Pre Merge pull request !46 from 阿斌/N/A

java.text.ParseException: [C@2f1fec26
ID expected
        at gov.nist.core.LexerCore.match(LexerCore.java:229)
        at gov.nist.javax.sdp.parser.OriginFieldParser.originField(OriginFieldParser.java:90)
        at gov.nist.javax.sdp.parser.OriginFieldParser.parse(OriginFieldParser.java:108)
        at gov.nist.javax.sdp.parser.SDPAnnounceParser.parse(SDPAnnounceParser.java:113)
        at javax.sdp.SdpFactory.createSessionDescription(SdpFactory.java:129)
        at com.genersoft.iot.vmp.gb28181.utils.SipUtils.parseSDP(SipUtils.java:229)
        at com.genersoft.iot.vmp.gb28181.transmit.event.request.impl.InviteRequestProcessor.decode(InviteRequestProcessor.java:275)
        at com.genersoft.iot.vmp.gb28181.transmit.event.request.impl.InviteRequestProcessor.process(InviteRequestProcessor.java:125)
        at com.genersoft.iot.vmp.gb28181.transmit.SIPProcessorObserver.processRequest(SIPProcessorObserver.java:71)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:359)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:114)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
        at java.base/java.lang.Thread.run(Thread.java:1583)
java.text.ParseException: o=- ' OR 'a'='a'; -- 1 IN IP4 179.43.150.26
        at gov.nist.javax.sdp.parser.OriginFieldParser.originField(OriginFieldParser.java:103)
        at gov.nist.javax.sdp.parser.OriginFieldParser.parse(OriginFieldParser.java:108)
        at gov.nist.javax.sdp.parser.SDPAnnounceParser.parse(SDPAnnounceParser.java:113)
        at javax.sdp.SdpFactory.createSessionDescription(SdpFactory.java:129)
        at com.genersoft.iot.vmp.gb28181.utils.SipUtils.parseSDP(SipUtils.java:229)
        at com.genersoft.iot.vmp.gb28181.transmit.event.request.impl.InviteRequestProcessor.decode(InviteRequestProcessor.java:275)
        at com.genersoft.iot.vmp.gb28181.transmit.event.request.impl.InviteRequestProcessor.process(InviteRequestProcessor.java:125)
        at com.genersoft.iot.vmp.gb28181.transmit.SIPProcessorObserver.processRequest(SIPProcessorObserver.java:71)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:359)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:114)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
        at java.base/java.lang.Thread.run(Thread.java:1583)


Signed-off-by: 阿斌 <38912748@qq.com>

src/main/java/com/genersoft/iot/vmp/gb28181/event/sip/MessageEvent.java

@@ -22,6 +22,8 @@ public class MessageEvent<T> implements Delayed {
 
     private String result;
 
+    private boolean keepAlive = false;
+
     private T t;
 
     private ErrorCallback<T> callback;

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/CancelRequestProcessor.java

@@ -3,15 +3,22 @@ package com.genersoft.iot.vmp.gb28181.transmit.event.request.impl;
 import com.genersoft.iot.vmp.gb28181.transmit.SIPProcessorObserver;
 import com.genersoft.iot.vmp.gb28181.transmit.event.request.ISIPRequestProcessor;
 import com.genersoft.iot.vmp.gb28181.transmit.event.request.SIPRequestProcessorParent;
+import gov.nist.javax.sip.message.SIPRequest;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import javax.sip.InvalidArgumentException;
 import javax.sip.RequestEvent;
+import javax.sip.SipException;
+import javax.sip.message.Response;
+import java.text.ParseException;
 
 /**
  * SIP命令类型： CANCEL请求
  */
+@Slf4j
 @Component
 public class CancelRequestProcessor extends SIPRequestProcessorParent implements InitializingBean, ISIPRequestProcessor {
 
@@ -34,7 +41,11 @@ public class CancelRequestProcessor extends SIPRequestProcessorParent implements
 	@Override
 	public void process(RequestEvent evt) {
 		// TODO 优先级99 Cancel Request消息实现，此消息一般为级联消息，上级给下级发送请求取消指令
-		
+		try {
+			responseAck((SIPRequest) evt.getRequest(), Response.OK);
+		} catch (SipException | InvalidArgumentException | ParseException e) {
+			log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+		}
 	}
 
