JS: Address review comments

javascript/ql/src/semmle/javascript/frameworks/ComposedFunctions.qll

@@ -124,11 +124,6 @@ private class ComposedFunctionTaintStep extends TaintTracking::AdditionalTaintSt
 
   override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
     exists(int fnIndex, DataFlow::FunctionNode fn | fn = composed.getOperandFunction(fnIndex) |
-      // flow out of the composed call
-      fnIndex = 0 and
-      pred = fn.getReturnNode() and
-      succ = this
-      or
       // flow into the first function
       fnIndex = composed.getNumOperand() - 1 and
       exists(int callArgIndex |
@@ -141,6 +136,11 @@ private class ComposedFunctionTaintStep extends TaintTracking::AdditionalTaintSt
         pred = predFn.getReturnNode() and
         succ = fn.getParameter(0)
       )
+      or
+      // flow out of the composed call
+      fnIndex = 0 and
+      pred = fn.getReturnNode() and
+      succ = this
     )
   }
 }

javascript/ql/src/semmle/javascript/frameworks/React.qll

@@ -734,6 +734,8 @@ private class ReactRouterLocationSource extends DOM::LocationSource::Range {
  * version of that component, which we model as a direct reference to the underlying component.
  */
 private DataFlow::SourceNode higherOrderComponentBuilder() {
+  // `memo(f)` returns a function that behaves as `f` but caches results
+  // It is sometimes used to wrap an entire functional component.
   result = react().getAPropertyRead("memo")
   or
   result = DataFlow::moduleMember("react-redux", "connect").getACall()
@@ -760,8 +762,6 @@ private class HigherOrderComponentStep extends PreCallGraphStep {
   }
 
   override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-    // `memo(f)` returns a function behaves as `f` but caches results
-    // It is sometimes used to wrap an entire functional component.
     exists(DataFlow::CallNode call |
       call = higherOrderComponentBuilder().getACall() and
       pred = call.getArgument(0) and