accept IO redirections as OK

javascript/ql/test/query-tests/Security/CWE-078/UselessCat.expected

@@ -1,2 +1,3 @@
 | False negative | uselesscat.js:69:42:69:69 | // NOT  ... lagged] |
 | False positive | uselesscat.js:18:70:18:118 | // OK [ ... jection |
+| False positive | uselesscat.js:82:80:82:128 | // OK ( ... / gid)) |

javascript/ql/test/query-tests/Security/CWE-078/uselesscat.js

@@ -50,10 +50,10 @@ execSync(cmd); // NOT OK
 execSync("cat /proc/cpuinfo | grep -c '" + someValue + "'"); // OK - pipes
 
 function cat(file) {
-	return execSync('cat ' + file).toString(); // NOT OK [flagged]
+	return execSync('cat ' + file).toString(); // NOT OK
 }
 
-execSync(`cat ${files.join(' ')} > ${outFile}`); // NOT OK [flagged]
+execSync(`cat ${files.join(' ')} > ${outFile}`); // OK
 
 var cmd = 'cat package.json | grep'
 exec(cmd); // OK - pipes!
@@ -70,4 +70,13 @@ execSync("sh -c 'cat " + newpath + "'"); // NOT OK. [but not flagged]
 
 exec(` cat ${newpath}`) // NOT OK
 
-exec(` cat ${newpath} | grep foo`) // OK - pipes
+exec(` cat ${newpath} | grep foo`) // OK - pipes
+
+execSync('cat /proc/cpuinfo > foo/bar/baz').toString(); // OK.
+
+execSync(`cat ${newpath} > ${destpath}`).toString(); // OK.
+
+const Opts = {encoding: 'utf8'}
+execSync(`cat foo/bar/${newpath}`, Opts).slice(0, 7); // NOT OK ("encoding" is used EXACTLY the same way in fs.readFileSync)
+
+execSync("/bin/cat /proc/cpuinfo", { uid: 1000, gid: 1000, encoding: 'utf8'}); // OK (fs.readFileSync cannot emulate uid / gid))