Skip to content

Fix NullPointerException in WxOpenXmlMessage.fromEncryptedXml method #3708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Fix NullPointerException in WxOpenXmlMessage.fromEncryptedXml method #3708

wants to merge 2 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Sep 22, 2025
edited
Loading

The WxOpenXmlMessage.fromEncryptedXml() method was vulnerable to NullPointerException when processing encrypted WeChat Open Platform messages, particularly affecting receive_ticket functionality that worked in 4.7.6.B but failed in 4.7.7.B.

Root Cause Analysis

The issue occurred in two scenarios:

  1. In fromXml() method: If the decrypted XML content was null, calling xml.replace("</PicList><PicList>", "") would throw NullPointerException
  2. In fromEncryptedXml() method: No validation was performed on the decrypted content before passing it to fromXml()

Changes Made

Added null safety to fromXml() method:

public static WxOpenXmlMessage fromXml(String xml) {
  //修改微信变态的消息内容格式,方便解析
  if (xml != null) {
    xml = xml.replace("</PicList><PicList>", "");
  }
  return XStreamTransformer.fromXml(WxOpenXmlMessage.class, xml);
}

Added validation and error handling to fromEncryptedXml():

public static WxOpenXmlMessage fromEncryptedXml(String encryptedXml, WxOpenConfigStorage wxOpenConfigStorage,
                                                String timestamp, String nonce, String msgSignature) {
  WxOpenCryptUtil cryptUtil = new WxOpenCryptUtil(wxOpenConfigStorage);
  String plainText = cryptUtil.decryptXml(msgSignature, timestamp, nonce, encryptedXml);
  log.debug("解密后的原始xml消息内容:{}", plainText);
  
  if (plainText == null || plainText.trim().isEmpty()) {
    throw new WxRuntimeException("解密后的xml消息内容为空,请检查加密参数是否正确");
  }
  
  WxOpenXmlMessage wxOpenXmlMessage = fromXml(plainText);
  wxOpenXmlMessage.setContext(plainText);
  return wxOpenXmlMessage;
}

Benefits

  • Prevents crashes: Eliminates NullPointerException when processing encrypted messages
  • Better debugging: Provides clear error messages when decryption fails, helping developers identify configuration issues
  • Backward compatible: Existing working code continues to function normally
  • Defensive programming: Follows best practices for null safety

The fix is minimal and surgical, addressing only the error-prone code paths while maintaining all existing functionality.

Fixes #3700.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot @binarywang
Fix NullPointerException in WxOpenXmlMessage.fromEncryptedXml method
81291e5 
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] 开放平台receive_ticket时候发生错误 4.7.7.B报错 4.7.6.B正常。 Fix NullPointerException in WxOpenXmlMessage.fromEncryptedXml method Sep 22, 2025
@Copilot Copilot AI requested a review from binarywang September 22, 2025 16:38
Copilot finished work on behalf of binarywang September 22, 2025 16:38
@binarywang binarywang marked this pull request as ready for review September 24, 2025 13:44
@binarywang binarywang mentioned this pull request Sep 24, 2025
Open
@binarywang binarywang added this to the 4.7.9 milestone Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binarywang binarywang Awaiting requested review from binarywang

Assignees

@binarywang binarywang

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
4.7.9
Development

Successfully merging this pull request may close these issues.

开放平台receive_ticket时候发生错误 4.7.7.B报错 4.7.6.B正常。
2 participants
@Copilot @binarywang