Python: Add test for Django FileField upload_to

The output from running the test script is:

```
'rootdir/bar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/bar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/foo%2fbar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/%2e%2e%2fbar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
'rootdir/foo%c0%afbar'
[13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2
```

I didn't add a `.py` extension, so it wasn't extracted, since we don't
actually care about what we model in that file.

Author: RasmusWL

python/ql/test/library-tests/frameworks/django-v2-v3/.gitignore

@@ -0,0 +1,5 @@
+db.sqlite3
+
+# The testapp/migrations/ folder needs to be comitted to git,
+# but we don't care to store the actual migrations
+testapp/migrations/

python/ql/test/library-tests/frameworks/django-v2-v3/test_file_field

@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+
+# first run the server with
+# python manage.py makemigrations && python manage.py migrate && python manage.py runserver
+
+import requests
+
+requests.post(
+    "http://127.0.0.1:8000/app/file-test/",
+    files={"fieldname": ("foo/bar", open("/home/rasmus/TODO", "rb"))}
+)
+
+requests.post(
+    "http://127.0.0.1:8000/app/file-test/",
+    files={"fieldname": ("../bar", open("/home/rasmus/TODO", "rb"))}
+)
+
+requests.post(
+    "http://127.0.0.1:8000/app/file-test/",
+    files={"fieldname": (r"foo%2fbar", open("/home/rasmus/TODO", "rb"))}
+)
+
+requests.post(
+    "http://127.0.0.1:8000/app/file-test/",
+    files={"fieldname": (r"%2e%2e%2fbar", open("/home/rasmus/TODO", "rb"))}
+)
+
+requests.post(
+    "http://127.0.0.1:8000/app/file-test/",
+    files={"fieldname": (r"foo%c0%afbar", open("/home/rasmus/TODO", "rb"))}
+)

python/ql/test/library-tests/frameworks/django-v2-v3/testapp/models.py

@@ -1,3 +1,10 @@
+import os.path
+
 from django.db import models
 
-# Create your models here.
+def custom_path_function(instance, filename):
+    print(repr(os.path.join("rootdir", filename)))
+    raise NotImplementedError()
+
+class MyModel(models.Model):
+    upload = models.FileField(upload_to=custom_path_function)

python/ql/test/library-tests/frameworks/django-v2-v3/testapp/urls.py

@@ -14,6 +14,8 @@
 
     path("CustomRedirectView/<foo>", views.CustomRedirectView.as_view()),  # $routeSetup="CustomRedirectView/<foo>"
     path("CustomRedirectView2/<foo>", views.CustomRedirectView2.as_view()),  # $routeSetup="CustomRedirectView2/<foo>"
+
+    path("file-test/", views.file_test), # $routeSetup="file-test/"
 ]
 
 from django import __version__ as django_version

python/ql/test/library-tests/frameworks/django-v2-v3/testapp/views.py

@@ -2,6 +2,7 @@
 from django.views.generic import View, RedirectView
 from django.views.decorators.csrf import csrf_exempt
 
+from .models import MyModel
 
 def foo(request: HttpRequest):  # $requestHandler
     return HttpResponse("foo")  # $HttpResponse
@@ -45,3 +46,13 @@ def get_redirect_url(self, foo): # $ requestHandler routedParameter=foo
 class CustomRedirectView2(RedirectView):
 
     url = "https://example.com/%(foo)s"
+
+
+# Test of FileField upload_to functions
+def file_test(request: HttpRequest): # $ requestHandler
+    model = MyModel(upload=request.FILES['fieldname'])
+    try:
+        model.save()
+    except NotImplementedError:
+        pass
+    return HttpResponse("ok") # $ HttpResponse

python/ql/test/library-tests/frameworks/django-v2-v3/testproj/settings.py

@@ -74,12 +74,12 @@
 # Database
 # https://docs.djangoproject.com/en/3.1/ref/settings/#databases
 
-# DATABASES = {
-#     'default': {
-#         'ENGINE': 'django.db.backends.sqlite3',
-#         'NAME': BASE_DIR / 'db.sqlite3',
-#     }
-# }
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': BASE_DIR / 'db.sqlite3',
+    }
+}
 
 
 # Password validation