Python: Re-introduce Response::instance() in flask model

We don't actually need it for anything right now, but I have plans for the
future where would need it.

Although it would be nice to have it as an `API::Node`, and we could re-write
implementations so we could provide it in this instance, I'm not convinced we
can do that in general right now.

For example, if <n'th> parameter of a function has to be modeled as belonging to
a certain type, I don't see any way to specify that as an API::Node.

For me, that's ok. Until we _can_ specify things like this as API::Nodes in the
future, I would like to keep things consistent, and use `DataFlow::Node` as the
result type.

Author: RasmusWL

python/ql/src/semmle/python/frameworks/Flask.qll

@@ -155,9 +155,17 @@ private module FlaskModel {
 
       override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
     }
-    // TODO: Enable again, but take `InstanceSource` into account
-    // /** Gets a reference to an instance of `flask.Response`. */
-    // API::Node instance() { result = classRef().getReturn() }
+
+    /** Gets a reference to an instance of `flask.Response`. */
+    private DataFlow::LocalSourceNode instance(DataFlow::TypeTracker t) {
+      t.start() and
+      result instanceof InstanceSource
+      or
+      exists(DataFlow::TypeTracker t2 | result = instance(t2).track(t2, t))
+    }
+
+    /** Gets a reference to an instance of `flask.Response`. */
+    DataFlow::Node instance() { instance(DataFlow::TypeTracker::end()).flowsTo(result) }
   }
 
   // ---------------------------------------------------------------------------