Python: Add test cases for BindToAllInterfaces FNs

Adds test cases from #21582 demonstrating false negatives:
- Address stored in class attribute (`self.bind_addr`)
- `os.environ.get` with insecure default value
- `gevent.socket` (alternative socket module)

Author: tausbn

python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py

@@ -24,3 +24,35 @@
 # IPv6
 s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
 s.bind(("::", 8080)) # $ Alert[py/bind-socket-all-network-interfaces]
+
+
+# FN cases from https://github.com/github/codeql/issues/21582
+
+# Address stored in a class attribute
+class Server:
+    def __init__(self):
+        self.bind_addr = '0.0.0.0'
+        self.port = 31137
+
+    def start(self):
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind((self.bind_addr, self.port)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
+
+server = Server()
+server.start()
+
+# os.environ.get with insecure default
+import os
+host = os.environ.get('APP_HOST', '0.0.0.0')
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.bind((host, 8080)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
+
+# gevent.socket (alternative socket module)
+from gevent import socket as gsocket
+gs = gsocket.socket(gsocket.AF_INET, gsocket.SOCK_STREAM)
+gs.bind(('0.0.0.0', 31137)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]
+
+# eventlet.green.socket (another alternative socket module)
+from eventlet.green import socket as esocket
+es = esocket.socket(esocket.AF_INET, esocket.SOCK_STREAM)
+es.bind(('0.0.0.0', 31137)) # $ MISSING: Alert[py/bind-socket-all-network-interfaces]