JS: Address comments

Author: asger-semmle

javascript/ql/src/semmle/javascript/dataflow/Configuration.qll

@@ -613,7 +613,9 @@ private predicate flowThroughCall(
     DataFlow::exceptionalFunctionReturnNode(ret, f) and
     DataFlow::exceptionalInvocationReturnNode(output, invk.asExpr()) and
     calls(invk, f) and
-    reachableFromInput(f, invk, input, ret, cfg, summary)
+    reachableFromInput(f, invk, input, ret, cfg, summary) and
+    not cfg.isBarrier(ret, output) and
+    not cfg.isLabeledBarrier(output, summary.getEndLabel())
   )
 }
 

javascript/ql/src/semmle/javascript/dataflow/internal/FlowSteps.qll

@@ -163,8 +163,10 @@ private module CachedSteps {
   }
 
   /**
-   * Holds if there is a flow step from `pred` to `succ` through returning
-   * from a function call or the receiver flowing out of a constructor call.
+   * Holds if there is a flow step from `pred` to `succ` through:
+   * - returning a value from a function call, or
+   * - throwing an exception out of a function call, or
+   * - the receiver flowing out of a constructor call.
    */
   cached
   predicate returnStep(DataFlow::Node pred, DataFlow::Node succ) {

javascript/ql/src/semmle/javascript/frameworks/LodashUnderscore.qll

@@ -369,29 +369,30 @@ module LodashUnderscore {
       exists(string name |
         this = member(name).getACall()
       |
-        // Collection methods
-        name = "countBy" or
+        // Members ending with By, With, or While indicate that they are a variant of
+        // another function that takes a callback.
+        name.matches("%By") or
+        name.matches("%With") or
+        name.matches("%While") or
+
+        // Other members that don't fit the above pattern.
         name = "each" or
         name = "eachRight" or
-        name = "forEach" or
-        name = "forEachRight" or
         name = "every" or
         name = "filter" or
-        name = "groupBy" or
-        name = "orderBy" or
+        name = "find" or
+        name = "findLast" or
+        name = "flatMap" or
+        name = "flatMapDeep" or
+        name = "flatMapDepth" or
+        name = "forEach" or
+        name = "forEachRight" or
         name = "partition" or
         name = "reduce" or
         name = "reduceRight" or
+        name = "replace"
         name = "some" or
-        name = "sortBy" or
-
-        // Array methods
-        name = "dropRightWhile" or
-        name = "dropWhile" or
-        name = "sortedIndexBy" or
-        name = "sortedUniqBy" or
-        name = "takeRightWhile" or
-        name = "takeWhile"
+        name = "transform" or
       )
     }