 }

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/InviteRequestProcessor.java

@@ -593,7 +593,12 @@ public class InviteRequestProcessor extends SIPRequestProcessorParent implements
                 playService.stopAudioBroadcast(device, deviceChannel);
             }
         } catch (SdpException e) {
-            log.error("[SDP解析异常]", e);
+            log.error("[语音通话] SDP解析异常", e);
+            try {
+                responseAck(request, Response.BAD_REQUEST);
+            } catch (SipException | InvalidArgumentException | ParseException exception) {
+                log.error("[命令发送失败] 来自设备的Invite请求非语音广播 FORBIDDEN: {}", exception.getMessage());
+            }
             playService.stopAudioBroadcast(device, deviceChannel);
         }
     }

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/MessageHandlerAbstract.java

@@ -63,6 +63,11 @@ public abstract class MessageHandlerAbstract extends SIPRequestProcessorParent i
             messageHandler.handForDevice(evt, device, element);
         }else {
             handMessageEvent(element, null);
+            try {
+                responseAck((SIPRequest) evt.getRequest(), Response.OK);
+            } catch (SipException | InvalidArgumentException | ParseException e) {
+                log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+            }
         }
     }
 
@@ -72,6 +77,12 @@ public abstract class MessageHandlerAbstract extends SIPRequestProcessorParent i
         IMessageHandler messageHandler = messageHandlerMap.get(cmd);
         if (messageHandler != null) {
             messageHandler.handForPlatform(evt, parentPlatform, element);
+        }else {
+            try {
+                responseAck((SIPRequest) evt.getRequest(), Response.OK);
+            } catch (SipException | InvalidArgumentException | ParseException e) {
+                log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+            }
         }
     }
 
@@ -87,7 +98,9 @@ public abstract class MessageHandlerAbstract extends SIPRequestProcessorParent i
             }else {
                 subscribe.getCallback().run(ErrorCode.ERROR100.getCode(), ErrorCode.ERROR100.getMsg(), result);
             }
-            messageSubscribe.removeSubscribe(cmd + sn);
+            if (!subscribe.isKeepAlive()) {
+                messageSubscribe.removeSubscribe(cmd + sn);
+            }
         }
     }
 }

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/MessageRequestProcessor.java

@@ -119,7 +119,7 @@ public class MessageRequestProcessor extends SIPRequestProcessorParent implement
                         }else { // 由于上面已经判断都为null则直接返回，所以这里device和parentPlatform必有一个不为null
                             messageHandler.handForPlatform(evt, parentPlatform, rootElement);
                         }
-                        responseAck(request, Response.OK);
+                        // 存在handler则由handler自行决定回复什么。
                     }else {
                         // 不支持的message
                         // 不存在则回复415

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/control/cmd/DeviceControlQueryMessageHandler.java

@@ -63,7 +63,11 @@ public class DeviceControlQueryMessageHandler extends SIPRequestProcessorParent
 
     @Override
     public void handForDevice(RequestEvent evt, Device device, Element element) {
-
+        try {
+            responseAck((SIPRequest) evt.getRequest(), Response.OK);
+        } catch (SipException | InvalidArgumentException | ParseException e) {
+            log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+        }
     }
 
     @Override

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/notify/cmd/BroadcastNotifyMessageHandler.java

@@ -71,7 +71,11 @@ public class BroadcastNotifyMessageHandler extends SIPRequestProcessorParent imp
 
     @Override
     public void handForDevice(RequestEvent evt, Device device, Element element) {
-
+        try {
+            responseAck((SIPRequest) evt.getRequest(), Response.OK);
+        } catch (SipException | InvalidArgumentException | ParseException e) {
+            log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+        }
     }
 
     @Override

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/query/cmd/AlarmQueryMessageHandler.java

@@ -34,7 +34,11 @@ public class AlarmQueryMessageHandler extends SIPRequestProcessorParent implemen
 
     @Override
     public void handForDevice(RequestEvent evt, Device device, Element element) {
-
+        try {
+            responseAck((SIPRequest) evt.getRequest(), Response.OK);
+        } catch (SipException | InvalidArgumentException | ParseException e) {
+            log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+        }
     }
 
