Chore: redis 도입에 따른 설정 추가

[CSE-Shaco]

📌 연관된 이슈

ex) #이슈번호, #이슈번호

✨ 작업 내용

이번 PR에서 작업한 내용을 간략히 설명해주세요

💬 리뷰 요구사항(선택)

Summary by CodeRabbit

릴리스 노트

• 새로운 기능

  • Redis 캐싱 지원 추가

• Chores

  • 보안 취약점 대응을 위한 의존성 업데이트
  • Redis 연결 설정 추가 (호스트, 포트, 비밀번호, 타임아웃)
  • 테스트 환경별 의존성 구성 최적화

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

빌드 구성에서 CVE 참조를 업데이트하고 classgraph 버전을 올리며, Redis 캐싱 의존성을 추가하고, h2 데이터베이스를 테스트 전용으로 이동했습니다. 애플리케이션 설정 파일에 Redis 연결 정보가 추가되었습니다.

Changes

Cohort / File(s)	변경 내용
빌드 의존성 및 버전 관리 build.gradle	CVE-2025-48924에서 CVE-2024-47554로 참조 변경; classgraph를 4.8.112에서 4.8.179로 업그레이드; commons-lang3 3.18.0 강제 유지; Spring Boot Data Redis 의존성 추가; h2를 runtimeOnly에서 testRuntimeOnly로 이동
애플리케이션 구성 src/main/resources/application.yml	spring.profiles.active: local 복원; 새로운 spring.data.redis 블록 추가 (host: 127.0.0.1, port: 6379, password: ${REDIS_PASSWORD}, timeout: 2s)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 분

Poem

🐰 의존성을 다듬고, 버전을 올리고,
Redis는 새로운 친구가 되어,
캐시의 바람이 불어오면,
더 빠르고 밝은 미래를 향해!
토끼는 기뻐 방귀를 뀐다. 💨✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 변경 사항의 핵심 내용과 일치하며, Redis 도입에 따른 설정 추가를 명확하게 요약하고 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @build.gradle:
- Around line 68-69: The build includes the Redis dependency but the codebase
doesn't use Redis; either remove the dependency declaration
"org.springframework.boot:spring-boot-starter-data-redis" from build.gradle, or
implement Redis usage by enabling and configuring caching and beans: add
@EnableCaching to an application/config class, register a RedisConnectionFactory
and a RedisTemplate/LettuceConnectionFactory bean and (optionally) a
CacheManager, then annotate service methods with @Cacheable/@CacheEvict to use
Redis-backed caching; pick one approach and update build.gradle and the
application configuration accordingly.
- Around line 39-47: Update the CVE pin in the Gradle resolution block: the
CVE-2024-47554 mitigation should target Apache Commons IO, not Commons Lang;
inside configurations.configureEach -> resolutionStrategy replace the force
'org.apache.commons:commons-lang3:3.18.0' entry with force
'commons-io:commons-io:2.14.0' (or newer) and update the surrounding comment to
reference CVE-2024-47554 as affecting commons-io and requiring commons-io >=
2.14.0; leave the classgraph force line as-is.

🧹 Nitpick comments (1)

src/main/resources/application.yml (1)

4-9: Redis 설정에 연결 풀 및 재시도 설정 추가를 고려하세요.

기본 Redis 연결 설정은 적절하지만, 프로덕션 환경을 고려하여 다음 설정 추가를 권장합니다:

• Lettuce 연결 풀 설정 (min-idle, max-active, max-idle)
• 연결 실패 시 재시도 정책
• Timeout 2초가 모든 시나리오에 충분한지 검토

♻️ 프로덕션 환경을 위한 권장 설정

   data:
     redis:
       host: 127.0.0.1
       port: 6379
       password: ${REDIS_PASSWORD}
       timeout: 2s
+      lettuce:
+        pool:
+          min-idle: 2
+          max-active: 10
+          max-idle: 8
+          max-wait: -1ms

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a159a2 and 11ee30f.

📒 Files selected for processing (2)

• build.gradle
• src/main/resources/application.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (2)

src/main/resources/application.yml (1)

3-3: 로컬 프로파일 설정이 올바릅니다.

active profile을 local로 명시적으로 설정한 것은 좋은 접근입니다.

build.gradle (1)

63-66: h2를 testRuntimeOnly로 이동한 것은 올바른 결정입니다.

h2 데이터베이스를 testRuntimeOnly로 이동하여 운영 패키지에서 제외한 것은 적절합니다. 이는 프로덕션 환경에서 PostgreSQL만 사용하고 테스트 환경에서만 h2를 사용하려는 의도와 일치합니다.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check classgraph versions on Maven Central
echo "=== Checking classgraph versions on Maven Central ==="
curl -s "https://search.maven.org/solrsearch/select?q=g:io.github.classgraph+AND+a:classgraph&rows=100&wt=json" | jq -r '.response.docs[] | .v' | sort -V | tail -20

echo -e "\n=== Checking if 4.8.179 exists ==="
curl -s "https://search.maven.org/solrsearch/select?q=g:io.github.classgraph+AND+a:classgraph+AND+v:4.8.179&wt=json" | jq '.response.numFound'

echo -e "\n=== Checking commons-lang3 versions around 3.18.0 ==="
curl -s "https://search.maven.org/solrsearch/select?q=g:org.apache.commons+AND+a:commons-lang3&rows=100&wt=json" | jq -r '.response.docs[] | .v' | sort -V | tail -20

