add test that requires flowToExpr

Author: erik-krogh

javascript/ql/test/query-tests/Security/CWE-598/SensitiveGetQuery.expected

@@ -1 +1,3 @@
 | tst.js:8:22:8:39 | req.query.password | $@ for GET requests uses query parameter as sensitive data. | tst.js:6:19:14:1 | (req, r ... serId\\n} | Route handler |
+| tst.js:26:22:26:42 | req.par ... sword') | $@ for GET requests uses query parameter as sensitive data. | tst.js:24:20:35:1 | (req, r ...   });\\n} | Route handler |
+| tst.js:31:24:31:40 | req.param('word') | $@ for GET requests uses query parameter as sensitive data. | tst.js:24:20:35:1 | (req, r ...   });\\n} | Route handler |

javascript/ql/test/query-tests/Security/CWE-598/tst.js

@@ -19,4 +19,17 @@ app.post("/login", (req, res) => {
     checkUser(username, password, (result) => {
         res.send(result);
     });
+});
+
+app.get("/login2", (req, res) => {
+    const username = req.param('username'); // NOT OK - usernames are fine
+    const password = req.param('password'); // NOT OK - password read
+    checkUser(username, password, (result) => {
+        res.send(result);
+    });
+
+    const myPassword = req.param('word'); // NOT OK - is used in a sensitive write below.
+    checkUser(username, myPassword, (result) => {
+        res.send(result);
+    });
 });