search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.47k stars 1.29k forks source link

[ERROR] Error updating the NVD Data & [ERROR] Failed to initialize the RetireJS repo & Host name must not contain blanks #7163

Open hoangtubongdem153 opened 1 week ago

hoangtubongdem153 commented 1 week ago

Dear Jeremylong and team OWASP Dependency-check, I am using tools now and get error as follow, i am looking for a solution to this problem and am stuck for about a week. I installed it and ran it on my personal computer at home without any errors, but when I ran it on my company computer (my company computer has configured the proxy using JAVA_TOOL_OPTIONS), I got the errors as below, please help me. 😭

C:\Users\VTT-\Downloads>dependency-check --scan TTDVTH-154 --nvdApiKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Picked up JAVA_TOOL_OPTIONS: "-Dhttps.proxyHost=x.x.x.x -Dhttps.proxyPort=xxxx"
[INFO] Checking for updates
[ERROR] Error updating the NVD Data org.owasp.dependencycheck.data.update.exception.UpdateException: Error updating the NVD Data at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:397) at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:117) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637) at org.owasp.dependencycheck.App.runScan(App.java:266) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90)
Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiRetryExceededException: NVD Update Failed: attempted to retrieve data from the NVD unsuccessfully five times. at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:336) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:423) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next(NvdCveClient.java:423) at

org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi(NvdApiDataSource.java:353) ... 7 common frames omitted [ERROR] Failed to initialize the RetireJS repo org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:142) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90) **Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy** 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to 'C:\Users\VTT-\Documents\attt_tungtt53\dependency-check\data\jsrepository.json'; **Host name must not contain blanks** at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:322) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:281) at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:140) ... 7 common frames omitted **Caused by: java.lang.IllegalArgumentException: Host name must not contain blanks** at org.apache.hc.core5.util.Args.containsNoBlanks(Args.java:93) at org.apache.hc.core5.http.HttpHost.(HttpHost.java:84) at org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner.determineProxy(SystemDefaultRoutePlanner.java:100) at org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:84) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:161) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:307) ... 9 common frames omitted [WARN] Failed to update hosted suppressions file, results may contain false positives already resolved by the DependencyCheck project org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to update the hosted suppressions file at org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource.fetchHostedSuppressions(HostedSuppressionsDataSource.java:137) at org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource.update(HostedSuppressionsDataSource.java:78) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637) at org.owasp.dependencycheck.App.runScan(App.java:266) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90) Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml' to 'C:\Users\VTT-\Documents\attt_tungtt53\dependency-check\data\publishedSuppressions.xml'; Host name must not contain blanks at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:322) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:281) at org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource.fetchHostedSuppressions(HostedSuppressionsDataSource.java:135) ... 7 common frames omitted Caused by: java.lang.IllegalArgumentException: Host name must not contain blanks at org.apache.hc.core5.util.Args.containsNoBlanks(Args.java:93) at org.apache.hc.core5.http.HttpHost.(HttpHost.java:84) at org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner.determineProxy(SystemDefaultRoutePlanner.java:100) at org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:84) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:161) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162) at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:307) ... 9 common frames omitted [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json [ERROR] java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks org.owasp.dependencycheck.data.update.exception.UpdateException: java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update(KnownExploitedDataSource.java:105) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637) at org.owasp.dependencycheck.App.runScan(App.java:266) at org.owasp.dependencycheck.App.run(App.java:198) at org.owasp.dependencycheck.App.main(App.java:90) Caused by: java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks at org.owasp.dependencycheck.utils.Downloader.fetchAndHandle(Downloader.java:584) at org.owasp.dependencycheck.utils.Downloader.fetchAndHandle(Downloader.java:511) at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update(KnownExploitedDataSource.java:96) ... 6 common frames omitted Caused by: java.lang.IllegalArgumentException: Host name must not contain blanks at org.apache.hc.core5.util.Args.containsNoBlanks(Args.java:93) at org.apache.hc.core5.http.HttpHost.(HttpHost.java:84) at org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner.determineProxy(SystemDefaultRoutePlanner.java:100) at org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:84) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.determineRoute(InternalHttpClient.java:124) at org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:161) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:245) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:188) at org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:162) at org.owasp.dependencycheck.utils.Downloader.fetchAndHandle(Downloader.java:568) ... 8 common frames omitted [WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. [ERROR] Unable to continue dependency-check analysis. [ERROR] One or more fatal errors occurred [ERROR] java.io.IOException: Download failed, unable to retrieve and parse 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'; Host name must not contain blanks [ERROR] No documents exist
aikebah commented 1 week ago

Doublecheck your proxyHost variable as set in JAVA_TOOL_OPTIONS. From the stack trace and error message it appears that your proxyHost contains invalid characters.

hoangtubongdem153 commented 1 week ago

Doublecheck your proxyHost variable as set in JAVA_TOOL_OPTIONS. From the stack trace and error message it appears that your proxyHost contains invalid characters.

I have check and i see no error in setting proxy in JAVA_TOOL_OPTIONS, file log are below: error_dependency_check.txt

Please help me. I installed it on my laptop at home and it ran very smoothly, but in desktop in my company (it has proxy has been set with JAVA_TOOL_OPTIONS ), but it still not work, please help me 😭😭😭