Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support Basic Auth for NVD Mirror Urls

See original GitHub issue

If i’m using an url like this https://username:password@someMirror.com/nist-data-mirror/nvdcve-1.0-modified.json.gz i’m getting a [org.owasp.dependencycheck.utils.HttpResourceConnection] IO Exception connecting to. In the Debug Log there is the info that it’s an 401 Unauthorized.

We need a way to authorize not only for a proxy, but also for a mirror.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
vdotjansencommented, Oct 23, 2019

@jeremylong I have added a pull request for this enhancement, could you have a quick look.

@devtribe, @artursmolarek & @bernermic could you test if my enhancement also works for your situations?

0reactions
bernermiccommented, Oct 17, 2019

I too tried the basic-auth way, which is not working. Finding this thread I tried to set proxyuser & proxypassword. But result stays the same.

dependencyCheck {
        cve {
        urlModified = "https://mirror.url/nvdcve-1.1-modified.json.gz"
        urlBase = "https://mirror.url/nvdcve-1.1-%d.json.gz"
    }
    proxy {
        username = "mirror-user"
        password = "mirror-password"
    }
}

Leads to [org.owasp.dependencycheck.utils.HttpResourceConnection] Error retrieving https://mirror.url/nvdcve-1.1-modified.meta; received response code 401.

Curl request against my mirror works as described above.

curl -I https://mirror-user:mirror-password@mirror.url/nvdcve-1.1-modified.json.gz
HTTP/1.1 200 OK
Read more comments on GitHub >

github_iconTop Results From Across the Web

NVD - Home
The NVD is the U.S. government repository of standards based vulnerability management data ... The NVD includes databases of security checklist references, ...
Read more >
dependency-check-cli – Command Line Arguments
When mirroring the NVD you must mirror the *.json.gz and the *.meta files. ... --cveUser, <username>, Credentials used for basic authentication for the...
Read more >
Qualys API (VM, PC) User Guide
This documentation uses the API server URL for Qualys US Platform 1 ... Contact Qualys Support to get the X-Powered-By HTTP header enabled....
Read more >
Solr News - Apache Solr
This allows the Admin UI to use OIDC (JWTAuthPlugin) to authenticate users while still supporting Basic authentication for command-line tools and the ...
Read more >
API - VulDB
The authentication data is sent as HTTP POST parameter or HTTP header. If your personal API key got stolen and abused, please contact...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Unsuppressable vulnerability: BREACH attack possible in CSRF tokens

Next page

Version 4.0.2 can not download NVD