From be4496e4ab4258ab317984caeb8b3d9f1e5bd5fc Mon Sep 17 00:00:00 2001
From: ruthra kumar <ruthra@erpnext.com>
Date: Fri, 27 Mar 2026 12:30:31 +0530
Subject: [PATCH] ci: semgrep to prevent test regression

---
 .github/workflows/linters.yml |  3 +++
 semgrep/test-correctness.yml  | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 semgrep/test-correctness.yml

diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
index 6701673cc7f..37d8363beaa 100644
--- a/.github/workflows/linters.yml
+++ b/.github/workflows/linters.yml
@@ -43,3 +43,6 @@ jobs:
 
       - name: Run Semgrep rules
         run: semgrep ci --config ./frappe-semgrep-rules/rules --config r/python.lang.correctness
+
+      - name: Semgrep for Test Correctness
+        run: semgrep ci --include=**/test_*.py --config ./semgrep/test-correctness.yml
diff --git a/semgrep/test-correctness.yml b/semgrep/test-correctness.yml
new file mode 100644
index 00000000000..34eb82fa1d6
--- /dev/null
+++ b/semgrep/test-correctness.yml
@@ -0,0 +1,18 @@
+rules:
+- id: Dont-commit
+  pattern: frappe.db.commit()
+  message: Commiting inside test breaks idempotency.
+  languages: [python]
+  severity: ERROR
+- id: Implicit-commit
+  pattern: frappe.db.truncate()
+  message: DB truncation does implict commit which breaks test idempotency.
+  languages: [python]
+  severity: ERROR
+- id: Dont-override-teardown
+  pattern: |
+    def tearDown(...):
+      ...
+  message: ERPNextTestSuite forces rollback on each tearDown, which ensures idempotency. Don't override tearDown.
+  languages: [python]
+  severity: ERROR