Python: Add test for copy.replace

This test demonstrates the current state of affairs: that `copy.replace`
essentially blocks all flow of taint through it, because it has not been
modelled yet.

Author: tausbn

python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py

@@ -166,6 +166,34 @@ def test_copy_2():
         copy.deepcopy(TAINTED_LIST), # $ tainted
     )
 
+def test_replace():
+    from copy import replace
+
+    class C:
+        def __init__(self, always_tainted, tainted_to_safe, safe_to_tainted, always_safe):
+            self.always_tainted = always_tainted
+            self.tainted_to_safe = tainted_to_safe
+            self.safe_to_tainted = safe_to_tainted
+            self.always_safe = always_safe
+
+    c = C(always_tainted=TAINTED_STRING,
+          tainted_to_safe=TAINTED_STRING,
+          safe_to_tainted=NOT_TAINTED,
+          always_safe=NOT_TAINTED)
+
+    d = replace(c, tainted_to_safe=NOT_TAINTED, safe_to_tainted=TAINTED_STRING)
+
+    ensure_tainted(d.always_tainted) # $ MISSING: tainted
+    ensure_tainted(d.safe_to_tainted) # $ MISSING: tainted
+    ensure_not_tainted(d.always_safe)
+
+    # Currently, we have no way of stopping the value in the tainted_to_safe field (which gets
+    # overwritten) from flowing through the replace call, which means we get a spurious result.
+
+    ensure_not_tainted(d.tainted_to_safe) # $
+
+
+
 
 def list_index_assign():
     tainted_string = TAINTED_STRING