Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Exception while parsing nvdcve
See original GitHub issueWhen dtrack initializes NIST mirroring the parser can’t handle format of certain cve identifiers. Log with stack trace provided below.
Current Behavior:
Exception is thrown when parsing nvdcve-1.0-2014.json
Steps to Reproduce:
Trigger download and parsing of NVD
Expected Behavior:
Successful parse
Environment:
- Dependency-Track Version: 3.6.1
- Distribution: Docker
- BOM Format & Version: N/A
- Database Server: PostgreSQL
- Browser: N/A
Additional Details:
09:07:41.955 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2014.json.gz
09:07:42.065 INFO [NistMirrorTask] Downloading...
09:07:42.267 INFO [NistMirrorTask] Uncompressing nvdcve-1.0-2014.json.gz
09:07:41.955 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2014.json.gz
09:07:42.599 INFO [NvdParser] Parsing nvdcve-1.0-2014.json
09:11:49.186 ERROR [NvdParser] An error occurred while parsing: cpe:2.3:a:disney:where\'s_my_perry?_free:1.5.1:*:*:*:*:android:*:*
us.springett.parsers.cpe.exceptions.CpeParsingException: Invalid product component: CPE Strings may not contain unquoted question marks except at the beginning or end of the string
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:230)
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:191)
at us.springett.parsers.cpe.CpeParser.parse(CpeParser.java:55)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23Uri(ModelConverter.java:34)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23UriToVulnerableSoftware(ModelConverter.java:58)
at org.dependencytrack.parser.nvd.NvdParser.generateVulnerableSoftware(NvdParser.java:275)
at org.dependencytrack.parser.nvd.NvdParser.parseCpes(NvdParser.java:252)
at org.dependencytrack.parser.nvd.NvdParser.lambda$parse$0(NvdParser.java:167)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:290)
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.pollAndExecCC(ForkJoinPool.java:1190)
at java.util.concurrent.ForkJoinPool.helpComplete(ForkJoinPool.java:1879)
at java.util.concurrent.ForkJoinPool.externalHelpComplete(ForkJoinPool.java:2467)
at java.util.concurrent.ForkJoinTask.externalAwaitDone(ForkJoinTask.java:324)
at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:405)
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734)
at java.util.stream.ForEachOps$ForEachOp.evaluateParallel(ForEachOps.java:159)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateParallel(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:650)
at org.dependencytrack.parser.nvd.NvdParser.parse(NvdParser.java:71)
at org.dependencytrack.tasks.NistMirrorTask.uncompress(NistMirrorTask.java:264)
at org.dependencytrack.tasks.NistMirrorTask.doDownload(NistMirrorTask.java:203)
at org.dependencytrack.tasks.NistMirrorTask.getAllFiles(NistMirrorTask.java:117)
at org.dependencytrack.tasks.NistMirrorTask.inform(NistMirrorTask.java:96)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:97)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
09:11:49.275 ERROR [NvdParser] An error occurred while parsing: cpe:2.3:a:disney:where\'s_my_water?_free:1.9.1:*:*:*:*:android:*:*
us.springett.parsers.cpe.exceptions.CpeParsingException: Invalid product component: CPE Strings may not contain unquoted question marks except at the beginning or end of the string
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:230)
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:191)
at us.springett.parsers.cpe.CpeParser.parse(CpeParser.java:55)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23Uri(ModelConverter.java:34)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23UriToVulnerableSoftware(ModelConverter.java:58)
at org.dependencytrack.parser.nvd.NvdParser.generateVulnerableSoftware(NvdParser.java:275)
at org.dependencytrack.parser.nvd.NvdParser.parseCpes(NvdParser.java:252)
at org.dependencytrack.parser.nvd.NvdParser.lambda$parse$0(NvdParser.java:167)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:290)
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.pollAndExecCC(ForkJoinPool.java:1190)
at java.util.concurrent.ForkJoinPool.helpComplete(ForkJoinPool.java:1879)
at java.util.concurrent.ForkJoinPool.externalHelpComplete(ForkJoinPool.java:2467)
at java.util.concurrent.ForkJoinTask.externalAwaitDone(ForkJoinTask.java:324)
at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:405)
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734)
at java.util.stream.ForEachOps$ForEachOp.evaluateParallel(ForEachOps.java:159)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateParallel(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:650)
at org.dependencytrack.parser.nvd.NvdParser.parse(NvdParser.java:71)
at org.dependencytrack.tasks.NistMirrorTask.uncompress(NistMirrorTask.java:264)
at org.dependencytrack.tasks.NistMirrorTask.doDownload(NistMirrorTask.java:203)
at org.dependencytrack.tasks.NistMirrorTask.getAllFiles(NistMirrorTask.java:117)
at org.dependencytrack.tasks.NistMirrorTask.inform(NistMirrorTask.java:96)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:97)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
09:12:13.779 ERROR [NvdParser] An error occurred while parsing: cpe:2.3:a:gratta_\&_vinci?_project:gratta_\&_vinci?:0.21.13167.93474:*:*:*:*:android:*:*
us.springett.parsers.cpe.exceptions.CpeParsingException: Invalid vendor component: CPE Strings may not contain unquoted question marks except at the beginning or end of the string
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:230)
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:191)
at us.springett.parsers.cpe.CpeParser.parse(CpeParser.java:55)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23Uri(ModelConverter.java:34)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23UriToVulnerableSoftware(ModelConverter.java:58)
at org.dependencytrack.parser.nvd.NvdParser.generateVulnerableSoftware(NvdParser.java:275)
at org.dependencytrack.parser.nvd.NvdParser.parseCpes(NvdParser.java:252)
at org.dependencytrack.parser.nvd.NvdParser.lambda$parse$0(NvdParser.java:167)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:290)
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.pollAndExecCC(ForkJoinPool.java:1190)
at java.util.concurrent.ForkJoinPool.helpComplete(ForkJoinPool.java:1879)
at java.util.concurrent.ForkJoinPool.externalHelpComplete(ForkJoinPool.java:2467)
at java.util.concurrent.ForkJoinTask.externalAwaitDone(ForkJoinTask.java:324)
at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:405)
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734)
at java.util.stream.ForEachOps$ForEachOp.evaluateParallel(ForEachOps.java:159)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateParallel(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:650)
at org.dependencytrack.parser.nvd.NvdParser.parse(NvdParser.java:71)
at org.dependencytrack.tasks.NistMirrorTask.uncompress(NistMirrorTask.java:264)
at org.dependencytrack.tasks.NistMirrorTask.doDownload(NistMirrorTask.java:203)
at org.dependencytrack.tasks.NistMirrorTask.getAllFiles(NistMirrorTask.java:117)
at org.dependencytrack.tasks.NistMirrorTask.inform(NistMirrorTask.java:96)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:97)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
09:13:15.388 ERROR [NvdParser] An error occurred while parsing: cpe:2.3:a:whoisit:who-is-it?_lite_name_caller_time_limited_free:1:*:*:*:*:android:*:*
us.springett.parsers.cpe.exceptions.CpeParsingException: Invalid product component: CPE Strings may not contain unquoted question marks except at the beginning or end of the string
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:230)
at us.springett.parsers.cpe.CpeParser.parse23(CpeParser.java:191)
at us.springett.parsers.cpe.CpeParser.parse(CpeParser.java:55)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23Uri(ModelConverter.java:34)
at org.dependencytrack.parser.nvd.ModelConverter.convertCpe23UriToVulnerableSoftware(ModelConverter.java:58)
at org.dependencytrack.parser.nvd.NvdParser.generateVulnerableSoftware(NvdParser.java:275)
at org.dependencytrack.parser.nvd.NvdParser.parseCpes(NvdParser.java:252)
at org.dependencytrack.parser.nvd.NvdParser.lambda$parse$0(NvdParser.java:167)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.ForEachOps$ForEachTask.compute(ForEachOps.java:290)
at java.util.concurrent.CountedCompleter.exec(CountedCompleter.java:731)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.pollAndExecCC(ForkJoinPool.java:1190)
at java.util.concurrent.ForkJoinPool.helpComplete(ForkJoinPool.java:1879)
at java.util.concurrent.ForkJoinPool.externalHelpComplete(ForkJoinPool.java:2467)
at java.util.concurrent.ForkJoinTask.externalAwaitDone(ForkJoinTask.java:324)
at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:405)
at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734)
at java.util.stream.ForEachOps$ForEachOp.evaluateParallel(ForEachOps.java:159)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateParallel(ForEachOps.java:173)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:485)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:650)
at org.dependencytrack.parser.nvd.NvdParser.parse(NvdParser.java:71)
at org.dependencytrack.tasks.NistMirrorTask.uncompress(NistMirrorTask.java:264)
at org.dependencytrack.tasks.NistMirrorTask.doDownload(NistMirrorTask.java:203)
at org.dependencytrack.tasks.NistMirrorTask.getAllFiles(NistMirrorTask.java:117)
at org.dependencytrack.tasks.NistMirrorTask.inform(NistMirrorTask.java:96)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:97)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Unable to download the NVD CVE data - Stack Overflow
1 solved the problem. Error message: DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1 ...
Read more >NvdCveParser xref
UpdateException ; 48 import org.owasp.dependencycheck.utils.Settings; 49 50 /** 51 * Parser and processor of NVD CVE JSON data feeds.
Read more >CVE-2022-24839 Detail - NVD
The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup.
Read more >org.owasp.dependencycheck.data.update.exception - Tabnine
Constructs a new Cpe Object by parsing the vendor and product from the CPE ... throw new UpdateException("NVD CVE properties files contain an...
Read more >org.owasp.dependencycheck.data.nvdcve (Dependency-Check ...
A simple class to maintain information about the current element while parsing the NVD CVE XML. Exception Summary. DatabaseException, An exception thrown if...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thats a good suggestion. Done.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.