Python: Bring back Path Injection query

Which was accidentially removed when resolving a merge conflict.

Author: RasmusWL

python/ql/src/Security/CWE-022/PathInjection.ql

@@ -0,0 +1,24 @@
+/**
+ * @name Uncontrolled data used in path expression
+ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
+ * @kind path-problem
+ * @problem.severity error
+ * @sub-severity high
+ * @precision high
+ * @id py/path-injection
+ * @tags correctness
+ *       security
+ *       external/owasp/owasp-a1
+ *       external/cwe/cwe-022
+ *       external/cwe/cwe-023
+ *       external/cwe/cwe-036
+ *       external/cwe/cwe-073
+ *       external/cwe/cwe-099
+ */
+
+import python
+import semmle.python.security.dataflow.PathInjection
+
+from CustomPathNode source, CustomPathNode sink
+where pathInjection(source, sink)
+select sink, source, sink, "This path depends on $@.", source, "a user-provided value"