Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f843cc0

Browse files
NapalysNapalys
committed
Fix false positives in stream pipe analysis by improving error handler tracking via property access.
1 parent d3b2a57 commit f843cc0

3 files changed

Lines changed: 24 additions & 6 deletions

File tree

javascript/ql/src/Quality/UnhandledStreamPipe.ql

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -218,7 +218,17 @@ private DataFlow::SourceNode sourceStreamRef(PipeCall pipeCall) {
218218
* Holds if the source stream of the given pipe call has an `error` handler registered.
219219
*/
220220
private predicate hasErrorHandlerRegistered(PipeCall pipeCall) {
221-
sourceStreamRef(pipeCall).getAMethodCall(_) instanceof ErrorHandlerRegistration
221+
exists(DataFlow::Node stream |
222+
stream = sourceStreamRef(pipeCall).getALocalUse() and
223+
(
224+
stream.(DataFlow::SourceNode).getAMethodCall(_) instanceof ErrorHandlerRegistration
225+
or
226+
exists(DataFlow::SourceNode base, string propName |
227+
stream = base.getAPropertyRead(propName) and
228+
base.getAPropertyRead(propName).getAMethodCall(_) instanceof ErrorHandlerRegistration
229+
)
230+
)
231+
)
222232
or
223233
hasPlumber(pipeCall)
224234
}
@@ -262,8 +272,16 @@ private predicate hasNonStreamSourceLikeUsage(PipeCall pipeCall) {
262272
* Holds if the pipe call destination stream has an error handler registered.
263273
*/
264274
private predicate hasErrorHandlerDownstream(PipeCall pipeCall) {
265-
exists(ErrorHandlerRegistration handler |
266-
handler.getReceiver().getALocalSource() = destinationStreamRef(pipeCall)
275+
exists(DataFlow::SourceNode stream |
276+
stream = destinationStreamRef(pipeCall) and
277+
(
278+
exists(ErrorHandlerRegistration handler | handler.getReceiver().getALocalSource() = stream)
279+
or
280+
exists(DataFlow::SourceNode base, string propName |
281+
stream = base.getAPropertyRead(propName) and
282+
base.getAPropertyRead(propName).getAMethodCall(_) instanceof ErrorHandlerRegistration
283+
)
284+
)
267285
)
268286
}
269287

javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/test.expected

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@
1212
| test.js:182:17:182:40 | notStre ... itable) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
1313
| test.js:192:5:192:32 | copyStr ... nation) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
1414
| tst.js:8:5:8:21 | source.pipe(gzip) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
15-
| tst.js:29:5:29:40 | wrapper ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
1615
| tst.js:37:21:37:56 | wrapper ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
1716
| tst.js:44:5:44:40 | wrapper ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
17+
| tst.js:52:5:52:37 | source. ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
1818
| tst.js:59:18:59:39 | stream. ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
1919
| tst.js:73:5:73:40 | wrapper ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |
2020
| tst.js:111:5:111:26 | stream. ... Stream) | Stream pipe without error handling on the source stream. Errors won't propagate downstream and may be silently dropped. |

javascript/ql/test/query-tests/Quality/UnhandledStreamPipe/tst.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ function zip() {
2626
function zip1() {
2727
const zipStream = createWriteStream(zipPath);
2828
let wrapper = new StreamWrapper();
29-
wrapper.outputStream.pipe(zipStream); // $SPURIOUS:Alert
29+
wrapper.outputStream.pipe(zipStream);
3030
wrapper.outputStream.on('error', e);
3131
zipStream.on('error', e);
3232
}
@@ -49,7 +49,7 @@ function zip3() {
4949
const zipStream = createWriteStream(zipPath);
5050
let wrapper = new StreamWrapper();
5151
let source = getStream();
52-
source.pipe(wrapper.outputStream); // $MISSING:Alert
52+
source.pipe(wrapper.outputStream); // $Alert
5353
wrapper.outputStream.on('error', e);
5454
}
5555

0 commit comments

Comments
 (0)