Python: Alter disablesCertificateValidation to fit our needs

For the snippet below, our current query is able to show _why_ we
consider `var` to be a falsey value that would disable SSL/TLS
verification. I'm not sure we're going to need the part that Ruby did,
for being able to specify _where_ the verification was removed, but
we'll see.

```
requests.get(url, verify=var)
```

Author: RasmusWL

python/ql/lib/semmle/python/Concepts.qll

@@ -837,10 +837,14 @@ module HTTP {
       /**
        * Holds if this request is made using a mode that disables SSL/TLS
        * certificate validation, where `disablingNode` represents the point at
-       * which the validation was disabled.
+       * which the validation was disabled, and `argumentOrigin` represents the origin
+       * of the argument that disabled the validation (which could be the same node as
+       * `disablingNode`).
        */
-      predicate disablesCertificateValidation(DataFlow::Node disablingNode) {
-        super.disablesCertificateValidation(disablingNode)
+      predicate disablesCertificateValidation(
+        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+      ) {
+        super.disablesCertificateValidation(disablingNode, argumentOrigin)
       }
     }
 
@@ -868,9 +872,13 @@ module HTTP {
         /**
          * Holds if this request is made using a mode that disables SSL/TLS
          * certificate validation, where `disablingNode` represents the point at
-         * which the validation was disabled.
+         * which the validation was disabled, and `argumentOrigin` represents the origin
+         * of the argument that disabled the validation (which could be the same node as
+         * `disablingNode`).
          */
-        abstract predicate disablesCertificateValidation(DataFlow::Node disablingNode);
+        abstract predicate disablesCertificateValidation(
+          DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+        );
       }
     }
 

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -479,7 +479,9 @@ class CryptographicOperationTest extends InlineExpectationsTest {
 class HttpClientRequestTest extends InlineExpectationsTest {
   HttpClientRequestTest() { this = "HttpClientRequestTest" }
 
-  override string getARelevantTag() { result = "clientRequestUrl" }
+  override string getARelevantTag() {
+    result in ["clientRequestUrl", "clientRequestDisablesCertValidation"]
+  }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
@@ -490,5 +492,14 @@ class HttpClientRequestTest extends InlineExpectationsTest {
       value = prettyNodeForInlineTest(url) and
       tag = "clientRequestUrl"
     )
+    or
+    exists(location.getFile().getRelativePath()) and
+    exists(HTTP::Client::Request req, DataFlow::Node disablingNode |
+      req.disablesCertificateValidation(disablingNode, _) and
+      location = disablingNode.getLocation() and
+      element = disablingNode.toString() and
+      value = prettyNodeForInlineTest(disablingNode) and
+      tag = "clientRequestDisablesCertValidation"
+    )
   }
 }