Kotlin: implement super-method calls

If we only look at the dispatch receiver, these show up like `this` references rather than `super` references, preventing flow through super-calls. The super-interface case requires properly noting that interface methods with a body get a `default` modifier in order to avoid QL discarding the method as a possible callee.

java/ql/test/kotlin/library-tests/super-method-calls/test.expected

@@ -0,0 +1,2 @@
+| test.kt:31:17:31:24 | source(...) | test.kt:31:15:31:25 | f(...) |
+| test.kt:32:17:32:24 | source(...) | test.kt:32:15:32:25 | g(...) |

java/ql/test/kotlin/library-tests/super-method-calls/test.kt

@@ -0,0 +1,36 @@
+open class A {
+
+  open fun f(x: String) = x
+
+}
+
+interface B {
+
+  fun g(x: String) = x
+
+}
+
+interface C {
+
+  fun g(x: String) = x
+
+}
+
+class User : A(), B, C {
+
+  override fun f(x: String) = super.f(x)
+
+  override fun g(x: String) = super<B>.g(x)
+
+  fun source() = "tainted"
+
+  fun sink(s: String) { }
+
+  fun test() {
+
+    sink(this.f(source()))
+    sink(this.g(source()))
+
+  }
+
+}

java/ql/test/kotlin/library-tests/super-method-calls/test.ql

@@ -0,0 +1,18 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+
+class Config extends DataFlow::Configuration {
+  Config() { this = "abc" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n.asExpr().(MethodAccess).getMethod().getName() = "source"
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    n.asExpr().(Argument).getCall().getCallee().getName() = "sink"
+  }
+}
+
+from Config c, DataFlow::Node n1, DataFlow::Node n2
+where c.hasFlow(n1, n2)
+select n1, n2