extend tests

Author: am0o0

javascript/ql/test/experimental/Security/CWE-099/EnvInjection.expected

@@ -8,15 +8,20 @@ nodes
 | test.js:5:35:5:42 | EnvValue |
 | test.js:6:23:6:30 | EnvValue |
 | test.js:6:23:6:30 | EnvValue |
+| test.js:7:22:7:29 | EnvValue |
+| test.js:7:22:7:29 | EnvValue |
 edges
 | test.js:4:9:4:20 | { EnvValue } | test.js:4:11:4:18 | EnvValue |
 | test.js:4:9:4:31 | EnvValue | test.js:5:35:5:42 | EnvValue |
 | test.js:4:9:4:31 | EnvValue | test.js:5:35:5:42 | EnvValue |
 | test.js:4:9:4:31 | EnvValue | test.js:6:23:6:30 | EnvValue |
 | test.js:4:9:4:31 | EnvValue | test.js:6:23:6:30 | EnvValue |
+| test.js:4:9:4:31 | EnvValue | test.js:7:22:7:29 | EnvValue |
+| test.js:4:9:4:31 | EnvValue | test.js:7:22:7:29 | EnvValue |
 | test.js:4:11:4:18 | EnvValue | test.js:4:9:4:31 | EnvValue |
 | test.js:4:24:4:31 | req.body | test.js:4:9:4:20 | { EnvValue } |
 | test.js:4:24:4:31 | req.body | test.js:4:9:4:20 | { EnvValue } |
 #select
 | test.js:5:35:5:42 | EnvValue | test.js:4:24:4:31 | req.body | test.js:5:35:5:42 | EnvValue | this environment variable assignment is $@. | test.js:4:24:4:31 | req.body | user controllable |
 | test.js:6:23:6:30 | EnvValue | test.js:4:24:4:31 | req.body | test.js:6:23:6:30 | EnvValue | this environment variable assignment is $@. | test.js:4:24:4:31 | req.body | user controllable |
+| test.js:7:22:7:29 | EnvValue | test.js:4:24:4:31 | req.body | test.js:7:22:7:29 | EnvValue | this environment variable assignment is $@. | test.js:4:24:4:31 | req.body | user controllable |

javascript/ql/test/experimental/Security/CWE-099/test.js

@@ -4,6 +4,7 @@ http.createServer((req, res) => {
   const { EnvValue } = req.body;
   process.env["A_Critical_Env"] = EnvValue; // NOT OK
   process.env[AKey] = EnvValue; // NOT OK
+  process.env.AKey = EnvValue; // NOT OK
 
   res.end('env has been injected!');
 });