project-kb icon indicating copy to clipboard operation
project-kb copied to clipboard

Published 20 hours ago verified publisher icon SAP

Backend cannot process request when too many candidates are provided

Open copernico opened this issue 2 years ago • 1 comments

I tried to run the following:

python client/cli/main.py CVE-2021-30468 --use-nvd --repository https://github.com/apache/cxf --report html --max-candidates=3000

which produces 2346 candidates. The resulting request to the backend is a very long URL, that the backend cannot process correctly. The backend logs look like this:

INFO:     172.20.0.1:60878 - "GET /nvd/vulnerabilities/CVE-2021-30468 HTTP/1.1" 404 Not Found
WARNING:  Invalid HTTP request received.
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/uvicorn/protocols/http/h11_impl.py", line 136, in handle_events
    event = self.conn.next_event()
  File "/usr/local/lib/python3.8/site-packages/h11/_connection.py", line 476, in next_event
    raise RemoteProtocolError(
h11._util.RemoteProtocolError: Receive buffer too long

copernico avatar Oct 08 '22 12:10 copernico

I think we need to find a reasonable threesold and split into multiple requests. I noticed the same problem also with the 869 commits of:

CVE-2021-29425 --repository https://github.com/apache/commons-io

Alternatively there's an option to increase the buffer size according to our needs:

https://github.com/encode/uvicorn/pull/1514

sacca97 avatar Oct 08 '22 13:10 sacca97

Fixed with #342

sacca97 avatar Nov 04 '22 08:11 sacca97