Python: Add tests of requests

Also adjusts test slightly. Writing
`clientRequestDisablesCertValidation=False` to mean that certificate
validation was disabled by the `False` expression is just confusing, as
it easily reads as _certificate validate was NOT disabled_ :|

The new one ties to each request that is being made, which seems like
the right setup.

Author: RasmusWL

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -480,7 +480,7 @@ class HttpClientRequestTest extends InlineExpectationsTest {
   HttpClientRequestTest() { this = "HttpClientRequestTest" }
 
   override string getARelevantTag() {
-    result in ["clientRequestUrl", "clientRequestDisablesCertValidation"]
+    result in ["clientRequestUrl", "clientRequestCertValidationDisabled"]
   }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
@@ -494,12 +494,12 @@ class HttpClientRequestTest extends InlineExpectationsTest {
     )
     or
     exists(location.getFile().getRelativePath()) and
-    exists(HTTP::Client::Request req, DataFlow::Node disablingNode |
-      req.disablesCertificateValidation(disablingNode, _) and
-      location = disablingNode.getLocation() and
-      element = disablingNode.toString() and
-      value = prettyNodeForInlineTest(disablingNode) and
-      tag = "clientRequestDisablesCertValidation"
+    exists(HTTP::Client::Request req |
+      req.disablesCertificateValidation(_, _) and
+      location = req.getLocation() and
+      element = req.toString() and
+      value = "" and
+      tag = "clientRequestCertValidationDisabled"
     )
   }
 }

python/ql/test/library-tests/frameworks/requests/ConceptsTest.expected

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/library-tests/frameworks/requests/ConceptsTest.ql

@@ -0,0 +1,3 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+failures

python/ql/test/library-tests/frameworks/requests/InlineTaintTest.expected

@@ -0,0 +1 @@
+import experimental.meta.InlineTaintTest

python/ql/test/library-tests/frameworks/requests/InlineTaintTest.ql

@@ -0,0 +1,50 @@
+import requests
+
+resp = requests.get("url") # $ MISSING: clientRequestUrl="url"
+resp = requests.get(url="url") # $ MISSING: clientRequestUrl="url"
+
+resp = requests.request("GET", "url") # $ MISSING: clientRequestUrl="url"
+
+with requests.Session() as session:
+    resp = session.get("url") # $ MISSING: clientRequestUrl="url"
+    resp = session.request(method="GET", url="url") # $ MISSING: clientRequestUrl="url"
+
+s = requests.Session()
+resp = s.get("url") # $ MISSING: clientRequestUrl="url"
+
+s = requests.session()
+resp = s.get("url") # $ MISSING: clientRequestUrl="url"
+
+# test full import path for Session
+with requests.sessions.Session() as session:
+    resp = session.get("url") # $ MISSING: clientRequestUrl="url"
+
+# Low level access
+req = requests.Request("GET", "url") # $ MISSING: clientRequestUrl="url"
+resp = s.send(req.prepare())
+
+# other methods than GET
+resp = requests.post("url") # $ MISSING: clientRequestUrl="url"
+resp = requests.patch("url") # $ MISSING: clientRequestUrl="url"
+resp = requests.options("url") # $ MISSING: clientRequestUrl="url"
+
+# ==============================================================================
+# Disabling certificate validation
+# ==============================================================================
+
+resp = requests.get("url", verify=False) # $ MISSING: clientRequestUrl="url" clientRequestCertValidationDisabled
+
+def make_get(verify_arg):
+    resp = requests.get("url", verify=verify_arg) # $ MISSING: clientRequestUrl="url" clientRequestCertValidationDisabled
+
+make_get(False)
+
+
+with requests.Session() as session:
+    # see https://github.com/psf/requests/blob/39d0fdd9096f7dceccbc8f82e1eda7dd64717a8e/requests/sessions.py#L621
+    session.verify = False
+    resp = session.get("url") # $ MISSING: clientRequestUrl="url" clientRequestCertValidationDisabled
+    resp = session.get("url", verify=True) # $ MISSING: clientRequestUrl="url"
+
+    req = requests.Request("GET", "url") # $ MISSING: clientRequestUrl="url"
+    resp = session.send(req.prepare()) # $ MISSING: clientRequestCertValidationDisabled