Python: Accept any arg to flask.jsonify

Thanks @tausbn 👍

Author: RasmusWL

python/ql/lib/semmle/python/frameworks/Flask.qll

@@ -178,11 +178,9 @@ module Flask {
      * - https://flask.palletsprojects.com/en/2.2.x/api/#flask.json.jsonify
      */
     private class FlaskJsonifyCall extends InstanceSource, DataFlow::CallCfgNode {
-      FlaskJsonifyCall() {
-        this = API::moduleImport("flask").getMember("jsonify").getACall()
-      }
+      FlaskJsonifyCall() { this = API::moduleImport("flask").getMember("jsonify").getACall() }
 
-      override DataFlow::Node getBody() { result = this.getArg(0) }
+      override DataFlow::Node getBody() { result in [this.getArg(_), this.getArgByName(_)] }
 
       override string getMimetypeDefault() { result = "application/json" }
 

python/ql/test/library-tests/frameworks/flask/response_test.py

@@ -66,8 +66,8 @@ def html8():  # $requestHandler
 
 @app.route("/jsonify")  # $routeSetup="/jsonify"
 def jsonify_route():  # $requestHandler
-    data = {"foo": "bar"}
-    resp = jsonify(data)  # $ HttpResponse mimetype=application/json responseBody=data
+    x = "x"; y = "y"; z = "z"
+    resp = jsonify(x, y, z=z)  # $ HttpResponse mimetype=application/json responseBody=x responseBody=y responseBody=z
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
 
 ################################################################################