search

nodejs / nodejs-dependency-vuln-assessments

MIT License
14 stars 5 forks source link

Vulnerability check reported failure on main - Wed Jul 20 00:36:39 UTC 2022 - Tool Failure #11

Closed mhdawson closed 2 years ago

mhdawson commented 2 years ago

https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/2701477230 \ Invalid search criteria syntax: <Response [403]>

facutuesca commented 2 years ago

I also get this error sometimes (randomly). It looks like either a problem with the NVD server, or the script making too many requests in a short amount of time (triggering the rate limit). If it's the second one, it should improve when we start using an API key (which increases the rate limit for queries). If it's the first one, we need to account for it in the script.

mhdawson commented 2 years ago

@facutuesca it seems to be consistent today with all runs attempted hitting that error. I still get it after merging your PR to improve the captured message.

mhdawson commented 2 years ago

This is the failure from recent failures:

Invalid search criteria syntax: <Response [403]>
Attempted search criteria: {'keyword': 'undici'}
Traceback (most recent call last):
  File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/node/tools/dep_checker/main.py", line 168, in <module>
    exit(main())
  File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/node/tools/dep_checker/main.py", line 151, in main
    nvd_vulnerabilities = query_nvd()
  File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/node/tools/dep_checker/main.py", line [12](https://github.com/nodejs/nodejs-dependency-vuln-assessments/runs/7420307944?check_suite_focus=true#step:5:13)4, in query_nvd
    for cve in searchCVE(cpeMatchString=dep.get_cpe(), keyword=dep.keyword)
  File "/opt/hostedtoolcache/Python/3.9.[13](https://github.com/nodejs/nodejs-dependency-vuln-assessments/runs/7420307944?check_suite_focus=true#step:5:14)/x64/lib/python3.9/site-packages/nvdlib/cve.py", line 307, in searchCVE
    raw = __get('cve', parameters, limit, key, verbose)
  File "/opt/hostedtoolcache/Python/3.9.13/x64/lib/python3.9/site-packages/nvdlib/get.py", line 41, in __get
    totalResults = raw['totalResults']
TypeError: 'Response' object is not subscriptable
Error: Process completed with exit code 1.
facutuesca commented 2 years ago

@facutuesca it seems to be consistent today with all runs attempted hitting that error. I still get it after merging your PR to improve the captured message.

@mhdawson The merged PR was not related to this issue. This error should improve once we start using the NVD API key (PR: https://github.com/nodejs/node/pull/43909)

mhdawson commented 2 years ago

Resolved now that PR landed and we added the NVD api token, closing.