C#: Add implicit conversion operator taint example.

Author: michaelnebel

csharp/ql/test/library-tests/dataflow/operators/ImplicitConversionOperator.cs

@@ -0,0 +1,14 @@
+using System;
+
+public class TestImplicitConversionOperator
+{
+    static void Sink(object o) { }
+    static void TaintArgument(ArraySegment<byte> segment) { }
+
+    public void M1()
+    {
+        byte[] bytes = new byte[1];
+        TaintArgument(bytes);
+        Sink(bytes);
+    }
+}

csharp/ql/test/library-tests/dataflow/operators/implicitConversionOperatorFlow.expected

@@ -0,0 +1,4 @@
+edges
+nodes
+subpaths
+#select

csharp/ql/test/library-tests/dataflow/operators/implicitConversionOperatorFlow.ql

@@ -0,0 +1,29 @@
+/**
+ * @kind path-problem
+ */
+
+import csharp
+import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate
+import Taint::PathGraph
+
+module TaintConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) {
+    exists(MethodCall mc |
+      mc.getTarget().hasName("TaintArgument") and
+      mc.getAnArgument() = src.(DataFlowPrivate::PostUpdateNode).getPreUpdateNode().asExpr()
+    )
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(MethodCall mc |
+      mc.getTarget().hasName("Sink") and
+      mc.getAnArgument() = sink.asExpr()
+    )
+  }
+}
+
+module Taint = TaintTracking::Global<TaintConfig>;
+
+from Taint::PathNode source, Taint::PathNode sink
+where Taint::flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()