Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue

Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false

Author: RasmusWL

python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql

@@ -43,7 +43,8 @@ where
         not exists(getAutoEscapeParameter(call))
         or
         exists(Value isFalse |
-            getAutoEscapeParameter(call).pointsTo(isFalse) and isFalse.booleanValue() = false
+            getAutoEscapeParameter(call).pointsTo(isFalse) and
+            isFalse.getDefiniteBooleanValue() = false
         )
     )
 select call, "Using jinja2 templates with autoescape=False can potentially allow XSS attacks."

python/ql/src/Security/CWE-215/FlaskDebug.ql

@@ -17,6 +17,6 @@ from CallNode call, Value isTrue
 where
     call = theFlaskClass().declaredAttribute("run").(FunctionValue).getACall() and
     call.getArgByName("debug").pointsTo(isTrue) and
-    isTrue.booleanValue() = true
+    isTrue.getDefiniteBooleanValue() = true
 select call,
     "A Flask app appears to be run in debug mode. This may allow an attacker to run arbitrary code through the debugger."

python/ql/src/Security/CWE-295/RequestWithoutValidation.ql

@@ -15,7 +15,7 @@ import semmle.python.web.Http
 FunctionValue requestFunction() { result = Module::named("requests").attr(httpVerbLower()) }
 
 /** requests treats None as the default and all other "falsey" values as False */
-predicate falseNotNone(Value v) { v.booleanValue() = false and not v = Value::none_() }
+predicate falseNotNone(Value v) { v.getDefiniteBooleanValue() = false and not v = Value::none_() }
 
 from CallNode call, FunctionValue func, Value falsey, ControlFlowNode origin
 where

python/ql/src/semmle/python/objects/ObjectAPI.qll

@@ -118,10 +118,20 @@ class Value extends TObject {
         )
     }
 
-    /** Gets the boolean value of this value. */
-    boolean booleanValue() {
+    /** Gets the boolean interpretation of this value.
+      * Could be both `true` and `false`, if we can't determine the result more precisely.
+      */
+    boolean getABooleanValue() {
         result = this.(ObjectInternal).booleanValue()
     }
+
+    /** Gets the boolean interpretation of this value, only if we can determine the result preciely.
+      * The result can be `none()`, but never both `true` and `false`.
+      */
+    boolean getDefiniteBooleanValue() {
+        result = getABooleanValue() and
+        not (getABooleanValue() = true and getABooleanValue() = false)
+    }
 }
 
 /** Class representing modules in the Python program

python/ql/test/query-tests/Security/CWE-079/Jinja2WithoutEscaping.expected

@@ -2,5 +2,4 @@
 | jinja2_escaping.py:41:5:41:29 | ControlFlowNode for Environment() | Using jinja2 templates with autoescape=False can potentially allow XSS attacks. |
 | jinja2_escaping.py:43:1:43:3 | ControlFlowNode for E() | Using jinja2 templates with autoescape=False can potentially allow XSS attacks. |
 | jinja2_escaping.py:44:1:44:15 | ControlFlowNode for E() | Using jinja2 templates with autoescape=False can potentially allow XSS attacks. |
-| jinja2_escaping.py:46:1:46:17 | ControlFlowNode for E() | Using jinja2 templates with autoescape=False can potentially allow XSS attacks. |
 | jinja2_escaping.py:53:15:53:43 | ControlFlowNode for Template() | Using jinja2 templates with autoescape=False can potentially allow XSS attacks. |