stefanneuhaus / dependencycheck-central-mysql-docker

Self-updating OWASP DependencyCheck Database Server :book:
https://hub.docker.com/r/stefanneuhaus/dependencycheck-central-mysql/
Apache License 2.0
15 stars 9 forks source link

Problem with p_shortDescription (charset?) #18

Closed cpfeiffer closed 10 months ago

cpfeiffer commented 1 year ago

Updating the database does not work anymore, see the following stacktrace:

[...]
Caused by: java.sql.BatchUpdateException: Incorrect string value: '\xEF\xBF\xBDboa...' for column 'p_shortDescription' at row 1
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at com.mysql.cj.util.Util.handleNewInstance(Util.java:192)
        at com.mysql.cj.util.Util.getInstance(Util.java:167)
        at com.mysql.cj.util.Util.getInstance(Util.java:174)
        at com.mysql.cj.jdbc.exceptions.SQLError.createBatchUpdateException(SQLError.java:224)
        at com.mysql.cj.jdbc.ClientPreparedStatement.executeBatchSerially(ClientPreparedStatement.java:816)
        at com.mysql.cj.jdbc.ClientPreparedStatement.executeBatchInternal(ClientPreparedStatement.java:418)
        at com.mysql.cj.jdbc.StatementImpl.executeBatch(StatementImpl.java:795)
        at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:241)
        at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:241)
        at org.owasp.dependencycheck.data.nvdcve.CveDB.updateKnownExploitedVulnerabilities(CveDB.java:1095)
        at org.owasp.dependencycheck.data.update.KnownExploitedDataSource.update(KnownExploitedDataSource.java:85)
        at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:900)
        at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:872)
        at org.owasp.dependencycheck.gradle.tasks.Update.update(Update.groovy:56
Caused by: java.sql.SQLException: Incorrect string value: '\xEF\xBF\xBDboa...' for column 'p_shortDescription' at row 1
        at com.mysql.cj.jdbc.exceptions.SQLError.createSQLException(SQLError.java:129)
        at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:122)
        at com.mysql.cj.jdbc.ClientPreparedStatement.executeInternal(ClientPreparedStatement.java:916)
        at com.mysql.cj.jdbc.ClientPreparedStatement.executeUpdateInternal(ClientPreparedStatement.java:1061)
        at com.mysql.cj.jdbc.ClientPreparedStatement.executeBatchSerially(ClientPreparedStatement.java:795)
        ... 125 more

I suspect that this is due to the default character set of the mysql:

mysql> show variables like 'char%';
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | latin1                     |
| character_set_connection | latin1                     |
| character_set_database   | latin1                     |
| character_set_filesystem | binary                     |
| character_set_results    | latin1                     |
| character_set_server     | latin1                     |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.01 sec)

mysql> show variables like 'collation%';
+----------------------+-------------------+
| Variable_name        | Value             |
+----------------------+-------------------+
| collation_connection | latin1_swedish_ci |
| collation_database   | latin1_swedish_ci |
| collation_server     | latin1_swedish_ci |
+----------------------+-------------------+
Jurrie commented 10 months ago

I am not entirely sure, but this might be fixed with #19. Maybe you could try to see if that fixes it? If you report back, we will also know if I didn't break anything else 😀

stefanneuhaus commented 10 months ago

I could reproduce the issue when I tried to do the runtime comparison for PR #19. After merging the PR the bug seems to be fixed. So I am quite confident that this one is fixed. @cpfeiffer If you disagree, please re-open.