Problem with using the --nvdDatafeed parameter #6251
Comments
|
See #6243. Some web servers may not serve *.properties files by default. I'm likely going to stop using the cache.properties file and just rely on the traditional meta files which are being generated in 5.1.0 of the vulnz tool. But for now - I'd check the server configuration to ensure the properties file can be served by the web server. |
|
Same error here. Local mirror set up, with nvd files going to a |
|
@kirks it's not that I don't believe you - it is just that no current code path would not create this condition. |
|
New param had to be quoted in powershell now after switching date param from |
|
Depending on how you are hosting the cache - the cache.properties may not be served by the HTTP server. If you are using vulnz 5.1.0 or newer to create the cache PR #6282 should resolve the issue. I'll release the updated version soon. |
Now with dependency-check version 9.3.0, the issue has been found with the parameter --nvdDatafeed
dependency-check.sh --project UI -s ./ui -o ./ui -f HTML -f JSON --retireJsUrl https://vuln-db-mirror.xxxxxxx.net/jsrepository.json --nvdDatafeed https://vuln-db-mirror.xxxxxxx.net/nvdcve-{0}.json.gz --suppression ./build/suppression.xml --hostedSuppressionsUrl https://vuln-db-mirror.axxxxxx.net/publishedSuppressions.xml --kevURL https://vuln-db-mirror.xxxxxxxx.net/known_exploited_vulnerabilities.json
Picked up _JAVA_OPTIONS:
[INFO] Checking for updates
[ERROR] Unable to download the NVD API cache.properties
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download the NVD API cache.properties
at org.owasp.dependencycheck.data.update.NvdApiDataSource.getRemoteCacheProperties(NvdApiDataSource.java:558)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processDatafeed(NvdApiDataSource.java:130)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:108)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637)
at org.owasp.dependencycheck.App.runScan(App.java:262)
at org.owasp.dependencycheck.App.run(App.java:194)
at org.owasp.dependencycheck.App.main(App.java:89)
Caused by: org.owasp.dependencycheck.utils.ResourceNotFoundException: Requested resource does not exist - received a 404
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:233)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:183)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.getRemoteCacheProperties(NvdApiDataSource.java:551)
... 8 common frames omitted
[INFO] Updating CISA Known Exploited Vulnerability list: https://vuln-db-mirror.xxxxxxxx.net/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (239 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Unable to download the NVD API cache.properties
[ERROR] No documents exist What can be the problem?
The text was updated successfully, but these errors were encountered: