Skip to content

StudyMember TestCode #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
HwangMinSeon wants to merge 6 commits into
base: develop
Choose a base branch
from
+1,401 −394
Open

StudyMember TestCode #130

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ffd8fd6
StudyMember TestCode 작성
HwangMinSeon Nov 29, 2025
e6434c9
fix : build.gradle 수정
HwangMinSeon Nov 29, 2025
79e740f
깃 최신 브랜치 가져옴
HwangMinSeon Dec 21, 2025
fe15445
fix : coderabbit 수정 및 RepositoryTestSupport로 컨테이너 받아서 구현
HwangMinSeon Dec 21, 2025
7094c5f
fix : QueryDSL 버전을 5.1.0으로 통일
HwangMinSeon Dec 21, 2025
0589123
fix: StudyMemberMapper.toEntities에서 users Map에 없는 userId에 대한 null 체크 추가
HwangMinSeon Dec 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions techeerzip/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,11 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.springframework.boot:spring-boot-starter-aop'

// QueryDSL
implementation 'com.querydsl:querydsl-core:5.0.0'
implementation 'com.querydsl:querydsl-jpa:5.0.0:jakarta'
// QueryDSL (CVE-2024-49203 수정 버전)
implementation 'com.querydsl:querydsl-core:5.1.0'
implementation 'com.querydsl:querydsl-jpa:5.1.0:jakarta'

annotationProcessor 'com.querydsl:querydsl-apt:5.0.0:jakarta'
annotationProcessor 'com.querydsl:querydsl-apt:5.1.0:jakarta'
Comment on lines +51 to +55
Copy link

@coderabbitai coderabbitai bot Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

QueryDSL 5.1.0은 CVE-2024-49203의 해결 버전이 아니라 취약한 버전입니다.

QueryDSL 5.1.0은 JPAQuery의 orderBy 기능에서 SQL/HQL 인젝션 취약점이 존재하며, querydsl-jpa 5.1.0과 querydsl-apt 5.1.0이 영향을 받습니다. 문제는 QueryDSL 5.6.1과 6.10.1 버전에서 수정되었습니다. 현재 버전 5.1.0으로의 업그레이드는 CVE를 해결하지 못합니다. 최소한 5.6.1 이상으로 업그레이드하거나, 더 나아가 OpenFeign의 유지보수 중인 포크에서 6.10.1 이상으로 업그레이드를 고려해야 합니다.

annotationProcessor 'jakarta.annotation:jakarta.annotation-api'
annotationProcessor 'jakarta.persistence:jakarta.persistence-api'

Expand Down Expand Up @@ -81,9 +81,18 @@ dependencies {
testImplementation 'org.testcontainers:junit-jupiter'
testImplementation 'org.testcontainers:postgresql'
testRuntimeOnly 'org.junit.platform:junit-platform-launcher'

// Testcontainers
testImplementation 'org.testcontainers:testcontainers:1.19.3'
testImplementation 'org.testcontainers:junit-jupiter:1.19.3'
testImplementation 'org.testcontainers:postgresql:1.19.3'
Comment on lines +85 to +88
Copy link

@coderabbitai coderabbitai bot Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Testcontainers latest version 2025 release

💡 Result:

The latest Testcontainers (Java) release as of Nov 29, 2025 is 2.0.2 (released Nov 13, 2025). [1]
The previous stable 1.x release was 1.21.3 (released Jun 28–29, 2025). [2]

Sources:
[1] GitHub releases — testcontainers/testcontainers-java (2.0.2).
[2] Maven / mvnrepository entries for 1.21.3.

🌐 Web query:

Testcontainers 1.19.3 release date security vulnerabilities

💡 Result:

  • Release date: November 21, 2023. [1][2]

  • Known security issues (from dependencies):

    • CVE-2024-26308 (Apache Commons Compress — allocation of resources / DoS). Recommended fix: upgrade Commons Compress to ≥1.26. [3]
    • CVE-2024-25710 (Apache Commons Compress — infinite loop / DoS). Recommended fix: upgrade Commons Compress to ≥1.26. [4]

References:
[1] Maven Central / mvnrepository entry for org.testcontainers:testcontainers:1.19.3 (date & reported vulnerabilities).
[2] Repository index for testcontainers 1.19.3 (timestamp).
[3] NVD / advisories for CVE-2024-26308.
[4] NVD / advisories for CVE-2024-25710.

Update Testcontainers to a newer version; 1.19.3 has known security vulnerabilities.

Version 1.19.3 (released November 21, 2023) is now significantly outdated. As of November 2025, the latest stable version is 2.0.2 (released November 13, 2025), with 1.21.3 being the last 1.x release (June 28, 2025).

More critically, 1.19.3 has transitive dependency vulnerabilities:

Upgrade to at least 1.21.3 (minimal 1.x update) or preferably 2.0.2 (latest).


// SpringDoc OpenAPI (테스트 용도)
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'

// 보안 취약점 해결을 위한 전이 의존성 버전 지정
implementation 'org.apache.commons:commons-compress:1.28.0'
implementation 'org.apache.commons:commons-lang3:3.18.0'

// S3
implementation "software.amazon.awssdk:s3:2.31.32"
Expand Down
21 changes: 13 additions & 8 deletions techeerzip/src/main/java/backend/techeerzip/domain/studyMember/mapper/StudyMemberMapper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,19 @@ public static List<StudyMember> toEntities(
}
return incomingMembersInfo.stream()
.map(
info ->
StudyMember.builder()
.user(users.get(info.getUserId()))
.studyTeam(team)
.isLeader(info.getIsLeader())
.status(StatusCategory.APPROVED)
.summary(DEFAULT_MEMBER_SUMMARY)
.build())
info -> {
User user = users.get(info.getUserId());
if (user == null) {
throw new StudyMemberBadRequestException();
}
return StudyMember.builder()
.user(user)
.studyTeam(team)
.isLeader(info.getIsLeader())
.status(StatusCategory.APPROVED)
.summary(DEFAULT_MEMBER_SUMMARY)
.build();
})
.toList();
}
}
Loading
Loading