JS: Port HostHeaderPoisoningInEmailGeneration

javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected

@@ -1,21 +1,12 @@
-nodes
-| tst.js:17:11:17:113 | `Hi, lo ... token}` |
-| tst.js:17:11:17:113 | `Hi, lo ... token}` |
-| tst.js:17:84:17:91 | req.host |
-| tst.js:17:84:17:91 | req.host |
-| tst.js:18:11:18:127 | `Hi, lo ... reset.` |
-| tst.js:18:11:18:127 | `Hi, lo ... reset.` |
-| tst.js:18:78:18:85 | req.host |
-| tst.js:18:78:18:85 | req.host |
 edges
 | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
-| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
-| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
-| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` |
-| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
-| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
-| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
 | tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` |
+nodes
+| tst.js:17:11:17:113 | `Hi, lo ... token}` | semmle.label | `Hi, lo ... token}` |
+| tst.js:17:84:17:91 | req.host | semmle.label | req.host |
+| tst.js:18:11:18:127 | `Hi, lo ... reset.` | semmle.label | `Hi, lo ... reset.` |
+| tst.js:18:78:18:85 | req.host | semmle.label | req.host |
+subpaths
 #select
 | tst.js:17:11:17:113 | `Hi, lo ... token}` | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | Links in this email can be hijacked by poisoning the $@. | tst.js:17:84:17:91 | req.host | HTTP host header |
 | tst.js:18:11:18:127 | `Hi, lo ... reset.` | tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | Links in this email can be hijacked by poisoning the $@. | tst.js:18:78:18:85 | req.host | HTTP host header |