python: add qldoc and refactor

The logic of which steps an `AdditionalTaintStep` has defined
is now pushed into the defitnion of `AdditionalTaintStep`.

python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll

@@ -27,10 +27,7 @@ private module Cached {
   predicate defaultAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) {
     localAdditionalTaintStep(nodeFrom, nodeTo, model)
     or
-    any(AdditionalTaintStep a).step(nodeFrom, nodeTo) and
-    model = "AdditionalTaintStep"
-    or
-    any(AdditionalTaintStep a).step(nodeFrom, nodeTo, model)
+    any(AdditionalTaintStep a).hasStep(nodeFrom, nodeTo, model)
   }
 
   /**

python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPublic.qll

@@ -47,8 +47,25 @@ class AdditionalTaintStep extends Unit {
   /**
    * Holds if the step from `nodeFrom` to `nodeTo` should be considered a taint
    * step for all configurations.
+   *
+   * Note that it is now possible to also specify provenance of the taint step
+   * by overwriting `step/3`.
    */
   predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { none() }
 
+  /**
+   * Holds if the step from `nodeFrom` to `nodeTo` should be considered a taint
+   * step with provenance `model` for all configurations.
+   */
   predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) { none() }
+
+  /**
+   * Holds if this `AdditionalTaintStep` defines a step from `nodeFrom` to `nodeTo`
+   * with provenance `model`.
+   */
+  final predicate hasStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, string model) {
+    this.step(nodeFrom, nodeTo) and model = "AdditionalTaintStep"
+    or
+    this.step(nodeFrom, nodeTo, model)
+  }
 }