Fix CWE-502 tests

Author: Alvaro Muñoz

javascript/test/audit/CWE-502/UnsafeDeserializationAudit.expected

@@ -1,4 +1,4 @@
-| deserialization.js:4:20:4:34 | req.params.data | Unsafe Deserialization sink |
-| deserialization.js:5:23:5:37 | req.params.data | Unsafe Deserialization sink |
 | deserialization.js:10:24:10:38 | req.params.data | Unsafe Deserialization sink |
 | deserialization.js:11:27:11:41 | req.params.data | Unsafe Deserialization sink |
+| deserialization.js:12:20:12:34 | req.params.data | Unsafe Deserialization sink |
+| deserialization.js:13:23:13:37 | req.params.data | Unsafe Deserialization sink |

javascript/test/audit/CWE-502/deserialization.js

@@ -1,11 +1,13 @@
 // https://github.com/advanced-security/codeql-queries/blob/js/audit/codeql/javascript/ql/test/query-tests/Security/CWE-502/tst.js
 const jsyaml = require("js-yaml");
 
-data = jsyaml.load(req.params.data); // NOT OK
-data = jsyaml.loadAll(req.params.data); // NOT OK
+data = jsyaml.load(req.params.data); // OK
+data = jsyaml.loadAll(req.params.data); // OK
 data = jsyaml.safeLoad(req.params.data); // OK
 data = jsyaml.safeLoadAll(req.params.data); // OK
 
 let unsafeConfig = { schema: jsyaml.DEFAULT_FULL_SCHEMA };
 data = jsyaml.safeLoad(req.params.data, unsafeConfig); // NOT OK
 data = jsyaml.safeLoadAll(req.params.data, unsafeConfig); // NOT OK
+data = jsyaml.load(req.params.data, unsafeConfig); // NOT OK
+data = jsyaml.loadAll(req.params.data, unsafeConfig); // NOT OK