Add react precallgraphstep useRef

knewbury01 · knewbury01 · commit 8c4fe5396b0c · 2025-10-21T17:16:39.000-04:00
diff --git a/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md b/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added PreCallGraphStep flow model for React's `useRef` hook.
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/React.qll b/javascript/ql/lib/semmle/javascript/frameworks/React.qll
@@ -612,6 +612,25 @@ private class UseStateStep extends PreCallGraphStep {
   }
 }
 
+/**
+ * Step through a `useRef` call.
+ *
+ * It returns a pair of the initial state, and an object with a single property (current) potentially containing an input value.
+ *
+ * For example:
+ * ```js
+ * const inputRef1 = useRef(initialValue);
+ * ```
+ */
+private class UseRefStep extends PreCallGraphStep {
+  override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+    exists(DataFlow::CallNode call | call = react().getAMemberCall("useRef") |
+      pred = call.getArgument(0) and // initial state
+      succ = call.getAPropertyRead("current")
+    )
+  }
+}
+
 /**
  * A step through a React context object.
  *

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added PreCallGraphStep flow model for React's `useRef` hook.