github
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js
+3-3 b/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/child_process-test.js
+3-3
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js
+1-1 b/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh.js
+1-1
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js
+1-1 b/‎javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/exec-sh2.js
+1-1
diff --git a/‎javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js
+2-2 b/‎javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/lib/isImported.js
+2-2
@@ -36,7 +36,7 @@ var server = http.createServer(function(req, res) {
       sh = 'cmd.exe', flag = '/c';
     else
       sh = '/bin/sh', flag = '-c';
-    cp.spawn(sh, [ flag, cmd ]); // $ Alert Sink
+    cp.spawn(sh, [ flag, cmd ]); // $ Alert
 
     let args = [];
     args[0] = "-c";
@@ -53,8 +53,8 @@ var server = http.createServer(function(req, res) {
     args[1] = cmd; // $ Sink
     cp.execFile(`/bin` + "/bash", args); // $ Alert
 
-    cp.spawn('cmd.exe', ['/C', 'foo'].concat(["bar", cmd])); // $ Alert Sink
-    cp.spawn('cmd.exe', ['/C', 'foo'].concat(cmd)); // $ Alert Sink
+    cp.spawn('cmd.exe', ['/C', 'foo'].concat(["bar", cmd])); // $ Alert
+    cp.spawn('cmd.exe', ['/C', 'foo'].concat(cmd)); // $ Alert
 
     let myArgs = [];
     myArgs.push(`-` + "c");
 
@@ -12,7 +12,7 @@ function getShell() {
 
 function execSh(command, options) {
     var shell = getShell()
-    return cp.spawn(shell.cmd, [shell.arg, command], options) // $ Alert Sink
+    return cp.spawn(shell.cmd, [shell.arg, command], options) // $ Alert
 }
 
 http.createServer(function (req, res) {
 
@@ -7,7 +7,7 @@ function getShell() {
 }
 
 function execSh(command, options) {
-    return cp.spawn(getShell(), ["-c", command], options) // $ Alert Sink
+    return cp.spawn(getShell(), ["-c", command], options) // $ Alert
 };
 
 http.createServer(function (req, res) {
 
@@ -3,5 +3,5 @@
 const cp = require("child_process");
 
 module.exports.thisMethodIsImported = function (name) { // $ Source
-	cp.exec("rm -rf " + name); // $ Alert Sink
-}
+	cp.exec("rm -rf " + name); // $ Alert
+}
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ function getShell() {`
`12`	`12`
`13`	`13`	`function execSh(command, options) {`
`14`	`14`	`var shell = getShell()`
`15`		`- return cp.spawn(shell.cmd, [shell.arg, command], options) // $ Alert Sink`
	`15`	`+ return cp.spawn(shell.cmd, [shell.arg, command], options) // $ Alert`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`http.createServer(function (req, res) {`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ function getShell() {`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`function execSh(command, options) {`
`10`		`- return cp.spawn(getShell(), ["-c", command], options) // $ Alert Sink`
	`10`	`+ return cp.spawn(getShell(), ["-c", command], options) // $ Alert`
`11`	`11`	`};`
`12`	`12`
`13`	`13`	`http.createServer(function (req, res) {`