
| 6 | message: | | ||||
| 7 | Detected the use of eval(). eval() can be dangerous if used to evaluate | ||||
| 8 | dynamic content. Avoid it or use safe_eval(). | ||||
| 9 | languages: [python] | ||||
| 10 | severity: ERROR | ||||