fasten-project/vulnerability-producer

Producer crashes when NIST cannot be reached

Opened this issue · 0 comments

MagielBruntink commented

The producer crashes and restarts if its NIST NVD downloads don't work, which happens now-and-then due to internet issues beyond our control. It would be better if the producer didn't crash though :-)

Example:

[2021-06-14 11:16:42,710] [DEBUG] [main] [o.o.d.u.SSLSocketFactoryEx] - TLSv1.3
org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2002.json.gz' to '/mnt/fasten/vuln/producer/nvd/nvdcve-1.1-2002.json.gz'
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:98)
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:74)
	at eu.fasten.vulnerabilityproducer.utils.parsers.NVDParser.downloadCVEs(NVDParser.java:115)
	at eu.fasten.vulnerabilityproducer.utils.parsers.NVDParser.getVulnerabilities(NVDParser.java:226)
	at eu.fasten.vulnerabilityproducer.utils.parsers.ParserManager.getVulnerabilitiesFromParsers(ParserManager.java:95)
	at eu.fasten.vulnerabilityproducer.VulnerabilityProducer.start(VulnerabilityProducer.java:111)
	at eu.fasten.vulnerabilityproducer.Main.run(Main.java:134)
	at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
	at picocli.CommandLine.access$900(CommandLine.java:145)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
	at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
	at picocli.CommandLine.execute(CommandLine.java:1864)
	at eu.fasten.vulnerabilityproducer.Main.main(Main.java:82)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2002.json.gz; unable to connect.
	at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238)
	at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138)
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:94)
	... 13 more
Caused by: java.net.UnknownHostException: nvd.nist.gov
	at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:220)
	at java.base/java.net.Socket.connect(Socket.java:609)
	at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
	at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:265)
	at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:203)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:189)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
	at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178)
	... 15 more
java.lang.NullPointerException
	at eu.fasten.vulnerabilityproducer.utils.parsers.NVDParser.getVulnerabilities(NVDParser.java:231)
	at eu.fasten.vulnerabilityproducer.utils.parsers.ParserManager.getVulnerabilitiesFromParsers(ParserManager.java:95)
	at eu.fasten.vulnerabilityproducer.VulnerabilityProducer.start(VulnerabilityProducer.java:111)
	at eu.fasten.vulnerabilityproducer.Main.run(Main.java:134)
	at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
	at picocli.CommandLine.access$900(CommandLine.java:145)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
	at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
	at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
	at picocli.CommandLine.execute(CommandLine.java:1864)
	at eu.fasten.vulnerabilityproducer.Main.main(Main.java:82)