Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Fix NullPointerException in WxOpenXmlMessage.fromEncryptedXml method #3708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 2 commits into develop
base: develop
Choose a base branch
Loading
from copilot/fix-3700

Conversation

Copy link
Contributor

@Copilot Copilot AI commented Sep 22, 2025
edited
Loading

The WxOpenXmlMessage.fromEncryptedXml() method was vulnerable to NullPointerException when processing encrypted WeChat Open Platform messages, particularly affecting receive_ticket functionality that worked in 4.7.6.B but failed in 4.7.7.B.

Root Cause Analysis

The issue occurred in two scenarios:

  1. In fromXml() method: If the decrypted XML content was null, calling xml.replace("</PicList><PicList>", "") would throw NullPointerException
  2. In fromEncryptedXml() method: No validation was performed on the decrypted content before passing it to fromXml()

Changes Made

Added null safety to fromXml() method:

public static WxOpenXmlMessage fromXml(String xml) {
 //修改微信变态的消息内容格式,方便解析
 if (xml != null) {
 xml = xml.replace("</PicList><PicList>", "");
 }
 return XStreamTransformer.fromXml(WxOpenXmlMessage.class, xml);
}

Added validation and error handling to fromEncryptedXml():

public static WxOpenXmlMessage fromEncryptedXml(String encryptedXml, WxOpenConfigStorage wxOpenConfigStorage,
 String timestamp, String nonce, String msgSignature) {
 WxOpenCryptUtil cryptUtil = new WxOpenCryptUtil(wxOpenConfigStorage);
 String plainText = cryptUtil.decryptXml(msgSignature, timestamp, nonce, encryptedXml);
 log.debug("解密后的原始xml消息内容:{}", plainText);
 
 if (plainText == null || plainText.trim().isEmpty()) {
 throw new WxRuntimeException("解密后的xml消息内容为空,请检查加密参数是否正确");
 }
 
 WxOpenXmlMessage wxOpenXmlMessage = fromXml(plainText);
 wxOpenXmlMessage.setContext(plainText);
 return wxOpenXmlMessage;
}

Benefits

  • Prevents crashes: Eliminates NullPointerException when processing encrypted messages
  • Better debugging: Provides clear error messages when decryption fails, helping developers identify configuration issues
  • Backward compatible: Existing working code continues to function normally
  • Defensive programming: Follows best practices for null safety

The fix is minimal and surgical, addressing only the error-prone code paths while maintaining all existing functionality.

Fixes #3700.

💬 Share your feedback on Copilot coding agent for the chance to win a 200ドル gift card! Click here to start the survey.

 

Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
@Copilot Copilot AI changed the title (削除) [WIP] 开放平台receive_ticket时候发生错误 4.7.7.B报错 4.7.6.B正常。 (削除ここまで) (追記) Fix NullPointerException in WxOpenXmlMessage.fromEncryptedXml method (追記ここまで) Sep 22, 2025
Copilot finished work on behalf of binarywang September 22, 2025 16:38
@binarywang binarywang marked this pull request as ready for review September 24, 2025 13:44
@binarywang binarywang added this to the 4.7.9 milestone Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binarywang binarywang Awaiting requested review from binarywang

Labels
None yet
Projects
None yet
Milestone
4.7.9
Development

Successfully merging this pull request may close these issues.

开放平台receive_ticket时候发生错误 4.7.7.B报错 4.7.6.B正常。

AltStyle によって変換されたページ (->オリジナル) /