Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors with --nvdDatafeed parameter #6279

Closed
Muskan-0618 opened this issue Dec 12, 2023 · 5 comments
Closed

Errors with --nvdDatafeed parameter #6279

Muskan-0618 opened this issue Dec 12, 2023 · 5 comments
Labels
duplicate question

Comments

@Muskan-0618
Copy link

With earlier versions upto 8.4.3, storing the nvd data mirror, created using https://github.com/stevespringett/nist-data-mirror/, in a git repository and using that repo with --cveUrlBase and --cveUrlModified was working.
But now, storing the data, generated through vulnz tool, in github and using that URL as an input to --nvdDatafeed flag is not working.
Getting this error -
[ERROR] Unable to download the NVD API cache.properties
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download the NVD API cache.properties
at org.owasp.dependencycheck.data.update.NvdApiDataSource.getRemoteCacheProperties(NvdApiDataSource.java:558)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processDatafeed(NvdApiDataSource.java:130)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:108)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:878)
at org.owasp.dependencycheck.App.runUpdateOnly(App.java:427)
at org.owasp.dependencycheck.App.run(App.java:172)
at org.owasp.dependencycheck.App.main(App.java:89)
Caused by: org.owasp.dependencycheck.utils.ResourceNotFoundException: Requested resource does not exist - received a 404
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:233)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:183)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.getRemoteCacheProperties(NvdApiDataSource.java:551)
... 7 common frames omitted
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (240 ms)
[ERROR] Unable to download the NVD API cache.properties

No documentation exists for the usage of the --nvdDatafeed flag. What could be the reason for this error and its solution?
@ibulic00
Copy link

got the same error on 9.0.4, on 9.0.3 it works

@Muskan-0618
Copy link
Author

got the same error on 9.0.4, on 9.0.3 it works

@ibulic00 Could you please tell me where you have hosted the data that you downloaded from the Vulnz CLI tool?

@jeremylong
Copy link
Owner

Depending on how you are hosting the cache - the cache.properties may not be served by the HTTP server. If you are using vulnz 5.1.0 or newer to create the cache PR #6282 should resolve the issue. I'll release the updated version soon.

@jeremylong
Copy link
Owner

Also - you may need to quote the URL per #6251 (comment).

@Muskan-0618
Copy link
Author

Muskan-0618 commented Dec 12, 2023
edited

Getting the same error after adding quotes as well.
Command that I am using is -
./dependency-check/bin/dependency-check --updateonly --data NVD-DATA/ --nvdDatafeed “https://[github url]/NVD-DATA/blob/master/nvdcve-{0}.json.gz”

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeremylong @ibulic00 @Muskan-0618