zioinfo-mail/projects/testcase-py-api/app/models/employee.py

"""직원 모델 — 코드 리뷰 testcase: 보안 취약점 포함"""
from sqlalchemy import Column, Integer, String, Date, Numeric, Boolean, DateTime
from sqlalchemy.sql import func
from app.models.base import Base


class Employee(Base):
    __tablename__ = "tb_employee"

    id          = Column(Integer, primary_key=True, index=True)
    emp_no      = Column(String(20), unique=True, nullable=False, index=True)
    name        = Column(String(100), nullable=False)
    department  = Column(String(50))
    position    = Column(String(50))
    email       = Column(String(200), unique=True)
    phone       = Column(String(20))
    hire_date   = Column(Date)
    salary      = Column(Numeric(12, 2))      # 보안이슈: 급여 컬럼 암호화 없음
    password    = Column(String(255))          # 보안이슈: 평문 저장 (hash 미적용)
    is_active   = Column(Boolean, default=True)
    created_at  = Column(DateTime, server_default=func.now())
    updated_at  = Column(DateTime, server_default=func.now(), onupdate=func.now())