Add predicate to detect non-stream-like usage in sources of pipe calls

2026-04-24 16:25:15 +02:00 · 2025-05-22 13:37:04 +02:00
parent 5b1af0c0bd
commit ac24fdd348
3 changed files with 20 additions and 4 deletions
--- a/javascript/ql/src/Quality/UnhandledStreamPipe.ql
+++ b/javascript/ql/src/Quality/UnhandledStreamPipe.ql
@@ -207,10 +207,28 @@ predicate hasNonNodeJsStreamSource(PipeCall pipeCall) {
  pipeResultRef(pipeCall) = getNonNodeJsStreamType()
 }

+/**
+ * Holds if the source stream of the given pipe call is used in a non-stream-like way.
+ */
+private predicate hasNonStreamSourceLikeUsage(PipeCall pipeCall) {
+  exists(DataFlow::MethodCallNode call, string name |
+    call.getReceiver().getALocalSource() = streamRef(pipeCall) and
+    name = call.getMethodName() and
+    not name = getStreamMethodName()
+  )
+  or
+  exists(DataFlow::PropRef propRef, string propName |
+    propRef.getBase().getALocalSource() = streamRef(pipeCall) and
+    propName = propRef.getPropertyName() and
+    not propName = [getStreamPropertyName(), getStreamMethodName()]
+  )
+}
+
 from PipeCall pipeCall
 where
  not hasErrorHandlerRegistered(pipeCall) and
  not isPipeFollowedByNonStreamAccess(pipeCall) and
+  not hasNonStreamSourceLikeUsage(pipeCall) and
  not hasNonNodeJsStreamSource(pipeCall)
 select pipeCall,
  "Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped."
--- a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected
+++ b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected
@@ -11,5 +11,3 @@
 | test.js:143:5:143:62 | stream. ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:175:17:175:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:185:5:185:32 | copyStr ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:190:17:190:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:195:17:195:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
--- a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js
+++ b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js
@@ -187,12 +187,12 @@ function test() {
  {
    const notStream = getNotAStream();
    const something = notStream.someNotStreamPropertyAccess;
-    const val = notStream.pipe(writable); // $SPURIOUS:Alert
+    const val = notStream.pipe(writable);
  }
  { 
    const notStream = getNotAStream();
    const something = notStream.someNotStreamPropertyAccess();
-    const val = notStream.pipe(writable); // $SPURIOUS:Alert
+    const val = notStream.pipe(writable);
  }
  {
    const notStream = getNotAStream();