Python: Expand modeling of paramiko

Author: RasmusWL

python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql

@@ -16,11 +16,17 @@ import semmle.python.ApiGraphs
 
 private API::Node unsafe_paramiko_policy(string name) {
   name in ["AutoAddPolicy", "WarningPolicy"] and
-  result = API::moduleImport("paramiko").getMember("client").getMember(name)
+  (
+    result = API::moduleImport("paramiko").getMember("client").getMember(name)
+    or
+    result = API::moduleImport("paramiko").getMember(name)
+  )
 }
 
 private API::Node paramikoSshClientInstance() {
   result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn()
+  or
+  result = API::moduleImport("paramiko").getMember("SSHClient").getReturn()
 }
 
 from DataFlow::CallCfgNode call, DataFlow::Node arg, string name

python/ql/test/query-tests/Security/CWE-295-MissingHostKeyValidation/MissingHostKeyValidation.expected

@@ -2,3 +2,4 @@
 | paramiko_host_key.py:7:1:7:49 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |
 | paramiko_host_key.py:11:1:11:51 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |
 | paramiko_host_key.py:13:1:13:51 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |
+| paramiko_host_key.py:20:1:20:58 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |