Cannot detect sources propagated throught shorthand syntax

[filipeom]

Reported example:

function f(userInput) {
    let path = userInput
    const result = {path, method: 25, prop: 'userInput'}
    eval(result)
}

module.exports = {f}

But changing it to:

function f(userInput) {
    let path = userInput
    const result = {path, method: 25, prop: 'userInput'}
    eval(result.path)
}

module.exports = {f}

Also leads to a missed vulnerability. Could it be due to the definition of path through shorthand syntax?