XXE漏洞修复

gyj-iot-boot/gyjiot-server/sip-server/src/main/java/com/gyjiot/sip/handler/req/ReqAbstractHandler.java

@@ -13,6 +13,7 @@ import org.dom4j.Element;
 import org.dom4j.io.SAXReader;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.xml.sax.SAXException;
 
 import javax.sip.*;
 import javax.sip.address.Address;
@@ -118,15 +119,18 @@ public abstract class ReqAbstractHandler {
         return response;
     }
 
-    public Element getRootElement(RequestEvent evt) throws DocumentException {
+    public Element getRootElement(RequestEvent evt) throws DocumentException, SAXException {
         return getRootElement(evt, "gb2312");
     }
-    public Element getRootElement(RequestEvent evt, String charset) throws DocumentException {
+    public Element getRootElement(RequestEvent evt, String charset) throws DocumentException, SAXException {
         if (charset == null) {
             charset = "gb2312";
         }
         Request request = evt.getRequest();
         SAXReader reader = new SAXReader();
+        reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
         reader.setEncoding(charset);
         // 对海康出现的未转义字符做处理。
         String[] destStrArray = new String[]{"<",">","&","'","""};

gyj-iot-boot/gyjiot-server/sip-server/src/main/java/com/gyjiot/sip/handler/req/message/MessageRequestProcessor.java

@@ -13,6 +13,7 @@ import org.dom4j.Element;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.xml.sax.SAXException;
 
 import javax.sip.InvalidArgumentException;
 import javax.sip.RequestEvent;
@@ -85,7 +86,7 @@ public class MessageRequestProcessor extends ReqAbstractHandler implements Initi
             log.warn("SIP 回复错误", e);
         } catch (InvalidArgumentException e) {
             log.warn("参数无效", e);
-        } catch (ParseException e) {
+        } catch (ParseException | SAXException e) {
             log.warn("SIP回复时解析异常", e);
         }
     }

gyj-iot-boot/gyjiot-server/sip-server/src/main/java/com/gyjiot/sip/handler/req/message/notify/cmdType/KeepaliveHandler.java

@@ -16,6 +16,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
+import org.xml.sax.SAXException;
 
 import javax.sip.InvalidArgumentException;
 import javax.sip.RequestEvent;
@@ -68,7 +69,7 @@ public class KeepaliveHandler extends ReqAbstractHandler implements Initializing
                 responseAck(evt);
             }
 
-        } catch (ParseException | SipException | InvalidArgumentException | DocumentException e) {
+        } catch (ParseException | SipException | InvalidArgumentException | DocumentException | SAXException e) {
             e.printStackTrace();
         }
     }

gyj-iot-boot/gyjiot-server/sip-server/src/main/java/com/gyjiot/sip/handler/req/message/response/cmdType/CatalogHandler.java

@@ -17,6 +17,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
+import org.xml.sax.SAXException;
 
 import javax.sip.InvalidArgumentException;
 import javax.sip.RequestEvent;
@@ -199,7 +200,7 @@ public class CatalogHandler extends ReqAbstractHandler implements InitializingBe
                 responseAck(evt);
             }
 
-        } catch (ParseException | SipException | InvalidArgumentException | DocumentException e) {
+        } catch (ParseException | SipException | InvalidArgumentException | DocumentException | SAXException e) {
             e.printStackTrace();
         }
     }

gyj-iot-boot/gyjiot-server/sip-server/src/main/java/com/gyjiot/sip/handler/req/message/response/cmdType/DeviceInfoHandler.java

@@ -13,6 +13,7 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
+import org.xml.sax.SAXException;
 
 import javax.sip.InvalidArgumentException;
 import javax.sip.RequestEvent;
@@ -48,7 +49,7 @@ public class DeviceInfoHandler extends ReqAbstractHandler implements Initializin
             // 回复200 OK
             responseAck(evt);
 
-        } catch (DocumentException | SipException | InvalidArgumentException | ParseException e) {
+        } catch (DocumentException | SipException | InvalidArgumentException | ParseException | SAXException e) {
             e.printStackTrace();
         }
     }

gyj-iot-boot/gyjiot-server/sip-server/src/main/java/com/gyjiot/sip/util/XmlUtil.java

@@ -6,6 +6,7 @@ import org.dom4j.Document;
 import org.dom4j.DocumentException;
 import org.dom4j.Element;
 import org.dom4j.io.SAXReader;
+import org.xml.sax.SAXException;
 
 import javax.sip.RequestEvent;
 import javax.sip.message.Request;
@@ -28,13 +29,13 @@ public class XmlUtil {
         Document document = null;
         //
         StringReader sr = new StringReader(xml);
-        SAXReader saxReader = new SAXReader();
-        try
-        {
-            document = saxReader.read(sr);
-        }
-        catch (DocumentException e)
-        {
+        SAXReader reader = new SAXReader();
+        try {
+            reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            document = reader.read(sr);
+        } catch (DocumentException | SAXException e) {
             log.error("解析失败", e);
         }
         return null == document ? null : document.getRootElement();
@@ -107,9 +108,12 @@ public class XmlUtil {
         return listMap;
     }
 
-    public static Element getRootElement(RequestEvent evt) throws DocumentException {
+    public static Element getRootElement(RequestEvent evt) throws DocumentException, SAXException {
         Request request = evt.getRequest();
         SAXReader reader = new SAXReader();
+        reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
         reader.setEncoding("gbk");
         Document xml = reader.read(new ByteArrayInputStream(request.getRawContent()));
         return xml.getRootElement();