Python: Add HttpRedirectSinks test for django

Author: RasmusWL

python/ql/src/semmle/python/web/django/Redirect.qll

@@ -17,9 +17,6 @@ class DjangoRedirect extends HttpRedirectTaintSink {
     override string toString() { result = "django.redirect" }
 
     DjangoRedirect() {
-        exists(CallNode call |
-            redirect().getACall() = call and
-            this = call.getAnArg()
-        )
+        this = redirect().getACall().getAnArg()
     }
 }

python/ql/test/library-tests/web/django/HttpRedirectSinks.expected

@@ -0,0 +1 @@
+| test_1x.py:13:21:13:24 | django.redirect | externally controlled string |

python/ql/test/library-tests/web/django/HttpRedirectSinks.ql

@@ -0,0 +1,7 @@
+import python
+import semmle.python.web.HttpRedirect
+import semmle.python.security.strings.Untrusted
+
+from HttpRedirectTaintSink sink, TaintKind kind
+where sink.sinks(kind)
+select sink, kind

python/ql/test/query-tests/Security/lib/django/shortcuts.py

@@ -0,0 +1,7 @@
+# see https://docs.djangoproject.com/en/1.11/_modules/django/shortcuts/#redirect
+
+def render(request, template_name, context=None, content_type=None, status=None, using=None):
+    pass
+
+def redirect(to, *args, **kwargs):
+    pass