DependencyCheck
DependencyCheck copied to clipboard
Published
20 hours ago •
jeremylong
jeremylong
403 response on BitBucket pipeline
trafficstars
Hi. I upgrade to version 9.03 and everything was working fine. In fact, a local maven build still works fine on 9.0.3 (with a NVD API key). However, running the build pipeline on BitBucket this afternoon and I started getting the following error(s):
[ERROR] Failed to process CVE-2012-0593
java.lang.NullPointerException: Cannot invoke "org.apache.commons.dbcp2.BasicDataSource.getConnection()" because "this.connectionPool" is null
at org.owasp.dependencycheck.data.nvdcve.DatabaseManager.getConnection (DatabaseManager.java:572)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateOrInsertVulnerability (CveDB.java:941)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:866)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProce[ERROR] Failed Fto execute goasl org.owasp:dependency-check-maven:9.0.7:check (default) on project kunveno-parent: Fatal exception(s) analyzing Kunveno Platform Parent BoM: One or more exceptions occurred during analysis:
.[ERROR] UpdateException: org.h2.jdbc.JdbcBatchUpdateException: The database has been closed [90098-214]
[ERROuR] caused by JdbcBatchUpdateException: The database has been closed [90098-214]
[ERROR] NoDataException: No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
ssor.call (NvdApiProcessor.java:98)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:33)
at java.util.concurrent.FutureTask.run (FutureTask.java:264)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1135)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:635)
at java.lang.Thread.run (Thread.java:831)
[ERROR] Failed to process CVE-2012-0594
java.lang.NullPointerException: Cannot invoke "org.apache.commons.dbcp2.BasicDataSource.getConnection()" because "this.connectionPool" is null
at org.owasp.dependencycheck.data.nvdcve.DatabaseManager.getConnection (DatabaseManager.java:572)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateOrInsertVulnerability (CveDB.java:941)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:866)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:98)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:33)
at java.util.concurrent.FutureTask.run (FutureTask.java:264)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1135)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:635)
at java.lang.Thread.run (Thread.java:831)
I have upgraded to 9.0.7 and the same is still happening. I've tried to request a new API key (based on the fact this command returns a 400 Bad request:
curl -H "Accept: application/json" -H "apiKey: 5ad8502e-c73e-4910-9e6e-41e51bdbb56b" -v https://services.nvd.nist.gov/rest/json/cves/2.0\?cpeName\=cpe:2.3:o:microsoft:windows_10:1607:\*:\*:\*:\*:\*:\*:\*
But with the new key, the above command still returns a 400 Bad Request
I now don't know which issue is the actual problem!
Thanks
The command you posted - with your API key works fine from my machine. Not sure what else you have in your network?
