From 4ce25c045d77f1293a13e51e31d54e1da5503d60 Mon Sep 17 00:00:00 2001
From: Grzegorz Golawski <grzegol@gmail.com>
Date: Sun, 5 Jan 2020 22:05:00 +0100
Subject: [PATCH] Simplify the query

---
 .../src/Security/CWE/CWE-352/SpringCSRFProtection.ql   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
index f41532c8e07..9529aa9aabf 100644
--- a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+++ b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
@@ -12,11 +12,11 @@
 
 import java
 
-from MethodAccess call, Method method
+from MethodAccess call
 where
-  call.getMethod() = method and
-  method.hasName("disable") and
-  method.getDeclaringType().getQualifiedName().regexpMatch(
-    "org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<CsrfConfigurer<.*>,.*>"
+  call.getMethod().hasName("disable") and
+  call.getReceiverType().hasQualifiedName(
+    "org.springframework.security.config.annotation.web.configurers",
+    "CsrfConfigurer<HttpSecurity>"
   )
 select call, "CSRF vulnerability due to protection being disabled."