JS: Add model of Map#groupBy

Author: asgerf

javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll

@@ -118,3 +118,23 @@ class MapSet extends SummarizedCallable {
     )
   }
 }
+
+class MapGroupBy extends SummarizedCallable {
+  MapGroupBy() { this = "Map#groupBy" }
+
+  override DataFlow::CallNode getACallSimple() {
+    result = mapConstructorRef().getAMemberCall("groupBy") and
+    result.getNumArgument() = 2
+  }
+
+  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+    preservesValue = true and
+    (
+      input = "Argument[0].ArrayElement" and
+      output = ["Argument[1].Parameter[0]", "ReturnValue.MapValue.ArrayElement"]
+      or
+      input = "Argument[1].ReturnValue" and
+      output = "ReturnValue.MapKey"
+    )
+  }
+}

javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected

@@ -35,7 +35,6 @@ legacyDataFlowDifference
 | spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library |
 | spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:17:10:17:10 | a | only flow with OLD data flow library |
-| tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item | only flow with OLD data flow library |
 | tst.js:82:23:82:30 | source() | tst.js:84:14:84:20 | grouped | only flow with OLD data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 consistencyIssue
@@ -321,6 +320,7 @@ flow
 | tst.js:2:13:2:20 | source() | tst.js:102:10:102:14 | xWith |
 | tst.js:75:22:75:29 | source() | tst.js:75:10:75:52 | Map.gro ... (item)) |
 | tst.js:75:22:75:29 | source() | tst.js:75:47:75:50 | item |
+| tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item |
 | tst.js:87:22:87:29 | source() | tst.js:90:14:90:25 | taintedValue |
 | tst.js:93:22:93:29 | source() | tst.js:96:14:96:25 | taintedValue |
 | tst.js:93:22:93:29 | source() | tst.js:97:14:97:26 | map.get(true) |

javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected

@@ -27,6 +27,7 @@ legacyDataFlowDifference
 | spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library |
 | tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library |
+| tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item | only flow with NEW data flow library |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
 flow
 | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x |
@@ -190,6 +191,7 @@ flow
 | tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary |
 | tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary |
 | tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe |
+| tst.js:82:23:82:30 | source() | tst.js:83:58:83:61 | item |
 | tst.js:93:22:93:29 | source() | tst.js:96:14:96:25 | taintedValue |
 | tst.js:93:22:93:29 | source() | tst.js:97:14:97:26 | map.get(true) |
 | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x |

javascript/ql/test/library-tests/TaintTracking/tst.js

@@ -80,7 +80,7 @@ function test() {
     }
     {
         const list = [source()];
-        const grouped = Map.groupBy(list, (item) => sink(item)); // NOT OK [INCONSISTENCY]
+        const grouped = Map.groupBy(list, (item) => sink(item)); // NOT OK
         sink(grouped); // NOT OK [INCONSISTENCY]
     }
     {