fix: use instance case

rules/python/shared/django/http_response.yml

@@ -1,21 +1,26 @@
 type: shared
 imports:
+  - python_shared_lang_instance
   - python_shared_lang_import2
 languages:
   - python
 patterns:
   - pattern: $<HTTP_RESPONSE>
     filters:
       - variable: HTTP_RESPONSE
-        detection: python_shared_lang_import2
-        scope: cursor
+        detection: python_shared_lang_instance
+        scope: cursor_strict
         filters:
-          - variable: MODULE1
-            values: [django]
-          - variable: MODULE2
-            values: [http]
-          - variable: NAME
-            values: [HttpResponse]
+          - variable: CLASS
+            detection: python_shared_lang_import2
+            scope: cursor
+            filters:
+              - variable: MODULE1
+                values: [django]
+              - variable: MODULE2
+                values: [http]
+              - variable: NAME
+                values: [HttpResponse]
 metadata:
-  description: "Python Django HTTP Response."
+  description: "Python Django HTTP Response instance."
   id: python_shared_django_http_response

tests/python/django/insecure_cookie/testdata/main.py

@@ -1,8 +1,13 @@
+from django.http import HttpResponse
+
 def bad():
+  response = HttpResponse()
   # bearer:expected python_django_insecure_cookie
-  HttpResponse.set_cookie("foo", "bar", max_age=None, secure=False, httponly=False)
+  response.set_cookie("foo", "bar", max_age=None, secure=False, httponly=False)
 
 def ok(): 
-  HttpResponse.set_cookie("foo", "bar")
+  response = HttpResponse()
+
+  response.set_cookie("foo", "bar")
   # still bad but not for this rule
-  HttpResponse.set_cookie("foo", "bar", max_age=None, secure=True, httponly=False)
+  response.set_cookie("foo", "bar", max_age=None, secure=True, httponly=False)