Python: Extend SensitiveDataSource tests

Now it contains all the sort of things we actually support 👍

Author: RasmusWL

python/ql/test/experimental/dataflow/sensitive-data/test.py

@@ -19,3 +19,15 @@ def encrypt_password(pwd):
 fetch_certificate() # $ SensitiveDataSource=certificate
 account_id() # $ SensitiveDataSource=id
 safe_to_store = encrypt_password(pwd)
+
+# attributes
+foo = ObjectFromDatabase()
+foo.secret # $ SensitiveDataSource=secret
+foo.username # $ SensitiveDataSource=id
+
+# Special handling of lookups of sensitive properties
+request.args["password"], # $ MISSING: SensitiveDataSource=password
+request.args.get("password") # $ SensitiveDataSource=password
+
+# I don't think handling `getlist` is super important, just included it to show what we don't handle
+request.args.getlist("password")[0] # $ MISSING: SensitiveDataSource=password