🔒️ 행안부 프리셋 보안 점검 1차 점검
This commit is contained in:
kimjaeyeol
@@ -31,6 +31,9 @@ public class AttachmentImageResponseDto {
|
||||
@Builder
|
||||
public AttachmentImageResponseDto(String mimeType, byte[] data) {
|
||||
this.mimeType = mimeType;
|
||||
this.data = data;
|
||||
this.data = new byte[data.length];
|
||||
for (int i = 0; i < data.length; i++) {
|
||||
this.data[i] = data[i];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,6 +48,6 @@ public class MenuDnDRequestDto {
|
||||
this.parentId = parentId;
|
||||
this.level = level;
|
||||
this.icon = icon;
|
||||
this.children = children;
|
||||
this.children = new ArrayList<>(children);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.ToString;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -53,6 +54,6 @@ public class MenuRoleRequestDto {
|
||||
this.sortSeq = sortSeq;
|
||||
this.icon = icon;
|
||||
this.level = level;
|
||||
this.children = children;
|
||||
this.children = new ArrayList<>(children);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -74,7 +74,7 @@ public class MessageSourceFiles {
|
||||
try {
|
||||
Files.createDirectory(Paths.get(fileMessagesDirectory).toAbsolutePath().normalize());
|
||||
} catch (FileAlreadyExistsException e) {
|
||||
log.info("메시지 폴더 경로에 파일이나 디렉토리가 이미 존재, {}", e.getMessage());
|
||||
log.error("메시지 폴더 경로에 파일이나 디렉토리가 이미 존재", e);
|
||||
} catch (IOException e) {
|
||||
log.error("메시지 폴더 생성 오류", e);
|
||||
}
|
||||
@@ -102,7 +102,7 @@ public class MessageSourceFiles {
|
||||
try (FileOutputStream out = new FileOutputStream(propFile)) {
|
||||
prop.store(out, "messages");
|
||||
} catch (IOException e) {
|
||||
log.error("Messages FileOutputStream IOException = {}, {}", e.getMessage(), e.getCause());
|
||||
log.error("Messages FileOutputStream IOException", e);
|
||||
}
|
||||
|
||||
// files
|
||||
|
||||
@@ -113,7 +113,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param editorRequestDto
|
||||
* @return
|
||||
*/
|
||||
public AttachmentEditorResponseDto uploadEditor(AttachmentBase64RequestDto editorRequestDto) {
|
||||
public AttachmentEditorResponseDto uploadEditor(AttachmentBase64RequestDto editorRequestDto) throws BusinessMessageException {
|
||||
String fileBase64 = editorRequestDto.getFileBase64();
|
||||
|
||||
if (fileBase64 == null || fileBase64.equals("")) {
|
||||
@@ -158,7 +158,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional(readOnly = true)
|
||||
public AttachmentImageResponseDto loadImageByUniqueId(String uniqueId) {
|
||||
public AttachmentImageResponseDto loadImageByUniqueId(String uniqueId) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -172,7 +172,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param uniqueId
|
||||
* @return
|
||||
*/
|
||||
public AttachmentDownloadResponseDto downloadFile(String uniqueId) {
|
||||
public AttachmentDownloadResponseDto downloadFile(String uniqueId) throws EntityNotFoundException, BusinessMessageException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -212,7 +212,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param uniqueId
|
||||
* @return
|
||||
*/
|
||||
public AttachmentDownloadResponseDto downloadAttachment(String uniqueId) {
|
||||
public AttachmentDownloadResponseDto downloadAttachment(String uniqueId) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -272,7 +272,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param saveRequestDtoList
|
||||
* @return
|
||||
*/
|
||||
public String saveByCode(String attachmentCode, List<AttachmentTempSaveRequestDto> saveRequestDtoList) {
|
||||
public String saveByCode(String attachmentCode, List<AttachmentTempSaveRequestDto> saveRequestDtoList) throws EntityNotFoundException {
|
||||
for (AttachmentTempSaveRequestDto saveRequestDto : saveRequestDtoList) {
|
||||
// 사용자 삭제인 경우 삭제여부 Y
|
||||
if (saveRequestDto.isDelete()) {
|
||||
@@ -322,7 +322,7 @@ public class AttachmentService extends AbstractService {
|
||||
* @param isDelete
|
||||
* @return
|
||||
*/
|
||||
public String toggleDelete(String uniqueId, boolean isDelete) {
|
||||
public String toggleDelete(String uniqueId, boolean isDelete) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -336,7 +336,7 @@ public class AttachmentService extends AbstractService {
|
||||
*
|
||||
* @param uniqueId
|
||||
*/
|
||||
public void delete(String uniqueId) {
|
||||
public void delete(String uniqueId) throws EntityNotFoundException {
|
||||
Attachment attachment = attachmentRepository.findAllByUniqueId(uniqueId)
|
||||
// 파일을 찾을 수 없습니다.
