C#: Fix a bad join

hvitved · hvitved · commit 6aa4c5c1876c · 2024-04-23T11:47:55.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
@@ -16,11 +16,15 @@ import semmle.code.csharp.frameworks.system.Web
 import semmle.code.csharp.frameworks.system.web.Helpers
 import semmle.code.csharp.frameworks.system.web.Mvc
 
+private Method getAValidatingMethod() {
+  result = any(AntiForgeryClass a).getValidateMethod()
+  or
+  result.calls(getAValidatingMethod())
+}
+
 /** An `AuthorizationFilter` that calls the `AntiForgery.Validate` method. */
 class AntiForgeryAuthorizationFilter extends AuthorizationFilter {
-  AntiForgeryAuthorizationFilter() {
-    this.getOnAuthorizationMethod().calls*(any(AntiForgeryClass a).getValidateMethod())
-  }
+  AntiForgeryAuthorizationFilter() { this.getOnAuthorizationMethod() = getAValidatingMethod() }
 }
 
 /**
