Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ERROR] Error updating the NVD Data & [ERROR] Failed to initialize the RetireJS repo & Host name must not contain blanks #7163

Open
hoangtubongdem153 opened this issue Nov 15, 2024 · 2 comments
Open

[ERROR] Error updating the NVD Data & [ERROR] Failed to initialize the RetireJS repo & Host name must not contain blanks #7163

hoangtubongdem153 opened this issue Nov 15, 2024 · 2 comments
Labels
question

Comments

@hoangtubongdem153
Copy link

Dear Jeremylong and team OWASP Dependency-check,
I am using tools now and get error as follow, i am looking for a solution to this problem and am stuck for about a week. I installed it and ran it on my personal computer at home without any errors, but when I ran it on my company computer (my company computer has configured the proxy using JAVA_TOOL_OPTIONS), I got the errors as below, please help me. 😭

C:\Users\VTT-\Downloads>dependency-check --scan TTDVTH-154 --nvdApiKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Picked up JAVA_TOOL_OPTIONS: "-Dhttps.proxyHost=x.x.x.x -Dhttps.proxyPort=xxxx"
[INFO] Checking for updates
[ERROR] Error updating the NVD Data org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:397) at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:117) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637) at org.owasp.dependencycheck.App.runScan(App.java:266) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90)
Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryExceededException: NVD Update Failed: attempted to retrieve data from the NVD unsuccessfully five times. at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:336) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:423) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:423) at

org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:353) ... 7 common frames omitted
[ERROR] Failed to initialize the RetireJS repo org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:142) at
org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to 'C:\Users\VTT-\Documents\attt_tungtt53\dependency-check\data\jsrepository.json'; Host name must not contain blanks at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:322) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:281) at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:140) ... 7 common frames omitted
Caused by: java.lang.IllegalArgumentException: Host name must not contain blanks
at org.apache.hc.core5.util.Args.containsNoBlanks(Args.java:93) at org.apache.hc.core5.http.HttpHost.(HttpHost.java:84) at org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner.determineProxy(SystemDefaultRoutePlanner.java:100) at org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:84) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:161) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:307) ... 9 common frames omitted [WARN] Failed to update hosted suppressions file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to update the hosted suppressions file at org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource.fetchHostedSuppressions(HostedSuppressionsDataSource.java:137) at org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource.update(HostedSuppressionsDataSource.java:78) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637) at org.owasp.dependencycheck.App.runScan(App.java:266) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90) Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml' to 'C:\Users\VTT-\Documents\attt_tungtt53\dependency-check\data\publishedSuppressions.xml'; Host name must not contain blanks at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:322) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:281) at org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource.fetchHostedSuppressions(HostedSuppressionsDataSource.java:135) ... 7 common frames omitted Caused by: java.lang.IllegalArgumentException: Host name must not contain blanks at org.apache.hc.core5.util.Args.containsNoBlanks(Args.java:93) at org.apache.hc.core5.http.HttpHost.(HttpHost.java:84) at org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner.determineProxy(SystemDefaultRoutePlanner.java:100) at org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:84) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:161) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:307) ... 9 common frames omitted [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json [ERROR] java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks org.owasp.dependencycheck.data.update.exception.UpdateException: java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update(KnownExploitedDataSource.java:105) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637) at org.owasp.dependencycheck.App.runScan(App.java:266) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90) Caused by: java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks at org.owasp.dependencycheck.utils.Downloader.fetchAndHandle(Downloader.java:584) at org.owasp.dependencycheck.utils.Downloader.fetchAndHandle(Downloader.java:511) at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update(KnownExploitedDataSource.java:96) ... 6 common frames omitted Caused by: java.lang.IllegalArgumentException: Host name must not contain blanks at org.apache.hc.core5.util.Args.containsNoBlanks(Args.java:93) at org.apache.hc.core5.http.HttpHost.(HttpHost.java:84) at org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner.determineProxy(SystemDefaultRoutePlanner.java:100) at org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:84) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:161) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162) at org.owasp.dependencycheck.utils.Downloader.fetchAndHandle(Downloader.java:568) ... 8 common frames omitted [WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. [ERROR] Unable to continue dependency-check analysis. [ERROR] One or more fatal errors occurred [ERROR] java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks [ERROR] No documents exist
@aikebah
Copy link
Collaborator

aikebah commented Nov 17, 2024

Doublecheck your proxyHost variable as set in JAVA_TOOL_OPTIONS. From the stack trace and error message it appears that your proxyHost contains invalid characters.

@aikebah aikebah added question and removed bug labels Nov 17, 2024
@hoangtubongdem153
Copy link
Author

Doublecheck your proxyHost variable as set in JAVA_TOOL_OPTIONS. From the stack trace and error message it appears that your proxyHost contains invalid characters.

I have check and i see no error in setting proxy in JAVA_TOOL_OPTIONS, file log are below:
error_dependency_check.txt

Please help me. I installed it on my laptop at home and it ran very smoothly, but in desktop in my company (it has proxy has been set with JAVA_TOOL_OPTIONS ), but it still not work, please help me 😭😭😭

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aikebah @hoangtubongdem153