Java: remove version debugging from alert message

Jami Cogswell · Jami Cogswell · commit 0dd33b273437 · 2025-07-19T13:01:00.000-04:00
diff --git a/java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll b/java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll
@@ -11,9 +11,8 @@ private class SpringBootParent extends Parent {
   SpringBootParent() { this.getGroup().getValue() = "org.springframework.boot" }
 }
 
-// TODO: private once done with version string debugging in alert msg.
 /** A `Pom` with a Spring Boot parent node. */
-class SpringBootPom extends Pom {
+private class SpringBootPom extends Pom {
   SpringBootPom() { this.getParentElement() instanceof SpringBootParent }
 
   /** Holds if the Spring Boot Security module is used in the project. */
diff --git a/java/ql/src/Security/CWE/CWE-200/SpringBootActuatorsConfig/SpringBootActuatorsConfig.ql b/java/ql/src/Security/CWE/CWE-200/SpringBootActuatorsConfig/SpringBootActuatorsConfig.ql
@@ -15,11 +15,6 @@ import java
 import semmle.code.xml.MavenPom
 import semmle.code.java.security.SpringBootActuatorsConfigQuery
 
-from SpringBootStarterActuatorDependency d, JavaPropertyOption jpOption, SpringBootPom pom
-where
-  exposesSensitiveEndpoint(d, jpOption) and
-  // TODO: remove pom; for debugging versions
-  d = pom.getADependency()
-select d,
-  "Insecure Spring Boot actuator $@ exposes sensitive endpoints (" +
-    pom.getParentElement().getVersionString() + ").", jpOption, "configuration"
+from SpringBootStarterActuatorDependency d, JavaPropertyOption jpOption
+where exposesSensitiveEndpoint(d, jpOption)
+select d, "Insecure Spring Boot actuator $@ exposes sensitive endpoints.", jpOption, "configuration"

Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,8 @@ private class SpringBootParent extends Parent {`
`11`	`11`	`SpringBootParent() { this.getGroup().getValue() = "org.springframework.boot" }`
`12`	`12`	`}`
`13`	`13`
`14`		`-// TODO: private once done with version string debugging in alert msg.`
`15`	`14`	/** A `Pom` with a Spring Boot parent node. */
`16`		`-class SpringBootPom extends Pom {`
	`15`	`+private class SpringBootPom extends Pom {`
`17`	`16`	`SpringBootPom() { this.getParentElement() instanceof SpringBootParent }`
`18`	`17`
`19`	`18`	`/** Holds if the Spring Boot Security module is used in the project. */`