Apply suggestions from code review

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>

Author: yoff

python/ql/src/experimental/semmle/python/frameworks/Django.qll

@@ -280,19 +280,19 @@ private module Django {
             DataFlow::Node classRef() { result = classRef(DataFlow::TypeTracker::end()) }
 
             /** Gets an instance of the `django.db.models.expressions.RawSQL` class. */
-            private DataFlow::Node classInstance(DataFlow::TypeTracker t, ControlFlowNode sql) {
+            private DataFlow::Node instance(DataFlow::TypeTracker t, ControlFlowNode sql) {
               t.start() and
               exists(CallNode c | result.asCfgNode() = c |
                 c.getFunction() = classRef().asCfgNode() and
                 c.getArg(0) = sql
               )
               or
-              exists(DataFlow::TypeTracker t2 | result = classInstance(t2, sql).track(t2, t))
+              exists(DataFlow::TypeTracker t2 | result = instance(t2, sql).track(t2, t))
             }
 
             /** Gets an instance of the `django.db.models.expressions.RawSQL` class. */
-            DataFlow::Node classInstance(ControlFlowNode sql) {
-              result = classInstance(DataFlow::TypeTracker::end(), sql)
+            DataFlow::Node instance(ControlFlowNode sql) {
+              result = instance(DataFlow::TypeTracker::end(), sql)
             }
           }
         }
@@ -327,7 +327,7 @@ private module Django {
 
       ObjectsAnnotate() {
         node.getFunction() = django::db::models::objects_attr("annotate").asCfgNode() and
-        django::db::models::expressions::RawSQL::classInstance(sql).asCfgNode() in [node.getArg(_),
+        django::db::models::expressions::RawSQL::instance(sql).asCfgNode() in [node.getArg(_),
               node.getArgByName(_)]
       }
 

python/ql/test/experimental/library-tests/frameworks/django/SqlExecution.py

@@ -20,6 +20,7 @@ class User(models.Model):
 def test_model():
     User.objects.raw("some sql")  # $getSql="some sql"
     User.objects.annotate(RawSQL("some sql"))  # $getSql="some sql"
+    User.objects.annotate(RawSQL("foo"), RawSQL("bar"))  # $getSql="foo" $getSql="bar"
     User.objects.annotate(val=RawSQL("some sql"))  # $getSql="some sql"
     User.objects.extra("some sql")  # $getSql="some sql"
     User.objects.extra(select="select", where="where", tables="tables", order_by="order_by")  # $getSql="select" $getSql="where" $getSql="tables" $getSql="order_by"