Python: address review

python/ql/test/experimental/library-tests/frameworks/django/SqlExecution.py

@@ -2,30 +2,22 @@ from django.db import connection, models
 from django.db.models.expressions import RawSQL
 
 
-def test_plain(username):
-    # GOOD -- Using parameters
-    connection.cursor().execute("SELECT * FROM users WHERE username = %s", username)  # $getSql="SELECT * FROM users WHERE username = %s"
-
-    # BAD -- Using string formatting
-    connection.cursor().execute("SELECT * FROM users WHERE username = '%s'" % username)  # $getSql=BinaryExpr
+def test_plain():
+    cursor = connection.cursor()
+    cursor.execute("some sql")  # $getSql="some sql"
 
 
-def test_context(username):
+def test_context():
     with connection.cursor() as cursor:
-        # GOOD -- Using parameters
-        cursor.execute("SELECT * FROM users WHERE username = %s", username)  # $getSql="SELECT * FROM users WHERE username = %s"
+        cursor.execute("some sql")  # $getSql="some sql"
 
-        # BAD -- Using string formatting
-        cursor.execute("SELECT * FROM users WHERE username = '%s'" % username)  # $getSql=BinaryExpr
 
 class User(models.Model):
     pass
 
-def test_model(username):
-    # GOOD -- Using parameters
-    User.objects.raw("SELECT * FROM users WHERE username = %s", (username,))  # $getSql="SELECT * FROM users WHERE username = %s"
 
-    # BAD -- other ways of executing raw SQL code with string interpolation
-    User.objects.annotate(RawSQL("insert into names_file ('name') values ('%s')" % username))  # $getSql=BinaryExpr
-    User.objects.raw("insert into names_file ('name') values ('%s')" % username)  # $getSql=BinaryExpr
-    User.objects.extra("insert into names_file ('name') values ('%s')" % username)  # $getSql=BinaryExpr
+def test_model():
+    User.objects.raw("some sql")  # $getSql="some sql"
+    User.objects.annotate(RawSQL("some sql"))  # $getSql="some sql"
+    User.objects.annotate(val=RawSQL("some sql"))  # $getSql="some sql"
+    User.objects.extra("some sql")  # $getSql="some sql"