JS: Accept some suboptimal alert locations

Not perfect alert locations, but not important enough to fix right now

Author: asgerf

javascript/ql/test/query-tests/Security/CWE-614/tst-cleartextCookie.js

@@ -6,18 +6,18 @@ app.get('/a', function (req, res, next) {
         {
             maxAge: 9000000000,
             httpOnly: true,
-            secure: false // $ Alert
-        });
+            secure: false
+        }); // $ Alert
     res.end('ok')
 })
 
 app.get('/b', function (req, res, next) {
     let options = {
         maxAge: 9000000000,
         httpOnly: true,
-        secure: false // $ Alert
+        secure: false
     }
-    res.cookie('authKey', 'value', options);
+    res.cookie('authKey', 'value', options); // $ Alert
     res.end('ok')
 })
 
@@ -106,24 +106,24 @@ const session = require('express-session')
 
 app.use(session({
     secret: 'secret',
-    cookie: { secure: false } // $ Alert
-}))
+    cookie: { secure: false }
+})) // $ Alert
 
 app.use(session({
     secret: 'secret'
 })) // $ Alert
 
 app.use(session({
     secret: 'secret',
-    cookie: {} // $ Alert
-}))
+    cookie: {}
+})) // $ Alert
 
 const sess = {
     secret: 'secret',
-    cookie: { secure: false } // $ Alert
+    cookie: { secure: false }
 }
 
-app.use(session(sess))
+app.use(session(sess)) // $ Alert
 
 
 app.set('trust proxy', 1)
@@ -150,12 +150,12 @@ app.use(session({
 app.use(session({
     name: 'session',
     keys: ['key1', 'key2'],
-    secure: false, // $ Alert
+    secure: false,
     httpOnly: true,
     domain: 'example.com',
     path: 'foo/bar',
     expires: expiryDate
-}))
+})) // $ Alert
 
 http.createServer((req, res) => {
     res.setHeader('Content-Type', 'text/html');