修复漏洞（对报错信息进行自定义，避免泄露系统敏感信息）

ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppCompanyContactController.java

@@ -37,6 +37,9 @@ public class AppCompanyContactController extends BaseController {
     @ApiOperation("公司联系人列表")
     @GetMapping("/list")
     public TableDataInfo list(CompanyContact companyContact){
+        if(companyContact.getCompanyId()==null){
+            return error(400,"无效的企业id!");
+        }
         List<CompanyContact> list=companyContactService.getSelectList(companyContact);
         return getDataTable(list);
     }

ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppFileController.java

@@ -38,6 +38,9 @@ public class AppFileController extends BaseController {
     @GetMapping("/list")
     public TableDataInfo list(File file)
     {
+        if(file.getBussinessid()==null){
+            return error(400,"无效的业务id!");
+        }
         List<File> results = fileService.selectFileList(file);
         return getDataTable(results);
     }

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -131,6 +131,8 @@ public class SecurityConfig
                     .antMatchers("/app/fair/**").permitAll()
                     //.antMatchers("/app/**").permitAll()
                     //.antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
+                    //正式环境禁用接口
+                    .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**","/app/user/list").denyAll()
                     //放行前端界面
                     .antMatchers("/kashi/job-portal/detail/**").permitAll()
                     // 除上面外的所有请求全部需要鉴权认证