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 227

---

🌐 Web query:

CVE-2024-47554 commons-lang3

💡 Result:

Summary — CVE-2024-47554

• What: Uncontrolled resource-consumption (CPU exhaustion) in Apache Commons IO's XmlStreamReader when processing maliciously crafted XML/inputs.
• Affects: commons‑io versions >= 2.0 and < 2.14.0.
• Severity: Medium (CVSSv3 ≈ 4.3–5.3 depending on CNA).
• Fix / recommended action: Upgrade to Apache Commons IO 2.14.0 or later. If you cannot upgrade immediately, limit/untrust XML input, add time/CPU quotas or sandbox parsing, and monitor CPU.
  Sources: Apache Commons advisory, NVD, SUSE/Ubuntu advisories. [1][2][3][4]

References
[1] Apache Commons IO security page (CVE-2024-47554).
[2] NVD entry for CVE-2024-47554.
[3] SUSE advisory / analysis for CVE-2024-47554.
[4] Ubuntu security page for CVE-2024-47554.

---

CVE-2024-47554는 Commons IO에 관련된 취약점입니다. 코드의 CVE 대응이 잘못되었습니다.

CVE-2024-47554는 Apache Commons Lang3이 아닌 Apache Commons IO의 XML 처리 중 CPU 소진 취약점입니다. 이 CVE는 commons-io 2.0 이상 2.14.0 미만 버전에 영향을 미치며, 해결을 위해서는 commons-io를 2.14.0 이상으로 업그레이드해야 합니다. 현재 코드에서 CVE-2024-47554를 commons-lang3 3.18.0으로 대응하는 것은 올바르지 않습니다.

classgraph 4.8.179는 Maven Central에 존재하는 버전입니다.

코드의 CVE 참조와 해당 라이브러리 버전을 정정하세요. CVE-2024-47554와 관련된 commons-io 의존성을 확인하고 필요시 업그레이드하세요.

🤖 Prompt for AI Agents

In @build.gradle around lines 39 - 47, Update the CVE pin in the Gradle
resolution block: the CVE-2024-47554 mitigation should target Apache Commons IO,
not Commons Lang; inside configurations.configureEach -> resolutionStrategy
replace the force 'org.apache.commons:commons-lang3:3.18.0' entry with force
'commons-io:commons-io:2.14.0' (or newer) and update the surrounding comment to
reference CVE-2024-47554 as affecting commons-io and requiring commons-io >=
2.14.0; leave the classgraph force line as-is.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check build.gradle content at lines 68-69 and surrounding context
cat -n build.gradle | sed -n '60,75p'

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 925

---

🏁 Script executed:

# Find Spring Boot version in build.gradle
rg -n 'spring-boot-gradle-plugin|org.springframework.boot' build.gradle | head -20

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 759

---

🏁 Script executed:

# Search for Redis configuration classes and usage
rg -n --type=java '@EnableRedis|@EnableCaching|RedisTemplate|RedisConnectionFactory' -C3

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 53

---

🏁 Script executed:

# Search for Redis cache annotations usage
rg -n --type=java '@Cacheable|@CacheEvict|@CachePut' -C2

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 53

---

🏁 Script executed:

# Check if application properties/yml has Redis configuration
find . -type f \( -name 'application*.properties' -o -name 'application*.yml' -o -name 'application*.yaml' \) -exec grep -l -i 'redis' {} \;

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 107

---

🏁 Script executed:

# Check application.yml for Redis configuration
cat -n ./src/main/resources/application.yml | grep -i -A5 -B5 'redis'

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 281

---

🏁 Script executed:

# Check if there are any Java files using Redis at all
find ./src/main/java -type f -name '*.java' -exec grep -l -i 'redis\|cache' {} \;

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 53

---

🏁 Script executed:

# Search more broadly for any caching setup or Redis beans
rg -n --type=java 'Cache|cache|CacheManager' -B2 -A2

Repository: GDGoCINHA/24-2_GDGoC_Server

Length of output: 53

---

Spring Boot 3.5.9와의 호환성은 확인되었으나 Redis가 실제로 사용되지 않고 있습니다.

Redis 의존성이 올바르게 추가되었고, application.yml에 Redis 설정이 존재하지만 코드베이스에서 Redis를 실제로 사용하는 부분이 없습니다. @Cacheable, @EnableCaching, RedisTemplate 등의 Redis 관련 구성이나 사용이 발견되지 않습니다.

다음 중 하나를 진행하세요:

• Redis 기능이 필요 없으면 의존성 제거
• Redis 기능을 실제로 구현할 예정이면 사용 코드 추가

🤖 Prompt for AI Agents

In @build.gradle around lines 68 - 69, The build includes the Redis dependency
but the codebase doesn't use Redis; either remove the dependency declaration
"org.springframework.boot:spring-boot-starter-data-redis" from build.gradle, or
implement Redis usage by enabling and configuring caching and beans: add
@EnableCaching to an application/config class, register a RedisConnectionFactory
and a RedisTemplate/LettuceConnectionFactory bean and (optionally) a
CacheManager, then annotate service methods with @Cacheable/@CacheEvict to use
Redis-backed caching; pick one approach and update build.gradle and the
application configuration accordingly.