From 5058e2edc7c219f97d83eff6f7ec0b00aaa0342c Mon Sep 17 00:00:00 2001 From: "zhuangpeng.li" <908349383@qq.com> Date: Thu, 20 Nov 2025 11:23:29 +0800 Subject: [PATCH] =?UTF-8?q?fix(XXE=E6=BC=8F=E6=B4=9E=E4=BF=AE=E5=A4=8D):?= =?UTF-8?q?=20XXE=E6=BC=8F=E6=B4=9E=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sip/handler/req/ReqAbstractHandler.java | 8 ++- .../req/message/MessageRequestProcessor.java | 3 +- .../notify/cmdType/KeepaliveHandler.java | 3 +- .../response/cmdType/CatalogHandler.java | 3 +- .../response/cmdType/DeviceInfoHandler.java | 3 +- .../java/com/fastbee/sip/util/XmlUtil.java | 64 ++++++++----------- 6 files changed, 41 insertions(+), 43 deletions(-) diff --git a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java index ebfa5ff3..fab29f28 100644 --- a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java +++ b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java @@ -12,6 +12,7 @@ import org.dom4j.Element; import org.dom4j.io.SAXReader; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.xml.sax.SAXException; import javax.sip.*; import javax.sip.header.FromHeader; @@ -105,15 +106,18 @@ public abstract class ReqAbstractHandler { return response; } - public Element getRootElement(RequestEvent evt) throws DocumentException { + public Element getRootElement(RequestEvent evt) throws DocumentException, SAXException { return getRootElement(evt, "gb2312"); } - public Element getRootElement(RequestEvent evt, String charset) throws DocumentException { + public Element getRootElement(RequestEvent evt, String charset) throws DocumentException, SAXException { if (charset == null) { charset = "gb2312"; } Request request = evt.getRequest(); SAXReader reader = new SAXReader(); + reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + reader.setFeature("http://xml.org/sax/features/external-general-entities", false); + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); reader.setEncoding(charset); // 对海康出现的未转义字符做处理。 String[] destStrArray = new String[]{"<",">","&","'","""}; diff --git a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/MessageRequestProcessor.java b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/MessageRequestProcessor.java index 4f890fad..f21e8c91 100644 --- a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/MessageRequestProcessor.java +++ b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/MessageRequestProcessor.java @@ -7,6 +7,7 @@ import com.fastbee.sip.server.IGBListener; import com.fastbee.sip.service.ISipDeviceService; import com.fastbee.sip.util.SipUtil; import gov.nist.javax.sip.message.SIPRequest; +import org.xml.sax.SAXException; import lombok.extern.slf4j.Slf4j; import org.dom4j.DocumentException; import org.dom4j.Element; @@ -85,7 +86,7 @@ public class MessageRequestProcessor extends ReqAbstractHandler implements Initi log.warn("SIP 回复错误", e); } catch (InvalidArgumentException e) { log.warn("参数无效", e); - } catch (ParseException e) { + } catch (ParseException | SAXException e) { log.warn("SIP回复时解析异常", e); } } diff --git a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/notify/cmdType/KeepaliveHandler.java b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/notify/cmdType/KeepaliveHandler.java index 2b2d6d4d..77ccc7fd 100644 --- a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/notify/cmdType/KeepaliveHandler.java +++ b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/notify/cmdType/KeepaliveHandler.java @@ -16,6 +16,7 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; +import org.xml.sax.SAXException; import javax.sip.InvalidArgumentException; import javax.sip.RequestEvent; @@ -68,7 +69,7 @@ public class KeepaliveHandler extends ReqAbstractHandler implements Initializing responseAck(evt); } - } catch (ParseException | SipException | InvalidArgumentException | DocumentException e) { + } catch (ParseException | SipException | InvalidArgumentException | DocumentException | SAXException e) { e.printStackTrace(); } } diff --git a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/CatalogHandler.java b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/CatalogHandler.java index fb154279..efc9b58a 100644 --- a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/CatalogHandler.java +++ b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/CatalogHandler.java @@ -17,6 +17,7 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.ObjectUtils; +import org.xml.sax.SAXException; import javax.sip.InvalidArgumentException; import javax.sip.RequestEvent; @@ -199,7 +200,7 @@ public class CatalogHandler extends ReqAbstractHandler