update consistency comments for CWE-754

Author: erik-krogh

javascript/ql/test/query-tests/Security/CWE-754/UnsafeDynamicMethodAccess.js

@@ -4,15 +4,15 @@ let obj = {};
 
 window.addEventListener('message', (ev) => {
     let message = JSON.parse(ev.data);
-    window[message.name](message.payload); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql
-    new window[message.name](message.payload); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql
+    window[message.name](message.payload); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql [INCONSISTENCY]
+    new window[message.name](message.payload); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql [INCONSISTENCY]
     window["HTMLElement" + message.name](message.payload); // OK - concatenation restricts choice of methods
     window[`HTMLElement${message.name}`](message.payload); // OK - concatenation restricts choice of methods
 
     function f() {}
-    f[message.name](message.payload)(); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql
+    f[message.name](message.payload)(); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql [INCONSISTENCY]
 
     obj[message.name](message.payload); // NOT OK
 
-    window[ev](ev); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql
+    window[ev](ev); // NOT OK, but reported by UnsafeDynamicMethodAccess.ql [INCONSISTENCY]
 });

javascript/ql/test/query-tests/Security/CWE-754/tst.js

@@ -28,13 +28,13 @@
       obj[name]();  // NOT OK
 
     if (obj.hasOwnProperty(name)) {
-      obj[name]();  // NOT OK, but not flagged
+      obj[name]();  // NOT OK, but not flagged [INCONSISTENCY]
     }
 
     let key = "$" + name;
     obj[key]();     // NOT OK
     if (typeof obj[key] === 'function')
-      obj[key]();   // OK - but still flagged
+      obj[key]();   // OK - but still flagged [INCONSISTENCY]
 
     if (typeof fn === 'function') {
       fn.apply(obj); // OK