From 5774ce247996eec36c48b534c11a3d99b3be9bcf Mon Sep 17 00:00:00 2001
From: jorgectf <jorgectf@protonmail.com>
Date: Mon, 8 Nov 2021 10:34:16 +0100
Subject: [PATCH] Improve `django` test

---
 .../Security/CWE-079/django_mail.py           | 39 ++++++++++---------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/django_mail.py b/python/ql/test/experimental/query-tests/Security/CWE-079/django_mail.py
index 4df6369110f..178e8decc79 100644
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/django_mail.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-079/django_mail.py
@@ -1,24 +1,25 @@
-from flask import request, Flask
+import django.http
 from django.core.mail import send_mail, mail_admins, mail_managers
 
-app = Flask(__name__)
 
-@app.route("/send")
-def send():
-  """
-  The Django.core.mail#send_mail function source code can be found in the link below:
-  https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/core/mail/__init__.py#L38
+def django_response(request):
+    """
+      The Django.core.mail#send_mail function source code can be found in the link below:
+      https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/core/mail/__init__.py#L38
 
-  send_mass_mail does not provide html_message as an argument to it's function. See the link below for more info: 
-  https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/core/mail/__init__.py#L64
-  """
-  send_mail("Subject", "plain-text body", "from@example.com", ["to@example.com"], html_message=request.args("html"))
+      send_mass_mail does not provide html_message as an argument to it's function. See the link below for more info: 
+      https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/core/mail/__init__.py#L64
+      """
+    send_mail("Subject", "plain-text body", "from@example.com",
+              ["to@example.com"], html_message=django.http.request.GET.get("html"))
 
-@app.route("/internal")
-def internal():
-  """
-  The Django.core.mail#mail_admins and Django.core.mail#mail_managers functions source code can be found in the link below:
-  https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/core/mail/__init__.py#L90-L121
-  """
-  mail_admins("Subject", "plain-text body", html_message=request.args("html"))
-  mail_managers("Subject", "plain-text body", html_message=request.args("html"))
+
+def django_response(request):
+    """
+    The Django.core.mail#mail_admins and Django.core.mail#mail_managers functions source code can be found in the link below:
+    https://github.com/django/django/blob/ca9872905559026af82000e46cde6f7dedc897b6/django/core/mail/__init__.py#L90-L121
+    """
+    mail_admins("Subject", "plain-text body",
+                html_message=django.http.request.GET.get("html"))
+    mail_managers("Subject", "plain-text body",
+                  html_message=django.http.request.GET.get("html"))