fix(python/django): FileSystemStorage call

Bearer · May 27, 2024 · fc75a0c · fc75a0c
1 parent 5190cbf
commit fc75a0c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/rules/python/django/path_using_user_input.yml b/rules/python/django/path_using_user_input.yml
@@ -2,8 +2,12 @@ imports:
   - python_shared_common_user_input
   - python_shared_lang_import4
 patterns:
-  - pattern: $<FILE_SYSTEM_STORAGE>($<...>$<USER_INPUT>$<...>)
+  - pattern: $<FILE_SYSTEM_STORAGE>($<...>$<PARAM>=$<USER_INPUT>$<...>)
     filters:
+      - variable: PARAM
+        values:
+          - location
+          - base_url
       - variable: USER_INPUT
         detection: python_shared_common_user_input
         scope: result

diff --git a/tests/python/django/path_using_user_input/testdata/main.py b/tests/python/django/path_using_user_input/testdata/main.py
@@ -1,10 +1,10 @@
 from django.core.files.storage import FileSystemStorage as FSS
 
 # bearer:expected python_django_path_using_user_input
-fs = FSS(form.cleaned_data["storage_path"])
+fs = FSS(location=form.cleaned_data["storage_path"])
 request_file = request.FILES['document']
 file = fs.save(request_file)
 
 from django.core.files.storage import default_storage
 # bearer:expected python_django_path_using_user_input
-default_storage.save(form.cleaned_data["filepath"])
+default_storage.save(location=form.cleaned_data["filepath"])