Apply suggestions from code review

Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
Co-Authored-By: Sauyon Lee <sauyon@github.com>

change-notes/1.24/analysis-go.md

@@ -31,4 +31,4 @@ The CodeQL library for Go now contains a folder of simple "cookbook" queries tha
 | Useless assignment to field (`go/useless-assignment-to-field`)                | Fewer false positives | The query now conservatively handles fields promoted through embedded pointer types.                                                                                        |
 | Bitwise exclusive-or used like exponentiation (`go/mistyped-exponentiation`)  | Fewer false positives | The query now identifies when the value of an xor is assigned to a mask object, and excludes such results.                                                                  |
 | Open URL redirect (`go/unvalidated-url-redirection`)                          | Fewer false positives | The query now identifies some sources that are not attacker-controlled, and excludes results with such sources.                                                             |
-| Operating system command from user-controlled sources (`go/command-injection`) | More results          | The library models used by the query have been improved, allowing it to flag more potentially problematic cases, including sources that flow into shells, sudo, or programming-language interpreters as arguments. |
+| Command built from user-controlled sources (`go/command-injection`) | More results          | The library models used by the query have been improved, allowing it to flag more potentially problematic cases, including sources that flow into shells, sudo, or programming-language interpreters as arguments. |

ql/src/semmle/go/frameworks/SystemCommandExecutors.qll

@@ -154,7 +154,8 @@ private string getAShellCommand() {
   result = "shpp" or
   result = "xiki" or
   result = "xonsh" or
-  result = "yash"
+  result = "yash" or
+  result = "env"
 }
 
 /**