Python: Fix django regex path handling

Author: RasmusWL

python/ql/lib/semmle/python/frameworks/Django.qll

@@ -2501,13 +2501,22 @@ module PrivateDjango {
         // either using named capture groups (passed as keyword arguments) or using
         // unnamed capture groups (passed as positional arguments)
         not exists(regex.getGroupName(_, _)) and
-        // first group will have group number 1
-        result =
-          routeHandler
-              .getArg(routeHandler.getFirstPossibleRoutedParamIndex() - 1 +
-                  regex.getGroupNumber(_, _))
+        (
+          // first group will have group number 1
+          result =
+            routeHandler
+                .getArg(routeHandler.getFirstPossibleRoutedParamIndex() - 1 +
+                    regex.getGroupNumber(_, _))
+          or
+          result = routeHandler.getVararg()
+        )
         or
-        result = routeHandler.getArgByName(regex.getGroupName(_, _))
+        exists(regex.getGroupName(_, _)) and
+        (
+          result = routeHandler.getArgByName(regex.getGroupName(_, _))
+          or
+          result = routeHandler.getKwarg()
+        )
       )
     }
   }

python/ql/test/library-tests/frameworks/django-v2-v3/routing_test.py

@@ -165,11 +165,11 @@ def kwargs_param(request, **kwargs): # $ requestHandler routedParameter=kwargs
     ensure_tainted(request) # $ tainted
 
 
-def star_args_param(request, *args): # $ requestHandler MISSING: routedParameter=args
+def star_args_param(request, *args): # $ requestHandler routedParameter=args
     ensure_tainted(
-        args, # $ MISSING: tainted
-        args[0], # $ MISSING: tainted
-        args[1], # $ MISSING: tainted
+        args, # $ tainted
+        args[0], # $ tainted
+        args[1], # $ tainted
     )
     ensure_tainted(request) # $ tainted