seitime-frappe/.github/helper/semgrep_rules/security.yml

rules:
- id: frappe-codeinjection-eval
  patterns:
  - pattern-not: eval("...")
  - pattern: eval(...)
  message: |
    Detected the use of eval(). eval() can be dangerous if used to evaluate
    dynamic content. Avoid it or use safe_eval().
  languages: [python]
  severity: ERROR
  paths:
    exclude:
      - frappe/__init__.py
      - frappe/commands/utils.py