update tests

Author: am0o0

javascript/ql/test/experimental/Security/CWE-099/EnvValueAndKeyInjection/EnvValueAndKeyInjection.expected

@@ -14,19 +14,17 @@ nodes
 | test.js:7:15:7:20 | EnvKey |
 | test.js:7:25:7:32 | EnvValue |
 | test.js:7:25:7:32 | EnvValue |
-| test.js:8:24:8:31 | EnvValue |
-| test.js:8:24:8:31 | EnvValue |
-| test.js:14:9:14:28 | { EnvValue, EnvKey } |
-| test.js:14:9:14:39 | EnvKey |
-| test.js:14:9:14:39 | EnvValue |
-| test.js:14:11:14:18 | EnvValue |
-| test.js:14:21:14:26 | EnvKey |
-| test.js:14:32:14:39 | req.body |
-| test.js:14:32:14:39 | req.body |
-| test.js:16:15:16:20 | EnvKey |
-| test.js:16:15:16:20 | EnvKey |
-| test.js:17:26:17:33 | EnvValue |
-| test.js:17:26:17:33 | EnvValue |
+| test.js:13:9:13:28 | { EnvValue, EnvKey } |
+| test.js:13:9:13:39 | EnvKey |
+| test.js:13:9:13:39 | EnvValue |
+| test.js:13:11:13:18 | EnvValue |
+| test.js:13:21:13:26 | EnvKey |
+| test.js:13:32:13:39 | req.body |
+| test.js:13:32:13:39 | req.body |
+| test.js:15:15:15:20 | EnvKey |
+| test.js:15:15:15:20 | EnvKey |
+| test.js:16:26:16:33 | EnvValue |
+| test.js:16:26:16:33 | EnvValue |
 edges
 | test.js:5:9:5:28 | { EnvValue, EnvKey } | test.js:5:11:5:18 | EnvValue |
 | test.js:5:9:5:28 | { EnvValue, EnvKey } | test.js:5:21:5:26 | EnvKey |
@@ -38,22 +36,20 @@ edges
 | test.js:5:9:5:39 | EnvValue | test.js:6:25:6:32 | EnvValue |
 | test.js:5:9:5:39 | EnvValue | test.js:7:25:7:32 | EnvValue |
 | test.js:5:9:5:39 | EnvValue | test.js:7:25:7:32 | EnvValue |
-| test.js:5:9:5:39 | EnvValue | test.js:8:24:8:31 | EnvValue |
-| test.js:5:9:5:39 | EnvValue | test.js:8:24:8:31 | EnvValue |
 | test.js:5:11:5:18 | EnvValue | test.js:5:9:5:39 | EnvValue |
 | test.js:5:21:5:26 | EnvKey | test.js:5:9:5:39 | EnvKey |
 | test.js:5:32:5:39 | req.body | test.js:5:9:5:28 | { EnvValue, EnvKey } |
 | test.js:5:32:5:39 | req.body | test.js:5:9:5:28 | { EnvValue, EnvKey } |
-| test.js:14:9:14:28 | { EnvValue, EnvKey } | test.js:14:11:14:18 | EnvValue |
-| test.js:14:9:14:28 | { EnvValue, EnvKey } | test.js:14:21:14:26 | EnvKey |
-| test.js:14:9:14:39 | EnvKey | test.js:16:15:16:20 | EnvKey |
-| test.js:14:9:14:39 | EnvKey | test.js:16:15:16:20 | EnvKey |
-| test.js:14:9:14:39 | EnvValue | test.js:17:26:17:33 | EnvValue |
-| test.js:14:9:14:39 | EnvValue | test.js:17:26:17:33 | EnvValue |
-| test.js:14:11:14:18 | EnvValue | test.js:14:9:14:39 | EnvValue |
-| test.js:14:21:14:26 | EnvKey | test.js:14:9:14:39 | EnvKey |
-| test.js:14:32:14:39 | req.body | test.js:14:9:14:28 | { EnvValue, EnvKey } |
-| test.js:14:32:14:39 | req.body | test.js:14:9:14:28 | { EnvValue, EnvKey } |
+| test.js:13:9:13:28 | { EnvValue, EnvKey } | test.js:13:11:13:18 | EnvValue |
+| test.js:13:9:13:28 | { EnvValue, EnvKey } | test.js:13:21:13:26 | EnvKey |
+| test.js:13:9:13:39 | EnvKey | test.js:15:15:15:20 | EnvKey |
+| test.js:13:9:13:39 | EnvKey | test.js:15:15:15:20 | EnvKey |
+| test.js:13:9:13:39 | EnvValue | test.js:16:26:16:33 | EnvValue |
+| test.js:13:9:13:39 | EnvValue | test.js:16:26:16:33 | EnvValue |
+| test.js:13:11:13:18 | EnvValue | test.js:13:9:13:39 | EnvValue |
+| test.js:13:21:13:26 | EnvKey | test.js:13:9:13:39 | EnvKey |
+| test.js:13:32:13:39 | req.body | test.js:13:9:13:28 | { EnvValue, EnvKey } |
+| test.js:13:32:13:39 | req.body | test.js:13:9:13:28 | { EnvValue, EnvKey } |
 #select
 | test.js:6:15:6:20 | EnvKey | test.js:5:32:5:39 | req.body | test.js:6:15:6:20 | EnvKey | arbitrary environment variable assignment from this $@. | test.js:5:32:5:39 | req.body | user controllable source |
 | test.js:7:15:7:20 | EnvKey | test.js:5:32:5:39 | req.body | test.js:7:15:7:20 | EnvKey | arbitrary environment variable assignment from this $@. | test.js:5:32:5:39 | req.body | user controllable source |

javascript/ql/test/experimental/Security/CWE-099/EnvValueAndKeyInjection/test.js

@@ -5,7 +5,6 @@ http.createServer((req, res) => {
   const { EnvValue, EnvKey } = req.body;
   process.env[EnvKey] = EnvValue; // NOT OK
   process.env[EnvKey] = EnvValue; // NOT OK
-  process.env.EnvKey = EnvValue; // NOT OK
 
   res.end('env has been injected!');
 });