add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases

python/ql/src/experimental/semmle/python/Frameworks.qll

@@ -10,6 +10,7 @@ private import experimental.semmle.python.frameworks.Werkzeug
 private import experimental.semmle.python.frameworks.LDAP
 private import experimental.semmle.python.frameworks.Netmiko
 private import experimental.semmle.python.frameworks.Paramiko
+private import experimental.semmle.python.frameworks.Pexpect
 private import experimental.semmle.python.frameworks.Scrapli
 private import experimental.semmle.python.frameworks.JWT
 private import experimental.semmle.python.frameworks.Csv

python/ql/src/experimental/semmle/python/frameworks/Pexpect.qll

@@ -0,0 +1,34 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `pexpect` PyPI package.
+ * See https://pypi.org/project/pexpect/.
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.dataflow.new.RemoteFlowSources
+private import semmle.python.ApiGraphs
+import experimental.semmle.python.Concepts
+
+/**
+ * Provides models for the `pexpect` PyPI package.
+ * See https://pypi.org/project/pexpect/.
+ */
+private module Pexpect {
+  /**
+   * The calls to `pexpect.pxssh.pxssh` functions that execute commands
+   * See https://pexpect.readthedocs.io/en/stable/api/pxssh.html
+   */
+  class PexpectCommandExec extends SecondaryCommandInjection {
+    PexpectCommandExec() {
+      this =
+        API::moduleImport("pexpect")
+            .getMember("pxssh")
+            .getMember("pxssh")
+            .getReturn()
+            .getMember(["send", "sendline"])
+            .getACall()
+            .getParameter(0, "s")
+            .asSink()
+    }
+  }
+}