update stream pipe

am0o0 · am0o0 · commit 516fdf627a05 · 2023-06-28T00:09:39.000+10:00
diff --git a/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/ReadableAdditionalStep.qll b/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/ReadableAdditionalStep.qll
@@ -25,4 +25,30 @@ predicate readablePipeAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node su
     pred = cn.getParameter(0).asSink() and
     succ = cn.getReturn().getMember("pipe").getParameter(0).asSink()
   )
+  or
+  // this step connect the a pipe parameter to the next parameter
+  exists(API::Node cn, int i |
+    i in [0 .. 10] and
+    cn =
+      [
+        API::moduleImport("stream/promises").getMember("pipeline"),
+        API::moduleImport("stream").getMember("pipeline")
+      ]
+  |
+    pred = cn.getParameter(i).asSink() and
+    succ = cn.getParameter(i + 1).asSink()
+  )
+  or
+  // this step connect the first pipe parameter to the next parameter
+  exists(API::Node cn, int i |
+    i in [1 .. 10] and
+    cn =
+      [
+        API::moduleImport("stream/promises").getMember("pipeline"),
+        API::moduleImport("stream").getMember("pipeline")
+      ]
+  |
+    pred = cn.getParameter(0).asSink() and
+    succ = cn.getParameter(i).asSink()
+  )
 }
