Update csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll

raulgarciamsft · hvitved · web-flow · commit 0805b4991440 · 2022-08-11T17:35:10.000-07:00
Co-authored-by: Tom Hvitved &lt;hvitved@github.com&gt;
diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll
@@ -246,17 +246,14 @@ private class CallableReturnsStringAndArg0IsString extends Callable {
  */
 class CallableAlwaysReturnsParameter0 extends CallableReturnsStringAndArg0IsString {
   CallableAlwaysReturnsParameter0() {
-    forall(ReturnStmt rs | rs.getEnclosingCallable() = this |
-      rs.getExpr() = this.getParameter(0).getAnAccess()
-    ) and
-    exists(ReturnStmt rs | rs.getEnclosingCallable() = this)
-    or
-    exists(AnonymousFunctionExpr le, Call call, CallableAlwaysReturnsParameter0 cat | this = le |
-      call = le.getExpressionBody() and
-      cat.getACall() = call
+    forex(Expr ret | this.canReturn(ret) |
+      ret = this.getParameter(0).getAnAccess()
+      or
+      exists(CallableAlwaysReturnsParameter0 c |
+        ret = c.getACall() and
+        ret.(Call).getArgument(0) = this.getParameter(0).getAnAccess()
+      )
     )
-    or
-    this.getBody() = this.getParameter(0).getAnAccess()
   }
 }
 
