mrigankpawagi · mrigankpawagi · Jun 23, 2026
diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
@@ -9,6 +9,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
+private import semmle.python.ApiGraphs
 
 /**
  * Provides default sources, and sinks for detecting
@@ -105,4 +106,14 @@ module PathInjection {
   class SanitizerFromModel extends Sanitizer {
     SanitizerFromModel() { ModelOutput::barrierNode(this, "path-injection") }
   }
+
+  /**
+   * A call to `django.utils._os.safe_join`, which validates that the resulting path
+   * stays within the base directory, considered as a sanitizer.
+   */
+  class DjangoSafeJoinSanitizer extends Sanitizer {
+    DjangoSafeJoinSanitizer() {
+      this = API::moduleImport("django").getMember("utils").getMember("_os").getMember("safe_join").getACall()
+    }
+  }
 }
diff --git a/python/ql/test/query-tests/Security/CWE-022-PathInjection/django_safe_join.py b/python/ql/test/query-tests/Security/CWE-022-PathInjection/django_safe_join.py
@@ -0,0 +1,21 @@
+from django.utils._os import safe_join
+from flask import Flask, request  # $ Source
+
+app = Flask(__name__)
+
+MEDIA_ROOT = "/var/www/media"
+
+
+@app.route("/file")
+def serve_file():
+    filename = request.args.get("filename", "")  # user input
+    # safe_join validates the path stays within MEDIA_ROOT
+    safe_path = safe_join(MEDIA_ROOT, filename)
+    open(safe_path)  # Safe - no alert expected
+
+
+@app.route("/file_unsafe")
+def serve_file_unsafe():
+    filename = request.args.get("filename", "")  # user input
+    unsafe_path = MEDIA_ROOT + "/" + filename
+    open(unsafe_path)  # $ Alert