Python: Exclude AF_UNIX sockets from BindToAllInterfaces

Looking at the results of the the previous DCA run, there was a bunch of
false positives where `bind` was being used with a `AF_UNIX` socket (a
filesystem path encoded as a string), not a `(host, port)` tuple. These
results should be excluded from the query, as they are not vulnerable.

Ideally, we would just add `.TupleElement[0]` to the MaD sink, except we
don't actually support this in Python MaD...

So, instead I opted for a more low-tech solution: check that the
argument in question flows from a tuple in the local scope.

This eliminates a bunch of false positives on `python/cpython` leaving
behind four true positive results.

python/ql/src/Security/CVE-2018-1281/BindToAllInterfaces.ql

@@ -42,8 +42,20 @@ private module BindToAllInterfacesFlow = TaintTracking::Global<BindToAllInterfac
 
 private import BindToAllInterfacesFlow
 
+/**
+ * Holds if `sink` is the address argument of a `bind()` call on a
+ * network socket (AF_INET or AF_INET6), as opposed to a Unix domain
+ * socket (AF_UNIX) which takes a plain string path.
+ *
+ * Network socket addresses are tuples like `(host, port)`, so we check
+ * that the sink argument is a tuple, by looking for flow from a tuple expression.
+ */
+private predicate isNetworkBind(DataFlow::Node sink) {
+  any(DataFlow::LocalSourceNode n | n.asExpr() instanceof Tuple).flowsTo(sink)
+}
+
 from PathNode source, PathNode sink
-where flowPath(source, sink)
+where flowPath(source, sink) and isNetworkBind(sink.getNode())
 select sink.getNode(), source, sink,
   "Binding a socket to all interfaces (using $@) is a security risk.", source.getNode(),
   "'" + source.getNode().asExpr().(StringLiteral).getText() + "'"