Python: Model fabric v1.x command injection sinks

python/ql/test/library-tests/security/command-execution/CommandSinks.expected

@@ -1,9 +1,12 @@
-| fabric_test.py:10:16:10:25 | InvokeContextRun | externally controlled string |
-| fabric_test.py:12:15:12:36 | InvokeContextRun | externally controlled string |
-| fabric_test.py:16:45:16:54 | FabricGroupRun | externally controlled string |
-| fabric_test.py:21:10:21:13 | FabricGroupRun | externally controlled string |
-| fabric_test.py:31:14:31:41 | InvokeContextRun | externally controlled string |
-| fabric_test.py:33:15:33:64 | InvokeContextRun | externally controlled string |
+| fabric_v1_test.py:8:7:8:28 | FabricV1Commands | externally controlled string |
+| fabric_v1_test.py:9:5:9:27 | FabricV1Commands | externally controlled string |
+| fabric_v1_test.py:10:6:10:38 | FabricV1Commands | externally controlled string |
+| fabric_v2_test.py:10:16:10:25 | InvokeContextRun | externally controlled string |
+| fabric_v2_test.py:12:15:12:36 | InvokeContextRun | externally controlled string |
+| fabric_v2_test.py:16:45:16:54 | FabricGroupRun | externally controlled string |
+| fabric_v2_test.py:21:10:21:13 | FabricGroupRun | externally controlled string |
+| fabric_v2_test.py:31:14:31:41 | InvokeContextRun | externally controlled string |
+| fabric_v2_test.py:33:15:33:64 | InvokeContextRun | externally controlled string |
 | invoke_test.py:8:12:8:21 | InvokeRun | externally controlled string |
 | invoke_test.py:9:20:9:40 | InvokeRun | externally controlled string |
 | invoke_test.py:12:17:12:24 | InvokeRun | externally controlled string |

python/ql/test/library-tests/security/command-execution/fabric_v1_test.py

@@ -0,0 +1,10 @@
+"""tests for the 'fabric' package (v1.x)
+
+See http://docs.fabfile.org/en/1.14/tutorial.html
+"""
+
+from fabric.api import run, local, sudo
+
+local('echo local execution')
+run('echo remote execution')
+sudo('echo remote execution with sudo')