implements InitializingBe responseAck(evt); } - } catch (ParseException | SipException | InvalidArgumentException | DocumentException e) { + } catch (ParseException | SipException | InvalidArgumentException | DocumentException | SAXException e) { e.printStackTrace(); } } diff --git a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/DeviceInfoHandler.java b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/DeviceInfoHandler.java index 655cb4f2..faa37969 100644 --- a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/DeviceInfoHandler.java +++ b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/message/response/cmdType/DeviceInfoHandler.java @@ -13,6 +13,7 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; +import org.xml.sax.SAXException; import javax.sip.InvalidArgumentException; import javax.sip.RequestEvent; @@ -48,7 +49,7 @@ public class DeviceInfoHandler extends ReqAbstractHandler implements Initializin // 回复200 OK responseAck(evt); - } catch (DocumentException | SipException | InvalidArgumentException | ParseException e) { + } catch (DocumentException | SipException | InvalidArgumentException | ParseException | SAXException e) { e.printStackTrace(); } } diff --git a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/util/XmlUtil.java b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/util/XmlUtil.java index ecb4ed65..563cfc16 100644 --- a/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/util/XmlUtil.java +++ b/springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/util/XmlUtil.java @@ -6,6 +6,7 @@ import org.dom4j.Document; import org.dom4j.DocumentException; import org.dom4j.Element; import org.dom4j.io.SAXReader; +import org.xml.sax.SAXException; import javax.sip.RequestEvent; import javax.sip.message.Request; @@ -19,22 +20,20 @@ public class XmlUtil { /** * 解析XML为Document对象 * - * @param xml - * 被解析的XMl + * @param xml 被解析的XMl * @return Document */ - public static Element parseXml(String xml) - { + public static Element parseXml(String xml) { Document document = null; // StringReader sr = new StringReader(xml); - SAXReader saxReader = new SAXReader(); - try - { - document = saxReader.read(sr); - } - catch (DocumentException e) - { + SAXReader reader = new SAXReader(); + try { + reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + reader.setFeature("http://xml.org/sax/features/external-general-entities", false); + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + document = reader.read(sr); + } catch (DocumentException | SAXException e) { log.error("解析失败", e); } return null == document ? null : document.getRootElement(); @@ -43,16 +42,12 @@ public class XmlUtil { /** * 获取element对象的text的值 * - * @param em - * 节点的对象 - * @param tag - * 节点的tag + * @param em 节点的对象 + * @param tag 节点的tag * @return 节点 */ - public static String getText(Element em, String tag) - { - if (null == em) - { + public static String getText(Element em, String tag) { + if (null == em) { return null; } Element e = em.element(tag); @@ -63,16 +58,12 @@ public class XmlUtil { /** * 递归解析xml节点,适用于 多节点数据 * - * @param node - * node - * @param nodeName - * nodeName - * @return List> + * @param node node + * @param nodeName nodeName + * @return List> */ - public static List> listNodes(Element node, String nodeName) - { - if (null == node) - { + public static List> listNodes(Element node, String nodeName) { + if (null == node) { return null; } // 初始化返回 @@ -82,12 +73,9 @@ public class XmlUtil { Map map = null; // 遍历属性节点 - for (Attribute attribute : list) - { - if (nodeName.equals(node.getName())) - { - if (null == map) - { + for (Attribute attribute : list) { + if (nodeName.equals(node.getName())) { + if (null == map) { map = new HashMap(); listMap.add(map); } @@ -99,17 +87,19 @@ public class XmlUtil { // 遍历当前节点下的所有节点 ,nodeName 要解析的节点名称 // 使用递归 Iterator iterator = node.elementIterator(); - while (iterator.hasNext()) - { + while (iterator.hasNext()) { Element e = iterator.next(); listMap.addAll(listNodes(e, nodeName)); } return listMap; } - public static Element getRootElement(RequestEvent evt) throws DocumentException { + public static Element getRootElement(RequestEvent evt) throws DocumentException, SAXException { Request request = evt.getRequest(); SAXReader reader = new SAXReader(); + reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + reader.setFeature("http://xml.org/sax/features/external-general-entities", false); + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); reader.setEncoding("gbk"); Document xml = reader.read(new ByteArrayInputStream(request.getRawContent())); return xml.getRootElement();