Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/frappe/semgrep-rules
Semgrep rules specific to Frappe Framework
https://github.com/frappe/semgrep-rules
erpnext frappe-framework lint semgrep
Last synced: 3 days ago
JSON representation
Semgrep rules specific to Frappe Framework
- Host: GitHub
- URL: https://github.com/frappe/semgrep-rules
- Owner: frappe
- License: mit
- Created: 2021-10-22T15:03:10.000Z (about 3 years ago)
- Default Branch: develop
- Last Pushed: 2024-07-04T21:20:50.000Z (6 months ago)
- Last Synced: 2024-12-09T19:52:16.836Z (12 days ago)
- Topics: erpnext, frappe-framework, lint, semgrep
- Language: Python
- Homepage:
- Size: 45.9 KB
- Stars: 41
- Watchers: 17
- Forks: 28
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-frappe - Semgrep Rules - Semgrep Rules for following the best practices while building your Frappe Apps. (Uncategorized / Uncategorized)
README
# Frappe Semgrep rules
Semgrep rules specific to [Frappe Framework](https://github.com/frappe/frappe)
These rules guard against typical mistakes or bad practices while working on Frappe Framework apps. Frappe's own apps also use this to simplify repetitive checks in code review process.
## How to Use in my app
### Github Action
You can use a GitHub Action to automatically validate changes with semgrep rules on all PRs.
```yaml
name: Linterson:
pull_request: { }jobs:
linters:
name: Frappe Linter
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'- name: Download Semgrep rules
run: git clone --depth 1 https://github.com/frappe/semgrep-rules.git frappe-semgrep-rules- name: Download semgrep
run: pip install semgrep- name: Run Semgrep rules
run: semgrep ci --config ./frappe-semgrep-rules/rules
```### Manually / running semgrep locally
- Install and verify that semgrep works `semgrep --version`
- clone the rules repository `git clonse `
- Run semgrep specifying rules folder as config `semgrep --config=~/path/to/frappe-semgrep-rules/rules your_app_folder`Tip: You can optionally pass `--severity=ERROR` to ignore rules that produce warnings and only catch errors.
## How to contribute new rules
- Read how Semgrep works: [Getting started with semgrep rules](https://semgrep.dev/docs/writing-rules/overview/)
- Write a rule. Make sure it doesn't have too many false positives.
- Write positive and negative test cases for rule you are adding: [Testing rules](https://semgrep.dev/docs/writing-rules/testing-rules/)