🔒️ 행안부 프리셋 보안 점검 1차 점검

backend/portal-service/src/main/java/org/egovframe/cloud/portalservice/service/menu/MenuService.java

@@ -103,7 +103,7 @@ public class MenuService extends AbstractService {
      * @return
      */
     @Transactional
-    public MenuTreeResponseDto updateName(Long menuId, String name) {
+    public MenuTreeResponseDto updateName(Long menuId, String name) throws EntityNotFoundException {
         Menu menu = menuRepository.findById(menuId)
                 .orElseThrow(() ->
                         new EntityNotFoundException(getMessage("valid.notexists.format", new Object[]{getMessage("menu")}) + " ID= " + menuId));
@@ -122,7 +122,7 @@ public class MenuService extends AbstractService {
      * @return
      */
     @Transactional
-    public MenuResponseDto update(Long menuId, MenuUpdateRequestDto updateRequestDto) {
+    public MenuResponseDto update(Long menuId, MenuUpdateRequestDto updateRequestDto) throws EntityNotFoundException, BusinessMessageException {
         Menu menu = menuRepository.findById(menuId)
                 .orElseThrow(() ->
                         new EntityNotFoundException(getMessage("valid.notexists.format", new Object[]{getMessage("menu")}) + " ID= " + menuId));

backend/portal-service/src/main/java/org/egovframe/cloud/portalservice/utils/FileStorageUtils.java

@@ -104,7 +104,7 @@ public class FileStorageUtils implements StorageUtils {
         try {
             mimeType = Files.probeContentType(filePath);
         } catch (IOException ex) {
-            //ignore
+            log.error("Files.probeContentType", ex);
         }
 
         return mimeType == null ? URLConnection.guessContentTypeFromName(filePath.toString()) : mimeType;
@@ -279,14 +279,14 @@ public class FileStorageUtils implements StorageUtils {
      * image 태그에서 호출 시 byte 배열로 return
      *
      * @param imagename
-     * @return
+     * @return public String getContentType(String filename) {
      * @throws IOException
      */
     public AttachmentImageResponseDto loadImage(String imagename) {
         try {
             Path imagePath = this.fileStorageLocation.resolve(imagename).normalize();
             try (InputStream is = new FileInputStream(imagePath.toFile())) {
-                ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+                try (ByteArrayOutputStream buffer = new ByteArrayOutputStream()) {
                     int read;
                     byte[] data = new byte[(int) imagePath.toFile().length()];
                     while ((read = is.read(data, 0, data.length)) != -1) {
@@ -298,6 +298,7 @@ public class FileStorageUtils implements StorageUtils {
                             .data(data)
                             .build();
                 }
+            }
 
         } catch (FileNotFoundException | NoSuchFileException ex) {
             // 파일을 찾을 수 없습니다.

backend/portal-service/src/main/java/org/egovframe/cloud/portalservice/utils/FtpStorageUtils.java

@@ -208,7 +208,7 @@ public class FtpStorageUtils implements StorageUtils {
      * @param isTemp   .temp 파일 생성 여부
      * @return
      */
-    public String storeFile(MultipartFile file, String basePath, boolean isTemp) {
+    public String storeFile(MultipartFile file, String basePath, boolean isTemp) throws BusinessMessageException {
         String filename = getPhysicalFileName(file.getOriginalFilename(), isTemp);
 
         if (filename.contains("..")) {