Python: Perform more deduplication

This cut the evaluation time on `django` down from 1.2 seconds to ~0.8
seconds (but the impact will likely be greater on bigger projects).

Author: tausbn

python/ql/src/semmle/python/dataflow/new/SensitiveDataSources.qll

@@ -195,18 +195,33 @@ private module SensitiveDataModeling {
   }
 
   /**
-   * Returns strings (primarily the names of various program entities) that may contain sensitive data
-   * with the classification `classification`.
+   * This helper predicate serves to deduplicate the results of the preceding predicates. This
+   * means that if, say, an attribute and a function parameter have the same name, then that name will
+   * only be matched once, which greatly cuts down on the number of regexp matches that have to be
+   * performed.
    *
-   * This is a helper predicate, used to limit the number of regexp matches that have to be performed.
+   * Under normal circumstances, deduplication is only performed when a predicate is materialized, and
+   * so to see the effect of this we must create a separate predicate that calculates the union of the
+   * preceding predicates.
    */
   pragma[nomagic]
-  private string sensitiveString(SensitiveDataClassification classification) {
+  private string sensitiveStringCandidate() {
     result in [
         sensitiveNameCandidate(), sensitiveAttributeNameCandidate(),
         sensitiveParameterNameCandidate(), sensitiveFunctionNameCandidate(),
         sensitiveStrConstCandidate()
-      ] and
+      ]
+  }
+
+  /**
+   * Returns strings (primarily the names of various program entities) that may contain sensitive data
+   * with the classification `classification`.
+   *
+   * This is a helper predicate, used to limit the number of regexp matches that have to be performed.
+   */
+  pragma[nomagic]
+  private string sensitiveString(SensitiveDataClassification classification) {
+    result = sensitiveStringCandidate() and
     result.regexpMatch(maybeSensitiveRegexp(classification))
   }