tbdavid94
commented
9 months ago @nakatani2023 Do you get this error when calling cli python3 dagda.py vuln --product openldap --product_version 10
{ "err": 500, "msg": "Internal Server Error" }
Open nakatani2023 opened 9 months ago
tbdavid94
commented
9 months ago @nakatani2023 Do you get this error when calling cli python3 dagda.py vuln --product openldap --product_version 10
{ "err": 500, "msg": "Internal Server Error" }
nakatani2023
commented
9 months ago @tbdavid94 Thank you for your comment. Yes, The same message occurs in my environment. And logs is pretty much the same as you.
And, in the log below that you describe, "dagda/vulnDB /db_composer.py'', we found that the URL link in the vulnerability database acquisition code was broken from line 81 onwards. At init, I jump to an exception before downloading the vuln_database.bid data, so I think the data is not stored in mongodb and this error is occurring.
dagda | pymongo.errors.OperationFailure: text index required for $text query (no such collection 'vuln_database.bid'), full error: {'ok': 0.0, 'errmsg': "text index required for $text query (no such collection 'vuln_database.bid')", 'code': 27, 'codeName': 'IndexNotFound'}
The inspection shows the package-specific JSON in the container image, but does not detect any vulnerabilities or malware.
Investigation result: Symptoms #107 and #109 are also occurring, and when I investigated, the amount of data downloaded to vulndb at init always ends after around 170MB.
Looking at the source code, it seems that the URL for acquiring collection data other than cve and cve_info is a broken link, and an exception occurs when empty data is entered in the list, causing initialization to end prematurely.
Request matters: I am unable to find the source to retrieve the vulnerability database and the initialization is failing. Could you please maintain the vulnerability database retrieval program?
I think #107 and #109 will also be resolved with this response. Thank you for your support.