Python: Show problem with os.path modeling

This is not a very good test for showing that we don't handle direct imports,
but it was the best I had available without inventing something new. It's very
fragile, since any of these would propagate taint (due to handling all `join`
calls as if the qualifier was a string):

    ospath_alias.join(ts)
    ospath_alias.join(ts, "foo", "bar")

But this test DOES serve the purpose of illustrating that my fix works :D

Author: RasmusWL

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected

@@ -137,9 +137,10 @@
 | test_string.py:143 | fail | binary_decode_encode | base64.decodestring(..) |
 | test_string.py:148 | fail | binary_decode_encode | quopri.encodestring(..) |
 | test_string.py:149 | fail | binary_decode_encode | quopri.decodestring(..) |
-| test_string.py:158 | ok   | test_os_path_join | os.path.join(..) |
 | test_string.py:159 | ok   | test_os_path_join | os.path.join(..) |
 | test_string.py:160 | ok   | test_os_path_join | os.path.join(..) |
+| test_string.py:161 | ok   | test_os_path_join | os.path.join(..) |
+| test_string.py:162 | fail | test_os_path_join | ospath_alias.join(..) |
 | test_unpacking.py:16 | ok   | unpacking | a |
 | test_unpacking.py:16 | ok   | unpacking | b |
 | test_unpacking.py:16 | ok   | unpacking | c |

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py

@@ -152,12 +152,14 @@ def binary_decode_encode():
 
 def test_os_path_join():
     import os
+    import os.path as ospath_alias
     print("\n# test_os_path_join")
     ts = TAINTED_STRING
     ensure_tainted(
         os.path.join(ts, "foo", "bar"),
         os.path.join(ts),
         os.path.join("foo", "bar", ts),
+        ospath_alias.join("foo", "bar", ts),
     )