Merge pull request #6029 from atorralba/atorralba/tainted-key-read-steps

Java: Add Map key-read-steps as local additional taint steps

java/change-notes/2021-06-11-tainted-key-read-steps.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Data flow now propagates taint from tainted Maps to read steps of their keys (e.g. `tainted.keySet()`).

java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -69,6 +69,7 @@ private module Cached {
     |
       f instanceof ArrayContent or
       f instanceof CollectionContent or
+      f instanceof MapKeyContent or
       f instanceof MapValueContent
     )
     or