hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added detection of custom gulp-plumber sanitizer, thus one would not flag such instances.

Browse Source
This commit is contained in:
Napalys Klicius
2025-05-22 13:32:25 +02:00
parent b1048719aa
commit 5b1af0c0bd
3 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
javascript/ql/src/Quality/UnhandledStreamPipe.ql
View File

@@ -188,6 +188,15 @@ predicate hasErrorHandlerRegistered(PipeCall pipeCall) {
handler = streamRef(pipeCall).getAMethodCall(getEventHandlerMethodName()) and
handler.getArgument(0).getStringValue() = "error"
)
or
hasPlumber(pipeCall)
}
/**
* Holds if one of the arguments of the pipe call is a `gulp-plumber` monkey patch.
*/
predicate hasPlumber(PipeCall pipeCall) {
streamRef+(pipeCall) = API::moduleImport("gulp-plumber").getACall()
}
/**

2
javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected
View File

@@ -13,5 +13,3 @@
| test.js:185:5:185:32 | copyStr ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
| test.js:190:17:190:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
| test.js:195:17:195:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
| test.js:207:5:207:64 | getStre ... e(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
| test.js:212:5:212:56 | getStre ... e(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |

4
javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js
View File

@@ -204,11 +204,11 @@ function test() {
}
{
const plumber = require('gulp-plumber');
getStream().pipe(plumber()).pipe(dest).pipe(dest).pipe(dest); // $SPURIOUS:Alert
getStream().pipe(plumber()).pipe(dest).pipe(dest).pipe(dest);
}
{
const plumber = require('gulp-plumber');
const p = plumber();
getStream().pipe(p).pipe(dest).pipe(dest).pipe(dest); // $SPURIOUS:Alert
getStream().pipe(p).pipe(dest).pipe(dest).pipe(dest);
}
}