Python: Add DuckTyping::hasUnreliableMro

The relative simplicity of the MRO computation in `DataFlowDispatch` was
causing quite a lot of FPs to appear for the "wrong number/name of
arguments in class instantiation" queries. The easiest fix was to just
exclude cases where we know the MRO computation will be imprecise --
when there are superclasses with multiple inheritance or unknown bases.

Author: tausbn

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll

@@ -2118,6 +2118,19 @@ module DuckTyping {
    */
   Function getInit(Class cls) { result = invokedFunctionFromClassConstruction(cls, "__init__") }
 
+  /**
+   * Holds if `cls` or any of its superclasses uses multiple inheritance, or
+   * has an unresolved base class. In these cases, our MRO approximation may
+   * resolve to the wrong `__init__`, so we should not flag argument mismatches.
+   */
+  predicate hasUnreliableMro(Class cls) {
+    exists(Class sup | sup = getADirectSuperclass*(cls) |
+      exists(sup.getBase(1))
+      or
+      hasUnresolvedBase(sup)
+    )
+  }
+
   /**
    * Holds if `f` overrides a method in a superclass with the same name.
    */

python/ql/src/Classes/WrongNameForArgumentInClassInstantiation.ql

@@ -43,6 +43,7 @@ predicate illegally_named_parameter(Call call, Class cls, string name) {
 from Call call, Class cls, string name, Function init
 where
   illegally_named_parameter(call, cls, name) and
+  not DuckTyping::hasUnreliableMro(cls) and
   init = DuckTyping::getInit(cls)
 select call, "Keyword argument '" + name + "' is not a supported parameter name of $@.", init,
   init.getQualifiedName()

python/ql/src/Classes/WrongNumberArgumentsInClassInstantiation.ql

@@ -78,6 +78,7 @@ where
     too = "too few arguments" and
     should = "no fewer than "
   ) and
+  not DuckTyping::hasUnreliableMro(cls) and
   init = DuckTyping::getInit(cls)
 select call, "Call to $@ with " + too + "; should be " + should + limit.toString() + ".", init,
   init.getQualifiedName()