|
||||
.orElseThrow(() -> new EntityNotFoundException(getMessage("valid.file.not_found") + " ID= " + uniqueId));
|
||||
@@ -400,7 +400,7 @@ public class AttachmentService extends AbstractService {
|
||||
public String uploadAndUpdate(List<MultipartFile> files,
|
||||
String attachmentCode,
|
||||
AttachmentUploadRequestDto uploadRequestDto,
|
||||
List<AttachmentUpdateRequestDto> updateRequestDtoList) {
|
||||
List<AttachmentUpdateRequestDto> updateRequestDtoList) throws EntityNotFoundException {
|
||||
String basePath = LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyyMM"));
|
||||
|
||||
// 기존 파일 삭제 처리
|
||||
@@ -466,7 +466,7 @@ public class AttachmentService extends AbstractService {
|
||||
*
|
||||
* @param attachmentCode
|
||||
*/
|
||||
public void deleteAllEmptyEntity(String attachmentCode) {
|
||||
public void deleteAllEmptyEntity(String attachmentCode) throws EntityNotFoundException, BusinessMessageException {
|
||||
List<Attachment> attachmentList = attachmentRepository.findByCode(attachmentCode);
|
||||
|
||||
if (attachmentList == null || attachmentList.size() <= 0) {
|
||||
|
||||
@@ -46,7 +46,7 @@ public class CodeService extends AbstractService {
|
||||
* @param codeId
|
||||
* @return
|
||||
*/
|
||||
public CodeResponseDto findByCodeId(String codeId) {
|
||||
public CodeResponseDto findByCodeId(String codeId) throws EntityNotFoundException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
return new CodeResponseDto(code);
|
||||
@@ -59,7 +59,7 @@ public class CodeService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional
|
||||
public String save(CodeSaveRequestDto saveRequestDto) {
|
||||
public String save(CodeSaveRequestDto saveRequestDto) throws BusinessException {
|
||||
Optional<Code> byCodeId = codeRepository.findByCodeId(saveRequestDto.getCodeId());
|
||||
if (byCodeId.isPresent()) {
|
||||
throw new BusinessException("코드ID 중복 : " + byCodeId, ErrorCode.DUPLICATE_INPUT_INVALID);
|
||||
@@ -75,7 +75,7 @@ public class CodeService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional
|
||||
public String update(String codeId, CodeUpdateRequestDto requestDto) {
|
||||
public String update(String codeId, CodeUpdateRequestDto requestDto) throws EntityNotFoundException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
|
||||
@@ -90,7 +90,7 @@ public class CodeService extends AbstractService {
|
||||
* @param codeId
|
||||
*/
|
||||
@Transactional
|
||||
public void delete(String codeId) {
|
||||
public void delete(String codeId) throws BusinessMessageException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
|
||||
@@ -111,7 +111,7 @@ public class CodeService extends AbstractService {
|
||||
* @return
|
||||
*/
|
||||
@Transactional
|
||||
public String updateUseAt(String codeId, boolean useAt) {
|
||||
public String updateUseAt(String codeId, boolean useAt) throws EntityNotFoundException {
|
||||
Code code = codeRepository.findByCodeId(codeId)
|
||||
.orElseThrow(() -> new EntityNotFoundException("해당 데이터가 존재하지 않습니다. ID =" + codeId));
|
||||
|
||||
|
||||
@@ -149,9 +149,9 @@ public class FileStorageUtils implements StorageUtils {
|
||||
Base64.Decoder decoder = Base64.getDecoder();
|
||||
byte[] decodeBytes = decoder.decode(requestDto.getFileBase64().getBytes());
|
||||
|
||||
FileOutputStream outputStream = new FileOutputStream(file);
|
||||
outputStream.write(decodeBytes);
|
||||
outputStream.close();
|
||||
try (FileOutputStream outputStream = new FileOutputStream(file)) {
|
||||
outputStream.write(decodeBytes);
|
||||
}
|
||||
|
||||
return filename;
|
||||
|
||||
@@ -285,20 +285,20 @@ public class FileStorageUtils implements StorageUtils {
|
||||
public AttachmentImageResponseDto loadImage(String imagename) {
|
||||
try {
|
||||
Path imagePath = this.fileStorageLocation.resolve(imagename).normalize();
|
||||
InputStream is = new FileInputStream(imagePath.toFile());
|
||||
try (InputStream is = new FileInputStream(imagePath.toFile())) {
|
||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
||||
int read;
|
||||
byte[] data = new byte[(int) imagePath.toFile().length()];
|
||||
while ((read = is.read(data, 0, data.length)) != -1) {
|
||||
buffer.write(data, 0, read);
|
||||
}
|
||||
|
||||
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
|
||||
int read;
|
||||
byte[] data = new byte[(int) imagePath.toFile().length()];
|
||||
while ((read = is.read(data, 0, data.length)) != -1) {
|
||||
buffer.write(data, 0, read);
|
||||
return AttachmentImageResponseDto.builder()
|
||||
.mimeType(getContentType(imagename))
|
||||
.data(data)
|
||||
.build();
|
||||
}
|
||||
is.close();
|
||||
|
||||
return AttachmentImageResponseDto.builder()
|
||||
.mimeType(getContentType(imagename))
|
||||
.data(data)
|
||||
.build();
|
||||
} catch (FileNotFoundException | NoSuchFileException ex) {
|
||||
// 파일을 찾을 수 없습니다.
|
||||
throw new BusinessMessageException(messageUtil.getMessage("valid.file.not_found"));
|
||||
|
||||
Reference in New Issue
Block a user