The producer crashes and restarts if its NIST NVD downloads don't work, which happens now-and-then due to internet issues beyond our control. It would be better if the producer didn't crash though :-)
Example:
[2021-06-14 11:16:42,710] [DEBUG] [main] [o.o.d.u.SSLSocketFactoryEx] - TLSv1.3
org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2002.json.gz' to '/mnt/fasten/vuln/producer/nvd/nvdcve-1.1-2002.json.gz'
at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:98)
at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:74)
at eu.fasten.vulnerabilityproducer.utils.parsers.NVDParser.downloadCVEs(NVDParser.java:115)
at eu.fasten.vulnerabilityproducer.utils.parsers.NVDParser.getVulnerabilities(NVDParser.java:226)
at eu.fasten.vulnerabilityproducer.utils.parsers.ParserManager.getVulnerabilitiesFromParsers(ParserManager.java:95)
at eu.fasten.vulnerabilityproducer.VulnerabilityProducer.start(VulnerabilityProducer.java:111)
at eu.fasten.vulnerabilityproducer.Main.run(Main.java:134)
at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at eu.fasten.vulnerabilityproducer.Main.main(Main.java:82)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2002.json.gz; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138)
at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:94)
... 13 more
Caused by: java.net.UnknownHostException: nvd.nist.gov
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:220)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:265)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:203)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:189)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178)
... 15 more
java.lang.NullPointerException
at eu.fasten.vulnerabilityproducer.utils.parsers.NVDParser.getVulnerabilities(NVDParser.java:231)
at eu.fasten.vulnerabilityproducer.utils.parsers.ParserManager.getVulnerabilitiesFromParsers(ParserManager.java:95)
at eu.fasten.vulnerabilityproducer.VulnerabilityProducer.start(VulnerabilityProducer.java:111)
at eu.fasten.vulnerabilityproducer.Main.run(Main.java:134)
at picocli.CommandLine.executeUserObject(CommandLine.java:1729)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at eu.fasten.vulnerabilityproducer.Main.main(Main.java:82)
The producer crashes and restarts if its NIST NVD downloads don't work, which happens now-and-then due to internet issues beyond our control. It would be better if the producer didn't crash though :-)
Example: