django-filter builds Django QuerySet filters from query params. FilterSet.qs runs the filtered query — injection is impossible via the FilterSet, but custom filter methods that build raw SQL are sinks.
.FilterSet()Sanitizerdjango_filters.FilterSet(data=None, queryset=None, request=None, prefix=None)
Builds filtered QuerySet from query params.
return| FQN | Field | |
|---|---|---|
| django_filters | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyDjangoFilters