Restrict pipe detection to calls with 1-2 arguments

Napalys · Napalys · commit 03d1f9a7d338 · 2025-05-21T11:41:22.000+02:00
diff --git a/javascript/ql/src/Quality/UnhandledStreamPipe.ql b/javascript/ql/src/Quality/UnhandledStreamPipe.ql
@@ -15,7 +15,7 @@ import javascript
  * A call to the `pipe` method on a Node.js stream.
  */
 class PipeCall extends DataFlow::MethodCallNode {
-  PipeCall() { this.getMethodName() = "pipe" }
+  PipeCall() { this.getMethodName() = "pipe" and this.getNumArgument() = [1, 2] }
 
   /** Gets the source stream (receiver of the pipe call). */
   DataFlow::Node getSourceStream() { result = this.getReceiver() }
diff --git a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected
@@ -9,5 +9,3 @@
 | test.js:116:5:116:21 | stream.pipe(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:125:5:125:26 | getStre ... e(dest) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
 | test.js:143:5:143:62 | stream. ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:163:5:163:20 | notStream.pipe() | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
-| test.js:167:5:167:36 | notStre ... , arg3) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
diff --git a/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js b/javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.js
@@ -160,10 +160,10 @@ function test() {
   }
   { // Calling custom pipe method with no arguments
     const notStream = getNotAStream();
-    notStream.pipe(); // $SPURIOUS:Alert
+    notStream.pipe();
   }
   { // Calling custom pipe method with more then 2 arguments
     const notStream = getNotAStream();
-    notStream.pipe(arg1, arg2, arg3); // $SPURIOUS:Alert
+    notStream.pipe(arg1, arg2, arg3);
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -160,10 +160,10 @@ function test() {`
`160`	`160`	`}`
`161`	`161`	`{ // Calling custom pipe method with no arguments`
`162`	`162`	`const notStream = getNotAStream();`
`163`		`- notStream.pipe(); // $SPURIOUS:Alert`
	`163`	`+ notStream.pipe();`
`164`	`164`	`}`
`165`	`165`	`{ // Calling custom pipe method with more then 2 arguments`
`166`	`166`	`const notStream = getNotAStream();`
`167`		`- notStream.pipe(arg1, arg2, arg3); // $SPURIOUS:Alert`
	`167`	`+ notStream.pipe(arg1, arg2, arg3);`
`168`	`168`	`}`
`169`	`169`	`}`