ci: fix semgrep false positives (#13161)

* ci: fix false positive rule for split js translate - limit regex to must match end of line. - expand previous check to take care of other ways to split multi-line calls. * ci: update tests for rules, ignore rules in sider * ci: enable semgrep on v13 branches * ci: fix false positive for python split strings
pirms 4 gadiem · 4d7f5a8f8d
--- a/.flake8
+++ b/.flake8
@@ -29,4 +29,5 @@ ignore =
    B950,
    W191,

 max-line-length = 200
 max-line-length = 200
 exclude=.github/helper/semgrep_rules
--- a/.github/helper/semgrep_rules/frappe_correctness.py
+++ b/.github/helper/semgrep_rules/frappe_correctness.py
@@ -4,25 +4,61 @@ from frappe import _, flt
 from frappe.model.document import Document


 # ruleid: frappe-modifying-but-not-comitting
 def on_submit(self):
 	if self.value_of_goods == 0:
 		frappe.throw(_('Value of goods cannot be 0'))
 	# ruleid: frappe-modifying-after-submit
 	self.status = 'Submitted'

 def on_submit(self):   # noqa
 	if flt(self.per_billed) < 100:
 		self.update_billing_status()
 	else:
 		# todook: frappe-modifying-after-submit
 		self.status = "Completed"
 		self.db_set("status", "Completed")

 class TestDoc(Document):
 	pass

 	def validate(self):
 		#ruleid: frappe-modifying-child-tables-while-iterating
 		for item in self.child_table:
 			if item.value < 0:
 				self.remove(item)

 # ok: frappe-modifying-but-not-comitting
 def on_submit(self):
 	if self.value_of_goods == 0:
 		frappe.throw(_('Value of goods cannot be 0'))
 	self.status = 'Submitted'
 	self.db_set('status', 'Submitted')

 # ok: frappe-modifying-but-not-comitting
 def on_submit(self):
 	if self.value_of_goods == 0:
 		frappe.throw(_('Value of goods cannot be 0'))
 	x = "y"
 	self.status = x
 	self.db_set('status', x)


 # ok: frappe-modifying-but-not-comitting
 def on_submit(self):
 	x = "y"
 	self.status = x
 	self.save()

 # ruleid: frappe-modifying-but-not-comitting-other-method
 class DoctypeClass(Document):
 	def on_submit(self):
 		self.good_method()
 		self.tainted_method()

 	def tainted_method(self):
 		self.status = "uptate"


 # ok: frappe-modifying-but-not-comitting-other-method
 class DoctypeClass(Document):
 	def on_submit(self):
 		self.good_method()
 		self.tainted_method()

 	def tainted_method(self):
 		self.status = "update"
 		self.db_set("status", "update")

 # ok: frappe-modifying-but-not-comitting-other-method
 class DoctypeClass(Document):
 	def on_submit(self):
 		self.good_method()
 		self.tainted_method()
 		self.save()

 	def tainted_method(self):
 		self.status = "uptate"
--- a/.github/helper/semgrep_rules/translate.js
+++ b/.github/helper/semgrep_rules/translate.js
@@ -35,3 +35,10 @@ __('You have' + 'subscribers in your mailing list.')
 // ruleid: frappe-translation-js-splitting
 __('You have {0} subscribers' +
    'in your mailing list', [subscribers.length])

 // ok: frappe-translation-js-splitting
 __("Ctrl+Enter to add comment")

 // ruleid: frappe-translation-js-splitting
 __('You have {0} subscribers \
    in your mailing list', [subscribers.length])
--- a/.github/helper/semgrep_rules/translate.py
+++ b/.github/helper/semgrep_rules/translate.py
@@ -51,3 +51,11 @@ _(f"what" + f"this is also not cool")
 _("")
 # ruleid: frappe-translation-empty-string
 _('')


 class Test:
 	# ok: frappe-translation-python-splitting
 	def __init__(
 			args
 			):
 		pass
--- a/.github/helper/semgrep_rules/translate.yml
+++ b/.github/helper/semgrep_rules/translate.yml
@@ -44,8 +44,8 @@ rules:
  pattern-either:
  - pattern: _(...) + _(...)
  - pattern: _("..." + "...")
  - pattern-regex: '_\([^\)]*\\\s*'    # lines broken by `\`
  - pattern-regex: '_\(\s*\n'          # line breaks allowed by python for using ( )
  - pattern-regex: '[\s\.]_\([^\)]*\\\s*'    # lines broken by `\`
  - pattern-regex: '[\s\.]_\(\s*\n'          # line breaks allowed by python for using ( )
  message: |
    Do not split strings inside translate function. Do not concatenate using translate functions.
    Please refer: https://frappeframework.com/docs/user/en/translations
@@ -54,8 +54,8 @@ rules:

 - id: frappe-translation-js-splitting
  pattern-either:
  - pattern-regex: '__\([^\)]*[\+\\]\s*'
  - pattern: __('...' + '...')
  - pattern-regex: '__\([^\)]*[\\]\s+'
  - pattern: __('...' + '...', ...)
  - pattern: __('...') + __('...')
  message: |
    Do not split strings inside translate function. Do not concatenate using translate functions.
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -4,6 +4,8 @@ on:
  pull_request:
    branches:
      - develop
      - version-13-hotfix
      - version-13-pre-release
 jobs:
  semgrep:
    name: Frappe Linter