C#: Add example of failing taint flow for collections in sinks.

Author: michaelnebel

csharp/ql/test/library-tests/tainttracking/collections/CollectionTaintTracking.cs

@@ -0,0 +1,13 @@
+public class CollectionTaintTracking
+{
+    public void ImplicitCollectionReadAtSink()
+    {
+        var tainted = Source<object>(1);
+        var arr = new object[] { tainted };
+        Sink(arr); // $ hasTaintFlow=1
+    }
+
+    static T Source<T>(object source) => throw null;
+
+    public static void Sink<T>(T t) { }
+}

csharp/ql/test/library-tests/tainttracking/collections/CollectionTaintTracking.expected

@@ -0,0 +1,7 @@
+models
+edges
+nodes
+subpaths
+testFailures
+| CollectionTaintTracking.cs:10:20:10:38 | // ... | Missing result: hasTaintFlow=1 |
+#select

csharp/ql/test/library-tests/tainttracking/collections/CollectionTaintTracking.ql

@@ -0,0 +1,12 @@
+/**
+ * @kind path-problem
+ */
+
+import csharp
+import utils.test.InlineFlowTest
+import TaintFlowTest<DefaultFlowConfig>
+import PathGraph
+
+from PathNode source, PathNode sink
+where flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()

csharp/ql/test/library-tests/tainttracking/collections/options

@@ -0,0 +1,2 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj