Closed johnlabuyfoy1024 closed 1 year ago
vehemont
commented
1 year ago Hi,
Can you please provide the entire error output when the timeout occurs?
Thanks
Edit: https://github.com/vehemont/nvdlib/issues/26#issuecomment-1645806289 NVD API is having issues at the moment.
SSarka69
commented
1 year ago Hi,
I am also facing similar timeout issue occasionally. Please find the attached picture for reference and is there any solution to this error?
Thanks
johnlabuyfoy1024
commented
1 year ago Code:
r = [] #Initialize r
r = nvdlib.searchCVE(cveId=s2,key='xyzxyzxyzxyz',verbose=True)Error Message:
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-22954
Traceback (most recent call last):
File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 449, in _make_request
six.raise_from(e, None)
File "
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/home/johnf/.local/lib/python3.10/site-packages/requests/adapters.py", line 489, in send resp = conn.urlopen( File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 787, in urlopen retries = retries.increment( File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/util/retry.py", line 550, in increment raise six.reraise(type(error), error, _stacktrace) File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen httplib_response = self._make_request( File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 451, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 340, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='services.nvd.nist.gov', port=443): Read timed out. (read timeout=30)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/johnf/cve_manager_VS/./first-api-epss.py", line 169, in
vehemont
commented
1 year ago Thank you for the output. Could you please see if you still experience the issue after adding delay=12 to nvdlib.searchCVE?
Example:
r = nvdlib.searchCVE(cveId=s2,key='xyzxyzxyzxyz',verbose=True, delay=12)
This will add a 12 second delay to the search. NVD has firewall rules in place that could be dropping the connection (or putting up a 404) because it believes your IP address to be going over the rate limit. NVDLib has built-in rate limiting, but it can be bypassed unintentionally by stopping and starting code repeatedly that makes searches.
johnlabuyfoy1024
commented
1 year ago Still getting timeout error - Code:
r = [] #Initialize r
r = nvdlib.searchCVE(cveId=s2,key='xyzxyzxyzxyz',verbose=True, delay=12)/Error message:
Now running first-api-epss.py
url = https://api.first.org/data/v1/epss?order=!epss&limit=1500
Wrote intermediate output-epss.txt
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-30525
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-22947
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-22965
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-22954
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-26134
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-1388
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-22963
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-37061
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-35405
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-29464
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-26352
Filter:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-37042
Traceback (most recent call last):
File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 449, in _make_request
six.raise_from(e, None)
File "
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/home/johnf/.local/lib/python3.10/site-packages/requests/adapters.py", line 489, in send resp = conn.urlopen( File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 787, in urlopen retries = retries.increment( File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/util/retry.py", line 550, in increment raise six.reraise(type(error), error, _stacktrace) File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/packages/six.py", line 770, in reraise raise value File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 703, in urlopen httplib_response = self._make_request( File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 451, in _make_request self._raise_timeout(err=e, url=url, timeout_value=read_timeout) File "/home/johnf/anaconda3/lib/python3.10/site-packages/urllib3/connectionpool.py", line 340, in _raise_timeout raise ReadTimeoutError( urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='services.nvd.nist.gov', port=443): Read timed out. (read timeout=30)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/johnf/cve_manager_VS/./first-api-epss.py", line 169, in
jacobocasado
commented
1 year ago I get the same error. Could be a srv issue?
vehemont
commented
1 year ago Attached is a compressed wheel file that contains an update to allow a custom timeout parameter. By default it set to 30 seconds, but you can enter a custom value. I tested it when setting the value to 60 and it seems to work for me, but please try it and see if it resolves your issue. If it works, then I will release this version.
Example:
r = nvdlib.searchCVE(cveId=s2,key='xyzxyzxyzxyz',verbose=True, timeout=60)
To install the wheel, you must first right click and extract the contents, then navigate to the same directory as the wheel file and run the following. You might need to first uninstall the current nvdlib by running pip uninstall nvdlib then running the below:
python install nvdlib-0.7.5-py3-none-any.whl
I believe this is caused by the NVD server taking too long to reply, which isn't an issue as long as we an define an appropriate timeout.
jacobocasado
commented
1 year ago I'll try it today, thx!
johnlabuyfoy1024
commented
1 year ago I tried nvdlib 0.7.5 and with timeout = 60 and some other settings as well and still get read timeout errors and HTTP 503 errors. However, I emailed the nvd today and got this response which seems to confirm that the problem is on the nvd side:
"Thank you for notifying the NVD. We are aware of sporadic errors being provided to users of the APIs and are investigating the root cause for resolution. We apologize for the inconvenience during this time."
vehemont
commented
1 year ago Thanks for reaching out to them. I will keep this issue open in the mean time so people can find updates.
