From a74b7b04ac2864a9d13d79aa6b7e7c335af0a381 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@iwebnotes.com>
Date: Tue, 9 Mar 2021 12:04:09 +0530
Subject: [PATCH] chore: add semgrep linting (#12524)

---
 .github/workflows/semgrep.yml | 13 +++++++++++++
 .semgrep.yml                  | 29 +++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 .github/workflows/semgrep.yml
 create mode 100644 .semgrep.yml

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
new file mode 100644
index 0000000000..26f1191a90
--- /dev/null
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,13 @@
+name: Semgrep
+
+on:
+  pull_request: {}
+
+jobs:
+  semgrep:
+    name: Frappe Linter
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: returntocorp/semgrep-action@v1
+
diff --git a/.semgrep.yml b/.semgrep.yml
new file mode 100644
index 0000000000..99d237251e
--- /dev/null
+++ b/.semgrep.yml
@@ -0,0 +1,29 @@
+#Reference: https://semgrep.dev/docs/writing-rules/rule-syntax/
+
+rules:
+- id: eval
+  patterns:
+  - pattern-not: eval("...")
+  - pattern: eval(...)
+  message: |
+    Detected the use of eval(). eval() can be dangerous if used to evaluate
+    dynamic content. Avoid it or use safe_eval().
+  languages:
+  - python
+  severity: ERROR
+
+# translations
+- id: frappe-translation-syntax-python
+  pattern-either:
+  - pattern: _(f"...")  # f-strings not allowed
+  - pattern: _("..." + "...")  # concatenation not allowed
+  - pattern: _("")  # empty string is meaningless
+  - pattern: _("..." % ...)  # Only positional formatters are allowed.
+  - pattern: _("...".format(...))  # format should not be used before translating
+  - pattern: _("...") + ... + _("...")  # don't split strings
+  message: |
+    Incorrect use of translation function detected.
+    Please refer: https://frappeframework.com/docs/user/en/translations
+  languages:
+  - python
+  severity: ERROR