Java: rename some classes, adjust some qldocs

Author: Jami Cogswell

java/ql/lib/semmle/code/java/frameworks/spring/SpringSecurity.qll

@@ -42,7 +42,7 @@ class TypeAbstractRequestMatcherRegistry extends Class {
 /**
  * A call to the `HttpSecurity.authorizeRequests` method.
  *
- * Note: this API is deprecated and scheduled for removal
+ * Note: this method is deprecated and scheduled for removal
  * in Spring Security 7.0.
  */
 class AuthorizeRequestsCall extends MethodCall {
@@ -55,7 +55,7 @@ class AuthorizeRequestsCall extends MethodCall {
 /**
  * A call to the `HttpSecurity.authorizeHttpRequests` method.
  *
- * Note: the no-argument version of this API is deprecated
+ * Note: the no-argument version of this method is deprecated
  * and scheduled for removal in Spring Security 7.0.
  */
 class AuthorizeHttpRequestsCall extends MethodCall {
@@ -65,15 +65,25 @@ class AuthorizeHttpRequestsCall extends MethodCall {
   }
 }
 
-/** A call to the `HttpSecurity.requestMatcher` method. */
+/**
+ * A call to the `HttpSecurity.requestMatcher` method.
+ *
+ * Note: this method was removed in Spring Security 6.0.
+ * It was replaced by `securityMatcher`.
+ */
 class RequestMatcherCall extends MethodCall {
   RequestMatcherCall() {
     this.getMethod().hasName("requestMatcher") and
     this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
   }
 }
 
-/** A call to the `HttpSecurity.requestMatchers` method. */
+/**
+ * A call to the `HttpSecurity.requestMatchers` method.
+ *
+ * Note: this method was removed in Spring Security 6.0.
+ * It was replaced by `securityMatchers`.
+ */
 class RequestMatchersCall extends MethodCall {
   RequestMatchersCall() {
     this.getMethod().hasName("requestMatchers") and

java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll

@@ -8,8 +8,8 @@ private import semmle.code.java.frameworks.spring.SpringBoot
  * A call to an `HttpSecurity` matcher method with argument
  * `EndpointRequest.toAnyEndpoint()`.
  */
-private class MatcherCall extends MethodCall {
-  MatcherCall() {
+private class HttpSecurityMatcherCall extends MethodCall {
+  HttpSecurityMatcherCall() {
     (
       this instanceof RequestMatcherCall or
       this instanceof SecurityMatcherCall
@@ -22,8 +22,8 @@ private class MatcherCall extends MethodCall {
  * A call to an `HttpSecurity` matchers method with lambda
  * argument `EndpointRequest.toAnyEndpoint()`.
  */
-private class MatchersCall extends MethodCall {
-  MatchersCall() {
+private class HttpSecurityMatchersCall extends MethodCall {
+  HttpSecurityMatchersCall() {
     (
       this instanceof RequestMatchersCall or
       this instanceof SecurityMatchersCall
@@ -56,10 +56,10 @@ private class AuthorizeCall extends MethodCall {
 predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
   exists(AuthorizeCall authorizeCall |
     // .requestMatcher(EndpointRequest).authorizeRequests([...]).[...]
-    authorizeCall.getQualifier() instanceof MatcherCall
+    authorizeCall.getQualifier() instanceof HttpSecurityMatcherCall
     or
     // .requestMatchers(matcher -> EndpointRequest).authorizeRequests([...]).[...]
-    authorizeCall.getQualifier() instanceof MatchersCall
+    authorizeCall.getQualifier() instanceof HttpSecurityMatchersCall
   |
     // [...].authorizeRequests(r -> r.anyRequest().permitAll()) or
     // [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll())
@@ -98,7 +98,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
       permitAllCall.getQualifier() = registryRequestMatchersCall
     )
     or
-    exists(Variable v, MatcherCall matcherCall |
+    exists(Variable v, HttpSecurityMatcherCall matcherCall |
       // http.securityMatcher(EndpointRequest.toAnyEndpoint());
       // http.authorizeRequests([...].permitAll())
       v.getAnAccess() = authorizeCall.getQualifier() and