Add predicate to detect non-stream-like usage in sources of pipe calls

Napalys · Napalys · commit ac24fdd34802 · 2025-05-22T18:49:59.000+02:00
diff --git a/javascript/ql/src/Quality/UnhandledStreamPipe.ql b/javascript/ql/src/Quality/UnhandledStreamPipe.ql
@@ -207,10 +207,28 @@ predicate hasNonNodeJsStreamSource(PipeCall pipeCall) {
   pipeResultRef(pipeCall) = getNonNodeJsStreamType()
 }
 
+/**
+ * Holds if the source stream of the given pipe call is used in a non-stream-like way.
+ */
+private predicate hasNonStreamSourceLikeUsage(PipeCall pipeCall) {
+  exists(DataFlow::MethodCallNode call, string name |
+    call.getReceiver().getALocalSource() = streamRef(pipeCall) and
+    name = call.getMethodName() and
+    not name = getStreamMethodName()
+  )
+  or
+  exists(DataFlow::PropRef propRef, string propName |
+    propRef.getBase().getALocalSource() = streamRef(pipeCall) and
+    propName = propRef.getPropertyName() and
+    not propName = [getStreamPropertyName(), getStreamMethodName()]
+  )
+}
+
 from PipeCall pipeCall
 where
   not hasErrorHandlerRegistered(pipeCall) and
   not isPipeFollowedByNonStreamAccess(pipeCall) and
+  not hasNonStreamSourceLikeUsage(pipeCall) and
   not hasNonNodeJsStreamSource(pipeCall)
 select pipeCall,
   "Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped."
diff --git a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected
@@ -11,5 +11,3 @@
 | test.js:143:5:143:62 | stream. ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:175:17:175:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:185:5:185:32 | copyStr ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:190:17:190:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:195:17:195:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
diff --git a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js
@@ -187,12 +187,12 @@ function test() {
   {
     const notStream = getNotAStream();
     const something = notStream.someNotStreamPropertyAccess;
-    const val = notStream.pipe(writable); // $SPURIOUS:Alert
+    const val = notStream.pipe(writable);
   }
   { 
     const notStream = getNotAStream();
     const something = notStream.someNotStreamPropertyAccess();
-    const val = notStream.pipe(writable); // $SPURIOUS:Alert
+    const val = notStream.pipe(writable);
   }
   {
     const notStream = getNotAStream();

Original file line number	Diff line number	Diff line change
`@@ -187,12 +187,12 @@ function test() {`
`187`	`187`	`{`
`188`	`188`	`const notStream = getNotAStream();`
`189`	`189`	`const something = notStream.someNotStreamPropertyAccess;`
`190`		`- const val = notStream.pipe(writable); // $SPURIOUS:Alert`
	`190`	`+ const val = notStream.pipe(writable);`
`191`	`191`	`}`
`192`	`192`	`{`
`193`	`193`	`const notStream = getNotAStream();`
`194`	`194`	`const something = notStream.someNotStreamPropertyAccess();`
`195`		`- const val = notStream.pipe(writable); // $SPURIOUS:Alert`
	`195`	`+ const val = notStream.pipe(writable);`
`196`	`196`	`}`
`197`	`197`	`{`
`198`	`198`	`const notStream = getNotAStream();`