JS: Add: tests for taint tracking in groupBy functions

Author: Napalys

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

@@ -246,6 +246,10 @@ typeInferenceMismatch
 | tst.js:2:13:2:20 | source() | tst.js:70:10:70:18 | xReversed |
 | tst.js:2:13:2:20 | source() | tst.js:72:10:72:31 | Map.gro ... z => z) |
 | tst.js:2:13:2:20 | source() | tst.js:74:10:74:34 | Object. ... z => z) |
+| tst.js:2:13:2:20 | source() | tst.js:79:14:79:20 | grouped |
+| tst.js:75:22:75:29 | source() | tst.js:75:10:75:52 | Map.gro ... (item)) |
+| tst.js:82:23:82:30 | source() | tst.js:84:14:84:20 | grouped |
+| tst.js:87:22:87:29 | source() | tst.js:90:14:90:25 | taintedValue |
 | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text |
 | xml.js:12:17:12:24 | source() | xml.js:13:14:13:19 | result |
 | xml.js:23:18:23:25 | source() | xml.js:20:14:20:17 | attr |

javascript/ql/test/library-tests/TaintTracking/tst.js

@@ -72,4 +72,28 @@ function test() {
     sink(Map.groupBy(x, z => z)); // NOT OK
     sink(Custom.groupBy(x, z => z)); // OK
     sink(Object.groupBy(x, z => z)); // NOT OK
+    sink(Map.groupBy(source(), (item) => sink(item))); // NOT OK
+
+    { 
+        const grouped = Map.groupBy(x, (item) => sink(item)); // NOT OK -- Should be tainted, but it is not
+        sink(grouped); // NOT OK
+    }
+    {
+        const list = [source()];
+        const grouped = Map.groupBy(list, (item) => sink(item)); // NOT OK -- Should be tainted, but it is not
+        sink(grouped); // NOT OK
+    }
+    {
+        const data = source();
+        const result = Object.groupBy(data, item => item);
+        const taintedValue = result[notDefined()];
+        sink(taintedValue); // NOT OK
+    }
+    {
+        const data = source();
+        const map = Map.groupBy(data, item => item);
+        const taintedValue = map.get(true); 
+        sink(taintedValue); // NOT OK -- Should be tainted, but it is not
+        sink(map.get(true)); // NOT OK -- Should be tainted, but it is not
+    }
 }