add a code injection sink for JSDOM when "runScripts" is set to "dangerously"

javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

@@ -138,4 +138,17 @@ module CodeInjection {
         API::moduleImport("module").getInstance().getMember("_compile").getACall().getArgument(0)
     }
   }
+
+  /**
+   * A construction of a JSDOM object (server side DOM), where scripts are allowed.
+   */
+  class JSDomWithRunScripts extends Sink {
+    JSDomWithRunScripts() {
+      exists(DataFlow::NewNode instance |
+        instance = API::moduleImport("jsdom").getMember("JSDOM").getInstance().getAnImmediateUse() and
+        this = instance.getArgument(0) and
+        instance.getOptionArgument(1, "runScripts").mayHaveStringValue("dangerously")
+      )
+    }
+  }
 }