pysa: Introduce sanitizers, models, and inline marking safe.

This commit adds three `.pysa` model files: `false_positives.pysa`
for ruling out false positive flows with `Sanitize` annotations,
`req_lib.pysa` for educating pysa about Zulip's `REQ()` pattern for
extracting user input, and `redirects.pysa` for capturing the risk
of open redirects within Zulip code. Additionally, this commit
introduces `mark_sanitized`, an identity function which can be used
to selectively clear taint in cases where `Sanitize` models will not
work. This commit also puts `mark_sanitized` to work removing known
false postive flows.

zerver/views/video_calls.py

@@ -19,6 +19,7 @@ from requests_oauthlib import OAuth2Session
 from zerver.decorator import REQ, has_request_variables, zulip_login_required
 from zerver.lib.actions import do_set_zoom_token
 from zerver.lib.exceptions import ErrorCode, JsonableError
+from zerver.lib.pysa import mark_sanitized
 from zerver.lib.response import json_success
 from zerver.lib.subdomains import get_subdomain
 from zerver.lib.validator import check_dict, check_string
@@ -57,7 +58,10 @@ def get_zoom_sid(request: HttpRequest) -> str:
     # token directly to the Zoom server.
 
     csrf.get_token(request)
-    return (
+    # Use 'mark_sanitized' to cause Pysa to ignore the flow of user controlled
+    # data out of this function. 'request.META' is indeed user controlled, but
+    # post-HMAC ouptut is no longer meaningfully controllable.
+    return mark_sanitized(
         ""
         if getattr(request, "_dont_enforce_csrf_checks", False)
         else salted_hmac("Zulip Zoom sid", request.META["CSRF_COOKIE"]).hexdigest()