Remove /topic/file/operation endpoint to fix information disclosure vulnerability

[devin-ai-integration]

Summary

Removes the GET /topic/file/operation endpoint from HelloController and the four underlying NIO file-operation methods from TopicService. These methods (findAllFilesInPathAndSort, findParticularFileInPathAndSort, findParticularFileInPathAndSortWithWalkFunction, readFileWithStreamFunction) exposed the server's filesystem structure and file contents to callers — they were Java 8 NIO demos, not business logic.

Changes:

• HelloController.java: Deleted showFileOperation() method and its four template strings
• TopicService.java: Deleted the four file-operation methods and removed now-unused imports (BufferedReader, IOException, Files, Path, Paths)

Pure deletion — no new code added. mvn clean compile passes.

Review & Testing Checklist for Human

• Verify no other code (controllers, tests, or services) calls the four removed TopicService methods — compilation passed but there may be reflection-based or test references
• Check whether any existing tests cover /topic/file/operation or the removed service methods and would now fail
• Note that README.md still documents GET /topic/file/operation as an available API — consider whether it should be updated in this PR or a follow-up

Suggested test plan: Start the app (mvn spring-boot:run), confirm GET /topic/file/operation returns 404, and confirm remaining endpoints (/topic/string/operation, /datetime, /topic) still work.

Notes

• The temp.txt file in the repo root was only read by readFileWithStreamFunction() — it may now be dead; consider removing it separately.

Link to Devin session: https://app.devin.ai/sessions/441792f3d32f41cf90f3419cd067da3e
Requested by: @marcelschwager-ux

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional finding.

[devin-ai-integration]

Test Results: Remove /topic/file/operation endpoint

Session: Devin session

Escalation

The app has a pre-existing crash unrelated to this PR — Application.java calls http://gturnquist-quoters.cfapps.io/api/random which is no longer reachable, causing the Spring context to shut down after Tomcat starts. Live curl testing was not possible due to this.

Results

• Compilation — PASSED. mvn clean compile → BUILD SUCCESS. javac recompilation of both changed files succeeded with 0 errors.
• Route mapping verification — PASSED. Spring Boot startup logs confirm /topic/file/operation is no longer registered. Only /datetime and /topic/string/operation remain on HelloController.
• Codebase grep — PASSED. Zero references to removed methods or endpoint path in src/.

Route mapping evidence (from Spring Boot startup logs)

Mapped "{[/]}" → GreetingController.greeting()
Mapped "{[/datetime]}" → HelloController.index()
Mapped "{[/topic/string/operation]}" → HelloController.showStringOperation()
Mapped "{[/topic]}" → TopicController.getAllTopics()
Mapped "{[/topic/{id}]}" → TopicController.getTopicWithID()
Mapped "{[/topic],methods=[POST]}" → TopicController.addTopic()
Mapped "{[/topic/{id}],methods=[PUT]}" → TopicController.updateTopic()
Mapped "{[/topic/{id}],methods=[DELETE]}" → TopicController.deleteTopic()
Mapped "{[/topic/minimum/length/{minLength}]}" → TopicController.filterMinimumLengthForId()
Mapped "{[/topic/sort]}" → TopicController.sortTopicsWithID()

No /topic/file/operation mapping — endpoint successfully removed.