From c7667d372e63c97bc8d9a5be751f437206181c15 Mon Sep 17 00:00:00 2001
From: Asger Feldthaus <asgerf@github.com>
Date: Fri, 30 Oct 2020 16:25:30 +0000
Subject: [PATCH] JS: Address review comments

---
 .../semmle/javascript/frameworks/ComposedFunctions.qll | 10 +++++-----
 .../ql/src/semmle/javascript/frameworks/React.qll      |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll b/javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll
index 9fc6262e999..df0b3ce73e3 100644
--- a/javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll
@@ -124,11 +124,6 @@ private class ComposedFunctionTaintStep extends TaintTracking::AdditionalTaintSt
 
   override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
     exists(int fnIndex, DataFlow::FunctionNode fn | fn = composed.getOperandFunction(fnIndex) |
-      // flow out of the composed call
-      fnIndex = 0 and
-      pred = fn.getReturnNode() and
-      succ = this
-      or
       // flow into the first function
       fnIndex = composed.getNumOperand() - 1 and
       exists(int callArgIndex |
@@ -141,6 +136,11 @@ private class ComposedFunctionTaintStep extends TaintTracking::AdditionalTaintSt
         pred = predFn.getReturnNode() and
         succ = fn.getParameter(0)
       )
+      or
+      // flow out of the composed call
+      fnIndex = 0 and
+      pred = fn.getReturnNode() and
+      succ = this
     )
   }
 }
diff --git a/javascript/ql/src/semmle/javascript/frameworks/React.qll b/javascript/ql/src/semmle/javascript/frameworks/React.qll
index cb7c21b3440..cfc77682291 100644
--- a/javascript/ql/src/semmle/javascript/frameworks/React.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/React.qll
@@ -734,6 +734,8 @@ private class ReactRouterLocationSource extends DOM::LocationSource::Range {
  * version of that component, which we model as a direct reference to the underlying component.
  */
 private DataFlow::SourceNode higherOrderComponentBuilder() {
+  // `memo(f)` returns a function that behaves as `f` but caches results
+  // It is sometimes used to wrap an entire functional component.
   result = react().getAPropertyRead("memo")
   or
   result = DataFlow::moduleMember("react-redux", "connect").getACall()
@@ -760,8 +762,6 @@ private class HigherOrderComponentStep extends PreCallGraphStep {
   }
 
   override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-    // `memo(f)` returns a function behaves as `f` but caches results
-    // It is sometimes used to wrap an entire functional component.
     exists(DataFlow::CallNode call |
       call = higherOrderComponentBuilder().getACall() and
       pred = call.getArgument(0) and