     @Override

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/query/cmd/DeviceInfoQueryMessageHandler.java

@@ -55,7 +55,11 @@ public class DeviceInfoQueryMessageHandler extends SIPRequestProcessorParent imp
 
     @Override
     public void handForDevice(RequestEvent evt, Device device, Element rootElement) {
-
+        try {
+            responseAck((SIPRequest) evt.getRequest(), Response.OK);
+        } catch (SipException | InvalidArgumentException | ParseException e) {
+            log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+        }
     }
 
     @Override

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/query/cmd/DeviceStatusQueryMessageHandler.java

@@ -46,7 +46,11 @@ public class DeviceStatusQueryMessageHandler extends SIPRequestProcessorParent i
 
     @Override
     public void handForDevice(RequestEvent evt, Device device, Element element) {
-
+        try {
+            responseAck((SIPRequest) evt.getRequest(), Response.OK);
+        } catch (SipException | InvalidArgumentException | ParseException e) {
+            log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+        }
     }
 
     @Override

src/main/java/com/genersoft/iot/vmp/gb28181/transmit/event/request/impl/message/query/cmd/RecordInfoQueryMessageHandler.java

@@ -65,7 +65,11 @@ public class RecordInfoQueryMessageHandler extends SIPRequestProcessorParent imp
 
     @Override
     public void handForDevice(RequestEvent evt, Device device, Element element) {
-
+        try {
+            responseAck((SIPRequest) evt.getRequest(), Response.OK);
+        } catch (SipException | InvalidArgumentException | ParseException e) {
+            log.error("[命令发送失败] 回复200 OK: {}", e.getMessage());
+        }
     }
 
     @Override

src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java

@@ -206,6 +206,21 @@ public class SipUtils {
 
     public static Gb28181Sdp parseSDP(String sdpStr) throws SdpParseException {
         
+        // 校验：拦截空内容与注入攻击特征
+        if (sdpStr == null || sdpStr.trim().isEmpty()) {
+            throw new SdpParseException(0, 0, "SDP内容为空");
+        }
+        // 标准SDP每行格式固定为 "x=value"，不存在SQL关键字；出现则视为注入攻击
+        String sdpUpper = sdpStr.toUpperCase();
+        if (sdpUpper.contains("' OR '") || sdpUpper.contains("' OR 1") || sdpUpper.contains(" OR 1=1")
+                || sdpUpper.contains("--") || sdpUpper.contains("/*") || sdpUpper.contains("*/")
+                || sdpUpper.contains("DROP ") || sdpUpper.contains("INSERT ") || sdpUpper.contains("UPDATE ")
+                || sdpUpper.contains("DELETE ") || sdpUpper.contains("UNION ") || sdpUpper.contains("SELECT ")) {
+            log.error("[SDP注入攻击] 检测到非法SDP内容，已拒绝解析，内容长度: {}", sdpStr.length());
+            throw new SdpParseException(0, 0, "非法SDP内容");
+        }
+        //校验结束
+
         // jainSip不支持y= f=字段， 移除以解析。
         int ssrcIndex = sdpStr.indexOf("y=");
         int mediaDescriptionIndex = sdpStr.indexOf("f=");

src/main/java/com/genersoft/iot/vmp/service/redisMsg/control/RedisRpcDeviceController.java

@@ -7,10 +7,7 @@ import com.genersoft.iot.vmp.conf.redis.RedisRpcConfig;
 import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcMessage;
 import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcRequest;
 import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcResponse;
-import com.genersoft.iot.vmp.gb28181.bean.BasicParam;
-import com.genersoft.iot.vmp.gb28181.bean.Device;
-import com.genersoft.iot.vmp.gb28181.bean.DeviceConfigAware;
-import com.genersoft.iot.vmp.gb28181.bean.SyncStatus;
+import com.genersoft.iot.vmp.gb28181.bean.*;
 import com.genersoft.iot.vmp.gb28181.service.IDeviceService;
 import com.genersoft.iot.vmp.service.redisMsg.dto.RedisRpcController;
 import com.genersoft.iot.vmp.service.redisMsg.dto.RedisRpcMapping;