From b2bea828e3c2907c08a901efdcb30cf36b206fd3 Mon Sep 17 00:00:00 2001
From: elsapet <elizabeth@bearer.sh>
Date: Thu, 16 May 2024 13:33:40 +0200
Subject: [PATCH] fix: use instance case

---
 rules/python/shared/django/http_response.yml  | 23 +++++++++++--------
 .../django/insecure_cookie/testdata/main.py   | 11 ++++++---
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/rules/python/shared/django/http_response.yml b/rules/python/shared/django/http_response.yml
index e96373ff..f184e18a 100644
--- a/rules/python/shared/django/http_response.yml
+++ b/rules/python/shared/django/http_response.yml
@@ -1,5 +1,6 @@
 type: shared
 imports:
+  - python_shared_lang_instance
   - python_shared_lang_import2
 languages:
   - python
@@ -7,15 +8,19 @@ patterns:
   - pattern: $<HTTP_RESPONSE>
     filters:
       - variable: HTTP_RESPONSE
-        detection: python_shared_lang_import2
-        scope: cursor
+        detection: python_shared_lang_instance
+        scope: cursor_strict
         filters:
-          - variable: MODULE1
-            values: [django]
-          - variable: MODULE2
-            values: [http]
-          - variable: NAME
-            values: [HttpResponse]
+          - variable: CLASS
+            detection: python_shared_lang_import2
+            scope: cursor
+            filters:
+              - variable: MODULE1
+                values: [django]
+              - variable: MODULE2
+                values: [http]
+              - variable: NAME
+                values: [HttpResponse]
 metadata:
-  description: "Python Django HTTP Response."
+  description: "Python Django HTTP Response instance."
   id: python_shared_django_http_response
diff --git a/tests/python/django/insecure_cookie/testdata/main.py b/tests/python/django/insecure_cookie/testdata/main.py
index 8e9717c5..89be199c 100644
--- a/tests/python/django/insecure_cookie/testdata/main.py
+++ b/tests/python/django/insecure_cookie/testdata/main.py
@@ -1,8 +1,13 @@
+from django.http import HttpResponse
+
 def bad():
+  response = HttpResponse()
   # bearer:expected python_django_insecure_cookie
-  HttpResponse.set_cookie("foo", "bar", max_age=None, secure=False, httponly=False)
+  response.set_cookie("foo", "bar", max_age=None, secure=False, httponly=False)
   
 def ok(): 
-  HttpResponse.set_cookie("foo", "bar")
+  response = HttpResponse()
+  
+  response.set_cookie("foo", "bar")
   # still bad but not for this rule
-  HttpResponse.set_cookie("foo", "bar", max_age=None, secure=True, httponly=False)
\ No newline at end of file
+  response.set_cookie("foo", "bar", max_age=None, secure=True, httponly=False)
\ No newline at end of file