JS: Better local flow through .pipe chaining

javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected

@@ -1,5 +1,13 @@
 nodes
+| ZipSlipBad2.js:5:9:5:46 | fileName |
+| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
+| ZipSlipBad2.js:5:37:5:46 | entry.path |
+| ZipSlipBad2.js:6:22:6:29 | fileName |
 | ZipSlipBad.js:8:37:8:46 | entry.path |
 edges
+| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName |
+| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName |
+| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path |
 #select
+| ZipSlipBad2.js:6:22:6:29 | fileName | ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:6:22:6:29 | fileName | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad2.js:5:37:5:46 | entry.path | item path |
 | ZipSlipBad.js:8:37:8:46 | entry.path | ZipSlipBad.js:8:37:8:46 | entry.path | ZipSlipBad.js:8:37:8:46 | entry.path | Unsanitized zip archive $@, which may contain '..', is used in a file system operation. | ZipSlipBad.js:8:37:8:46 | entry.path | item path |

javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipBad2.js

@@ -0,0 +1,8 @@
+var fs = require('fs');
+var unzip = require('unzip');
+fs.readFile('path/to/archive.zip', function (err, zipContents) {
+  unzip.Parse(zipContents).on('entry', function (entry) {
+    var fileName = 'output/path/' + entry.path;
+    fs.writeFileSync(fileName, entry.contents);
+  });
+});

javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/externs.js

@@ -0,0 +1,11 @@
+/**
+ * @externs
+ */
+var fs = {};
+
+/**
+ * @param {string} filename
+ * @param {*} data
+ * @return {void}
+ */
+fs.writeFileSync = function(filename, data) {};