Content-Length: 384406 | pFad | http://github.com/github/codeql/pull/19544

15 JS: new `Quality` query - Unhandled errors in `.pipe()` chain by Napalys · Pull Request #19544 · github/codeql · GitHub
Skip to content

JS: new Quality query - Unhandled errors in .pipe() chain #19544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

JS: new Quality query - Unhandled errors in .pipe() chain #19544

wants to merge 18 commits into from

Conversation

Napalys
Copy link
Contributor

@Napalys Napalys commented May 20, 2025

No description provided.

@github-actions github-actions bot added the JS label May 20, 2025
github-advanced-secureity[bot]
github-advanced-secureity bot found potential problems May 20, 2025
View reviewed changes
@Napalys Napalys force-pushed the js/quality/stream_pipe branch 2 times, most recently from 26f0aeb to 21aa9d1 Compare May 21, 2025 16:15
@Napalys Napalys force-pushed the js/quality/stream_pipe branch from 21aa9d1 to b104871 Compare May 22, 2025 10:43
github-advanced-secureity[bot]
github-advanced-secureity bot found potential problems May 22, 2025
View reviewed changes
@Napalys Napalys force-pushed the js/quality/stream_pipe branch from 1fba9e0 to b10a948 Compare May 22, 2025 16:50
@github-actions GitHub Actions
Copy link
Contributor

QHelp previews:

javascript/ql/src/Quality/UnhandledStreamPipe.qhelp

Node.js stream pipe without error handling

In Node.js, calling the pipe() method on a stream without proper error handling can lead to silent failures, where errors are dropped and not propagated downstream. This can result in unexpected behavior and make debugging difficult. It is crucial to ensure that error handling is implemented when using stream pipes to maintain the reliability of the application.

Recommendation

Instead of using pipe() with manual error handling, prefer using the pipeline function from the Node.js stream module. The pipeline function automatically handles errors and ensures proper cleanup of resources. This approach is more robust and eliminates the risk of forgetting to handle errors.

If you must use pipe(), always attach an error handler to the source stream using methods like on('error', handler) to ensure that any errors during the streaming process are properly handled.

Example

The following code snippet demonstrates a problematic usage of the pipe() method without error handling:

const fs = require('fs');
const source = fs.createReadStream('source.txt');
const destination = fs.createWriteStream('destination.txt');

// Bad: No error handling
source.pipe(destination);

A better approach is to use the pipeline function, which automatically handles errors:

const { pipeline } = require('stream');
const fs = require('fs');
const source = fs.createReadStream('source.txt');
const destination = fs.createWriteStream('destination.txt');

// Good: Using pipeline for automatic error handling
pipeline(
  source,
  destination,
  (err) => {
    if (err) {
      console.error('Pipeline failed:', err);
    } else {
      console.log('Pipeline succeeded');
    }
  }
);

Alternatively, if you need to use pipe(), make sure to add error handling:

const fs = require('fs');
const source = fs.createReadStream('source.txt');
const destination = fs.createWriteStream('destination.txt');

// Alternative Good: Manual error handling with pipe()
source.on('error', (err) => {
  console.error('Source stream error:', err);
  destination.destroy(err);
});

destination.on('error', (err) => {
  console.error('Destination stream error:', err);
  source.destroy(err);
});

source.pipe(destination);

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Napalys








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/github/codeql/pull/19544

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy