Added underscore.string clearsContent.

Co-authored-by: Asgerf <asgerf@github.com>

javascript/ql/lib/javascript.qll

@@ -143,3 +143,4 @@ import semmle.javascript.linters.ESLint
 import semmle.javascript.linters.JSLint
 import semmle.javascript.linters.Linting
 import semmle.javascript.security.dataflow.RemoteFlowSources
+import semmle.javascript.frameworks.UnderscoreDotString

javascript/ql/lib/semmle/javascript/frameworks/UnderscoreDotString.qll

@@ -0,0 +1,25 @@
+/**
+ * Provides classes for modeling data flow behavior of the Underscore.string library (https://www.npmjs.com/package/underscore.string).
+ */
+
+private import javascript
+private import semmle.javascript.dataflow.internal.AdditionalFlowInternal
+
+/**
+ * Models data flow for the Underscore.string library.
+ */
+private class UnderscoreDotString extends AdditionalFlowInternal {
+  /**
+   * Holds if a call to an Underscore.string method clears array element content of the receiver.
+   */
+  override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) {
+    exists(DataFlow::CallNode call |
+      call =
+        ModelOutput::getATypeNode(["'underscore.string'.Wrapper", "'underscore.string'"])
+            .getAMember()
+            .getACall() and
+      node = call.getReceiver().getPostUpdateNode() and
+      contents = DataFlow::ContentSet::arrayElement()
+    )
+  }
+}