Merge pull request #36 from sagarvora/add-whitelist-for-tests-rule

feat: add rule to enforce whitelist_for_tests in test files

Author: ankush

rules/frappe_correctness.py

@@ -2,6 +2,7 @@
 from frappe import _
 
 from frappe.model.document import Document
+from frappe.tests.utils import whitelist_for_tests
 from frappe.utils import cint
 
 
@@ -215,3 +216,25 @@ def good_cache():
 def test_single():
     # ok: frappe-single-value-type-safety
     frappe.db.get_single_value("ABC", "ABC", ["xyz", "xac"])
+
+
+# Test file context - these should be in test_*.py files
+# ruleid: frappe-test-whitelist-missing-protection
+@frappe.whitelist()
+def test_endpoint():
+    return "test"
+
+# ok: frappe-test-whitelist-missing-protection
+@whitelist_for_tests()
+def test_endpoint_protected():
+    return "test"
+
+# ruleid: frappe-test-whitelist-missing-protection
+@frappe.whitelist(allow_guest=True)
+def test_guest_endpoint():
+    return "test"
+
+# ok: frappe-test-whitelist-missing-protection
+@whitelist_for_tests(allow_guest=True)
+def test_guest_endpoint_protected():
+    return "test"

rules/frappe_correctness.yml

@@ -347,3 +347,24 @@ rules:
         - "**/test_*.py"
   languages: [python]
   severity: ERROR
+
+- id: frappe-test-whitelist-missing-protection
+  patterns:
+    - pattern: |
+        @frappe.whitelist(...)
+        def $FUNC(...):
+          ...
+    - pattern-not: |
+        @$ANYTHING.whitelist_for_tests(...)
+        def $FUNC(...):
+          ...
+  paths:
+    include:
+      - "**/test_*.py"
+      - "**/frappe/tests/ui_test_helpers.py"
+  message: |
+    Test endpoints should use @whitelist_for_tests() instead of @frappe.whitelist() to ensure they're only accessible in test mode.
+  languages: [python]
+  severity: ERROR
+  fix: |
+    @whitelist_for_tests(...)