mhdawson
commented
1 year ago We've been getting persistent timeouts like this
Run (
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/connectionpool.py", line 536, in _make_request
response = conn.getresponse()
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/connection.py", line 454, in getresponse
httplib_response = super().getresponse()
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/http/client.py", line 1377, in getresponse
response.begin()
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/http/client.py", line 320, in begin
version, status, reason = self._read_status()
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/http/client.py", line 281, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/socket.py", line 704, in readinto
return self._sock.recv_into(b)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/ssl.py", line 1242, in recv_into
return self.read(nbytes, buffer)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/ssl.py", line 1100, in read
return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/connectionpool.py", line 844, in urlopen
retries = retries.increment(
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/util/retry.py", line 470, in increment
raise reraise(type(error), error, _stacktrace)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/util/util.py", line 39, in reraise
raise value
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/connectionpool.py", line 790, in urlopen
response = self._make_request(
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/connectionpool.py", line 538, in _make_request
self._raise_timeout(err=e, url=url, timeout_value=read_timeout)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/urllib3/connectionpool.py", line 370, in _raise_timeout
raise ReadTimeoutError(
urllib3.exceptions.ReadTimeoutError: HTTPSConnectionPool(host='services.nvd.nist.gov', port=443): Read timed out. (read timeout=30)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/dep_checker/main.py", line 261, in <module>
exit(main())
File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/dep_checker/main.py", line 236, in main
nvd_vulnerabilities: list[Vulnerability] = query_nvd(
File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/dep_checker/main.py", line [15](https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5491594759/jobs/10008272004#step:6:16)5, in query_nvd
for cve in searchCVE(
File "/opt/hostedtoolcache/Python/3.9.[17](https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5491594759/jobs/10008272004#step:6:18)/x64/lib/python3.9/site-packages/nvdlib/cve.py", line 270, in searchCVE
raw = __get('cve', headers, parameters, limit, verbose, delay)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/nvdlib/get.py", line [22](https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5491594759/jobs/10008272004#step:6:23), in __get
raw = requests.get(link, params=stringParams, headers=headers, timeout=[30](https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5491594759/jobs/10008272004#step:6:31))
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "/opt/hostedtoolcache/Python/3.9.17/x64/lib/python3.9/site-packages/requests/adapters.py", line 5[32](https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5491594759/jobs/10008272004#step:6:33), in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='services.nvd.nist.gov', port=4[43](https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/5491594759/jobs/10008272004#step:6:44)): Read timed out. (read timeout=30)
Error: Process completed with exit code 1.Since Wednesday July 5th.
I upgraded to 0.7.4 today but that did not change the behaviour.
I then found this discussion and see the issue is likely on the nvd side. Do those on the thread think it is worth adjusting the timeout (which is 6) etc. or just waiting until we hear the the problem on the nvd side is resolved.
vehemont
commented
1 year ago Do those on the thread think it is worth adjusting the timeout (which is 6) etc. or just waiting until we hear the the problem on the nvd side is resolved.
From the evidence in this thread, changing the timeout does not make any difference. It will be best to wait for an update from NVD.
mhdawson
commented
1 year ago @vehemont thanks for confirming.
Fares-Harri
commented
1 year ago using nvdlib 0.7.4, for around 10 days it is not working for me and now I tested this https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=django I get the response after around 1:40 minutes and sometimes I just get 503/504 server error response is it the same issue?
vehemont
commented
1 year ago using nvdlib 0.7.4, for around 10 days it is not working for me and now I tested this https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=django I get the response after around 1:40 minutes and sometimes I just get 503/504 server error response is it the same issue?
Yes. That is the issue we are experiencing at this time. Feel free to reach out to the NVD and inform them the issue is still occurring.
johnlabuyfoy1024
commented
1 year ago Update from NVD on timeout / 503 errors on 7-17-2023:
"We are aware of the root cause for the issue and are working to find appropriate resolutions that will have minimal impact to the userbase while improving reliability of the site and search. We do not have a timeline for this currently and appreciate your patience during this period."
vehemont
commented
1 year ago I will push out an update disabling the keyword and keyword exact match options. I will re-enable them once the issue is resolved.
Update from the NVD:
Keyword and Keyword Exact Match Searches Temporarily Disabled The NVD has been experiencing issues with website and API availability. We have identified the root cause, however, due to the particular complexities and other operational needs, a larger scale solution must be put into place. This will take time to implement and resolve. In the interim, to ensure continuity of services that are not impacted, we will be disabling both the keyword and keyword exact match capabilities of the vulnerability search page and APIs. We are aware that this will impact the daily efforts of many that make use of our data and request understanding and patience while we move towards a viable solution. For questions and concerns you can contact nvd@nist.gov . Please refrain from requesting timelines on resolution, we will notify all users through the various channels available when we have information to share on the topic. V/r, The National Vulnerability Database Team
mhdawson
commented
1 year ago @vehemont I assume it 0.7.5 that I should wait for in terms of the above?
vehemont
commented
1 year ago NVD released news regarding this issue. NVDLib should be back in functioning order. I don't think any changes will need to be made to NVDLib but I'll do some testing and find out.
Keyword and keyword exact match searches have been re-enabled. Clarifications on how keyword search operates can be found in the documentation for keyword parameters. For questions and concerns you can contact nvd@nist.gov .
Fares-Harri
commented
1 year ago Yes it is working now again
mhdawson
commented
1 year ago Seems to be working for the nodejs automation, thanks for this issue and the updates.
I'm using nvdlib-0.7.4 and occasionally I get a time out error from urllib3 when executing: r = nvdlib.searchCVE(cveId=s2,key='xyz',verbose=True,delay=6) Timeout is currently set to 30 Is there a way I can increase the timeout? Thanks