Enhance PipeCall to exclude non-function and non-object arguments in pipe method detection

Napalys · Napalys · commit d7f86db76c6d · 2025-05-22T12:31:27.000+02:00
diff --git a/javascript/ql/src/Quality/UnhandledStreamPipe.ql b/javascript/ql/src/Quality/UnhandledStreamPipe.ql
@@ -15,7 +15,12 @@ import javascript
  * A call to the `pipe` method on a Node.js stream.
  */
 class PipeCall extends DataFlow::MethodCallNode {
-  PipeCall() { this.getMethodName() = "pipe" and this.getNumArgument() = [1, 2] }
+  PipeCall() {
+    this.getMethodName() = "pipe" and
+    this.getNumArgument() = [1, 2] and
+    not this.getArgument(0).asExpr() instanceof Function and
+    not this.getArgument(0).asExpr() instanceof ObjectExpr
+  }
 
   /** Gets the source stream (receiver of the pipe call). */
   DataFlow::Node getSourceStream() { result = this.getReceiver() }
diff --git a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected
@@ -15,7 +15,5 @@
 | test.js:185:5:185:32 | copyStr ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:190:17:190:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:195:17:195:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:199:5:199:22 | notStream.pipe({}) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:203:5:203:26 | notStre ... ()=>{}) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:207:5:207:64 | getStre ... e(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:212:5:212:56 | getStre ... e(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
diff --git a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js
@@ -196,11 +196,11 @@ function test() {
   }
   {
     const notStream = getNotAStream();
-    notStream.pipe({}); // $SPURIOUS:Alert
+    notStream.pipe({});
   }
   {
     const notStream = getNotAStream();
-    notStream.pipe(()=>{}); // $SPURIOUS:Alert
+    notStream.pipe(()=>{});
   }
   {
     const plumber = require('gulp-plumber');

Original file line number	Diff line number	Diff line change
`@@ -196,11 +196,11 @@ function test() {`
`196`	`196`	`}`
`197`	`197`	`{`
`198`	`198`	`const notStream = getNotAStream();`
`199`		`- notStream.pipe({}); // $SPURIOUS:Alert`
	`199`	`+ notStream.pipe({});`
`200`	`200`	`}`
`201`	`201`	`{`
`202`	`202`	`const notStream = getNotAStream();`
`203`		`- notStream.pipe(()=>{}); // $SPURIOUS:Alert`
	`203`	`+ notStream.pipe(()=>{});`
`204`	`204`	`}`
`205`	`205`	`{`
`206`	`206`	`const plumber = require('gulp-plumber');`