JS: Prevent bad join ordering

Author: asgerf

javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll

@@ -737,12 +737,17 @@ module TaintTracking {
       read = getAStaticCaptureRef()
       or
       exists(ControlFlowNode mid |
-        mid = getANodeReachingCaptureRef(read) and
-        not mid = getACaptureSetter(_) and
-        result = mid.getAPredecessor()
+        result = getANodeReachingCaptureRefAux(read, mid) and
+        not mid = getACaptureSetter(_)
       )
     }
 
+    pragma[nomagic]
+    private ControlFlowNode getANodeReachingCaptureRefAux(DataFlow::PropRead read, ControlFlowNode mid) {
+      mid = getANodeReachingCaptureRef(read) and
+      result = mid.getAPredecessor()
+    }
+
     /**
      * Holds if there is a step `pred -> succ` from the input of a RegExp match to
      * a static property of `RegExp` defined.