Skip to content

Commit b39505e

Browse files
ankushankush
committed
rule: frappe set_user is dangerous
1 parent 8835466 commit b39505e

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

rules/security/authorization.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,13 @@ rules:
1010
Avoid using "All" role. It's available to every user, including website user.
1111
languages: [json]
1212
severity: WARNING
13+
14+
- id: frappe-setuser
15+
patterns:
16+
- pattern-either:
17+
- pattern: frappe.set_user(...)
18+
message: |
19+
Detected the use of functions that can be dangerous if used incorrectly.
20+
This code should be manually audited by security team.
21+
languages: [python]
22+
severity: WARNING

0 commit comments

Comments
 (0)