From 9916b877676477d546d1afe15e56acc2cfdfbdb3 Mon Sep 17 00:00:00 2001
From: gavin <gavin18d@gmail.com>
Date: Tue, 19 Oct 2021 14:20:09 +0530
Subject: [PATCH] ci: Rule Added for using frappe.qb over db.sql* (#28000)

ERPNext port of https://github.com/frappe/frappe/pull/14481


Co-authored-by: Ankush Menat <ankush@iwebnotes.com>
Co-authored-by: abhishek <as7122000@gmail.com>
---
 .../helper/semgrep_rules/frappe_correctness.yml    | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/helper/semgrep_rules/frappe_correctness.yml b/.github/helper/semgrep_rules/frappe_correctness.yml
index 166e98a8a29..0cf4e78b81d 100644
--- a/.github/helper/semgrep_rules/frappe_correctness.yml
+++ b/.github/helper/semgrep_rules/frappe_correctness.yml
@@ -132,7 +132,6 @@ rules:
   languages: [python]
   severity: ERROR
 
-
 - id: frappe-manual-commit
   patterns:
     - pattern: frappe.db.commit()
@@ -149,3 +148,16 @@ rules:
         - "**/demo/**"
   languages: [python]
   severity: ERROR
+
+- id: frappe-using-db-sql
+  pattern-either:
+    - pattern: frappe.db.sql(...)
+    - pattern: frappe.db.sql_ddl(...)
+    - pattern: frappe.db.sql_list(...)
+  paths:
+    exclude:
+      - "test_*.py"
+  message: |
+    The PR contains a SQL query that may be re-written with frappe.qb (https://frappeframework.com/docs/user/en/api/query-builder) or the Database API (https://frappeframework.com/docs/user/en/api/database)
+  languages: [python]
+  severity: ERROR
\ No newline at end of file