Fixed false positives from strapi and rxjs/testing as well as when one passes function as second arg to pipe

javascript/ql/lib/ext/rxjs.model.yml

@@ -5,3 +5,4 @@ extensions:
     data:
       - ["NonNodeStream", "rxjs", "Fuzzy"]
       - ["NonNodeStream", "rxjs/operators", "Fuzzy"]
+      - ["NonNodeStream", "rxjs/testing", "Fuzzy"]

javascript/ql/lib/ext/strapi.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ["NonNodeStream", "@strapi/utils", "Fuzzy"]

javascript/ql/src/Quality/UnhandledStreamPipe.ql

@@ -18,7 +18,7 @@ class PipeCall extends DataFlow::MethodCallNode {
   PipeCall() {
     this.getMethodName() = "pipe" and
     this.getNumArgument() = [1, 2] and
-    not this.getArgument(0).asExpr() instanceof Function and
+    not this.getArgument([0, 1]).asExpr() instanceof Function and
     not this.getArgument(0).asExpr() instanceof ObjectExpr and
     not this.getArgument(0).getALocalSource() = getNonNodeJsStreamType()
   }

javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/rxjsStreams.js

@@ -13,6 +13,6 @@ function f(){
   let testScheduler = new TestScheduler();
   testScheduler.run(({x, y, z}) => {
     const source = x('', {o: [a, b, c]});
-    z(source.pipe(null)).toBe(expected,y,); // $SPURIOUS:Alert
+    z(source.pipe(null)).toBe(expected,y,);
   });
 }

javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/strapi.js

@@ -1,5 +1,5 @@
 import { async } from '@strapi/utils';
 
 const f = async () => {
-    const permissionsInDB = await async.pipe(strapi.db.query('x').findMany,map('y'))(); // $SPURIOUS:Alert
+    const permissionsInDB = await async.pipe(strapi.db.query('x').findMany,map('y'))();
 }

javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected

@@ -1,5 +1,3 @@
-| rxjsStreams.js:16:7:16:23 | source.pipe(null) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| strapi.js:4:35:4:84 | async.p ... p('y')) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:4:5:4:28 | stream. ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:19:5:19:17 | s2.pipe(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:45:5:45:30 | stream2 ... ation2) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
@@ -13,4 +11,3 @@
 | test.js:143:5:143:62 | stream. ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:175:17:175:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:185:5:185:32 | copyStr ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:216:5:216:38 | notStre ... ()=>{}) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |

javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js

@@ -213,6 +213,6 @@ function test() {
   }
   {
     const notStream = getNotAStream();
-    notStream.pipe(getStream(),()=>{}); // $SPURIOUS:Alert
+    notStream.pipe(getStream(),()=>{});
   }
 }