hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enhance PipeCall to exclude non-function and non-object arguments in pipe method detection

Browse Source
This commit is contained in:
Napalys Klicius
2025-05-22 12:19:05 +02:00
parent 4332de464a
commit d7f86db76c
3 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/Quality/UnhandledStreamPipe.ql
View File

@@ -15,7 +15,12 @@ import javascript
* A call to the `pipe` method on a Node.js stream.
*/
class PipeCall extends DataFlow::MethodCallNode {
PipeCall() { this.getMethodName() = "pipe" and this.getNumArgument() = [1, 2] }
PipeCall() {
this.getMethodName() = "pipe" and
this.getNumArgument() = [1, 2] and
not this.getArgument(0).asExpr() instanceof Function and
not this.getArgument(0).asExpr() instanceof ObjectExpr
}
/** Gets the source stream (receiver of the pipe call). */
DataFlow::Node getSourceStream() { result = this.getReceiver() }