Add tests for jinja

python/ql/src/Security/CWE-074/TemplateInjection.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Server Side Template Injection
+ * @description Using user-controlled data to create a template can lead to remote code execution or cross site scripting.
+ * @kind path-problem
+ * @problem.severity error
+ * @precision high
+ * @id py/template-injection
+ * @tags security
+ *       external/cwe/cwe-074
+ */
+
+import python
+import semmle.python.security.dataflow.TemplateInjectionQuery
+import TemplateInjectionFlow::PathGraph
+
+from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink
+where TemplateInjectionFlow::flowPath(source, sink)
+select sink.getNode(), source, sink, "This Template construction depends on $@.", source.getNode(),
+  "user-provided value"