Docs review suggestions

Co-authored-by: Felicity Chapman <felicitymay@github.com>

java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.qhelp

@@ -25,6 +25,12 @@ safe before using it.</p>
 <p>In the following (BAD) example, an environment variable is set with a name that is derived from the user input <code>var</code> without validation.</p>
 
 <sample src="ExecTaintedEnvironmentName.java" />
+<p>In the following (GOOD) example, the user's input is validated before being used to set the environment variable.</p>
 
+<sample src="ExecTaintedEnvironmentValidated.java" />
+
+<p>In the following (GOOD) example, the user's input is checked and used to determine an environment variable to add.</p>
+
+<sample src="ExecTaintedEnvironmentChecked.java" />
 </example>
 </qhelp>

java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql

@@ -1,7 +1,7 @@
 /**
  * @name Building a command with an injected environment variable
- * @description Using externally controlled strings in the environment variables
- *              passed to a command line is vulnerable to malicious changes to the
+ * @description Passing environment variables containing externally controlled
+ *              strings to a command line is vulnerable to malicious changes to the
  *              environment of a subprocess.
  * @problem.severity error
  * @kind path-problem

java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironmentChecked.java

@@ -0,0 +1,6 @@
+Map<String, String> env = builder.environment();
+String debug = request.getParameter("debug");
+
+if (debug != null) {
+    env.put("PYTHONDEBUG", "1");
+}

java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironmentValidated.java

@@ -0,0 +1,9 @@
+String opt = request.getParameter("opt");
+String value = request.getParameter("value");
+
+Map<String, String> env = processBuilder.environment();
+
+// GOOD: opt and value are checked before being added to the environment
+if (permittedJavaOptions.contains(opt) && validOption(opt, value)) {
+    env.put(opt, value);
+}