python: broaden local protection concept

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -520,18 +520,20 @@ class CsrfProtectionSettingTest extends InlineExpectationsTest {
   }
 }
 
-class CsrfLocalProtectionTest extends InlineExpectationsTest {
-  CsrfLocalProtectionTest() { this = "CsrfLocalProtectionTest" }
+class CsrfLocalProtectionSettingTest extends InlineExpectationsTest {
+  CsrfLocalProtectionSettingTest() { this = "CsrfLocalProtectionSettingTest" }
 
-  override string getARelevantTag() { result = "CsrfLocalProtection" }
+  override string getARelevantTag() { result = "CsrfLocalProtection" + ["Enabled", "Disabled"] }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
-    exists(CsrfLocalProtection p |
+    exists(CsrfLocalProtectionSetting p |
       location = p.getLocation() and
       element = p.toString() and
-      value = p.getProtected().getName().toString() and
-      tag = "CsrfLocalProtection"
+      value = p.getRequestHandler().getName().toString() and
+      if p.csrfEnabled()
+      then tag = "CsrfLocalProtectionEnabled"
+      else tag = "CsrfLocalProtectionDisabled"
     )
   }
 }

python/ql/test/library-tests/frameworks/django-v2-v3/response_test.py

@@ -118,7 +118,7 @@ class CustomJsonResponse(JsonResponse):
     def __init__(self, banner, content, *args, **kwargs):
         super().__init__(content, *args, content_type="text/html", **kwargs)
 
-@csrf_protect  # $CsrfLocalProtection=safe__custom_json_response
+@csrf_protect  # $CsrfLocalProtectionEnabled=safe__custom_json_response
 def safe__custom_json_response(request):
     return CustomJsonResponse("ACME Responses", {"foo": request.GET.get("foo")})  # $HttpResponse mimetype=application/json MISSING: responseBody=Dict SPURIOUS: responseBody="ACME Responses"