Python: Make any routed parameter a RemoteFlowSource

I'm not 100% sure whether this approach makes everything too magic, but I like
the fact that you can't _forget_ to make routed params remove-flow sources.

Author: RasmusWL

python/ql/src/experimental/dataflow/RemoteFlowSources.qll

@@ -2,6 +2,7 @@ private import python
 private import experimental.dataflow.DataFlow
 // Need to import since frameworks can extend `RemoteFlowSource::Range`
 private import experimental.semmle.python.Frameworks
+private import experimental.semmle.python.Concepts
 
 /**
  * A data flow source of remote user input.

python/ql/src/experimental/semmle/python/Concepts.qll

@@ -7,6 +7,7 @@
 import python
 private import experimental.dataflow.DataFlow
 private import experimental.semmle.python.Frameworks
+private import experimental.dataflow.RemoteFlowSources
 
 /**
  * A data-flow node that executes an operating system command,
@@ -89,5 +90,11 @@ module HTTP {
         abstract Parameter getARoutedParameter();
       }
     }
+
+    private class RoutedParameter extends RemoteFlowSource::Range, DataFlow::ParameterNode {
+      RoutedParameter() { this.getParameter() = any(RouteSetup setup).getARoutedParameter() }
+
+      override string getSourceType() { result = "RoutedParameter" }
+    }
   }
 }

python/ql/test/experimental/library-tests/frameworks/flask/TestTaint.expected

@@ -1,5 +1,5 @@
-| taint_test.py:6 | fail | test_taint | name |
-| taint_test.py:6 | fail | test_taint | number |
+| taint_test.py:6 | ok   | test_taint | name |
+| taint_test.py:6 | ok   | test_taint | number |
 | taint_test.py:7 | ok   | test_taint | foo |
 | taint_test.py:14 | ok   | test_taint | request.environ |
 | taint_test.py:15 | ok   | test_taint | request.environ.get(..) |