JS: Fix join ordering

asger-semmle · asger-semmle · commit 78adcd4a85aa · 2019-07-09T21:36:55.000+01:00
diff --git a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
@@ -715,12 +715,17 @@ class ClassNode extends DataFlow::SourceNode {
     t.start() and
     result = getAReceiverNode()
     or
+    result = getAnInstanceReferenceAux(t) and
+    // Avoid tracking into the receiver of other classes.
+    // Note that this also blocks flows into a property of the receiver,
+    // but the `localFieldStep` rule will often compensate for this.
+    not result = any(DataFlow::ClassNode cls).getAReceiverNode()
+  }
+
+  pragma[noinline]
+  private DataFlow::SourceNode getAnInstanceReferenceAux(DataFlow::TypeTracker t) {
     exists(DataFlow::TypeTracker t2 |
-      result = getAnInstanceReference(t2).track(t2, t) and
-      // Avoid tracking into the receiver of other classes.
-      // Note that this also blocks flows into a property of the receiver,
-      // but the `localFieldStep` rule will often compensate for this.
-      not result = any(DataFlow::ClassNode cls).getAReceiverNode()
+      result = getAnInstanceReference(t2).track(t2, t)
     )
   }
 
