Fix compilation error and review issues in Java security queries

- Replace getAValue() with getValue() in InsecureDirectObjectReference.ql
  to compile against codeql/java-all@7.1.3 (CI uses CLI 2.21.1)
- Fix getAStringArrayValue -> getAStringValue for PathVariable/RequestParam
  annotations (value/name are single String attrs, not arrays)
- Remove setUrls from LdapUrlSink (takes String[], not a single constant)
- Remove LDAP URL literal from alert message to avoid exposing credentials
- Improve InsecureDirectObjectReference alert message clarity

Author: Copilot

java/src/security/CWE-319/CleartextLdapUrl.ql

@@ -32,7 +32,7 @@ class LdapUrlSink extends MethodCall {
   Expr urlArg;
 
   LdapUrlSink() {
-    this.getMethod().hasName(["setUrl", "setUrls", "setProviderUrl"]) and
+    this.getMethod().hasName(["setUrl", "setProviderUrl"]) and
     this.getQualifier().getType().(RefType).getName().matches("%ContextSource%") and
     urlArg = this.getArgument(0)
   }
@@ -44,4 +44,4 @@ from LdapUrlSink sink, string url
 where
   constantStringValue(sink.getUrlArg(), url) and
   url.regexpMatch("(?i)ldap://.*")
-select sink, "LDAP context configured with cleartext URL '" + url + "'; use ldaps:// or STARTTLS."
+select sink, "LDAP context configured with a cleartext ldap:// URL; use ldaps:// or STARTTLS."

java/src/security/CWE-639/InsecureDirectObjectReference.ql

@@ -24,7 +24,7 @@ class ActionMethod extends SpringRequestMappingMethod {
   /** Gets a string describing this action: method name, class name, route, or HTTP verb. */
   string getADescription() {
     result =
-      [this.getName(), this.getDeclaringType().getName(), this.getAValue(), this.getMethodValue()]
+      [this.getName(), this.getDeclaringType().getName(), this.getValue(), this.getMethodValue()]
   }
 
   /** Holds if this action may represent a state-changing operation. */
@@ -64,7 +64,7 @@ predicate hasIdParameter(ActionMethod m) {
       a.getType()
           .hasQualifiedName("org.springframework.web.bind.annotation",
             ["PathVariable", "RequestParam"]) and
-      a.getAStringArrayValue(["value", "name"]).toLowerCase().matches(["%id", "%idx"])
+      a.getAStringValue(["value", "name"]).toLowerCase().matches(["%id", "%idx"])
     )
   )
 }
@@ -121,4 +121,4 @@ predicate hasInsecureDirectObjectReference(ActionMethod m) {
 from ActionMethod m
 where hasInsecureDirectObjectReference(m)
 select m,
-  "This action may be missing authorization checks for which users can access the resource of the provided id."
+  "This action may be missing authorization checks to verify the current user is permitted to access the resource identified by the provided id."