Python: Add prefix sanitizer on URL redirect query

This doesn't cover 100% of what we want to, but matches what we used to.

python/ql/src/semmle/python/security/dataflow/UrlRedirect.qll

@@ -22,6 +22,15 @@ class UrlRedirectConfiguration extends TaintTracking::Configuration {
     sink = any(HTTP::Server::HttpRedirectResponse e).getRedirectLocation()
   }
 
+  override predicate isSanitizer(DataFlow::Node node) {
+    // Url redirection is a problem only if the user controls the prefix of the URL.
+    // This is a copy of the taint-sanitizer from the old points-to query, which doesn't
+    // cover formatting.
+    exists(BinaryExprNode string_concat | string_concat.getOp() instanceof Add |
+      string_concat.getRight() = node.asCfgNode()
+    )
+  }
+
   override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
     guard instanceof StringConstCompare
   }