Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DatabaseException: Error updating 'CVE-2020-36569' #300

Closed
ben-manes opened this issue Jan 6, 2023 · 5 comments
Closed

DatabaseException: Error updating 'CVE-2020-36569' #300

ben-manes opened this issue Jan 6, 2023 · 5 comments

Comments

@ben-manes
Copy link

It looks like the internal db needs to use a wider column.

full log

> Task :dependencyCheckAggregate
Verifying dependencies for project caffeine
Checking for updates and analyzing dependencies for vulnerabilities
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-36569'
org.owasp.dependencycheck.data.update.exception.UpdateException: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-36569'
	at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:157)
	at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:114)
	at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call(ProcessTask.java:41)
	at java.base@17.0.5/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base@17.0.5/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base@17.0.5/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base@17.0.5/java.lang.Thread.run(Thread.java:833)
Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-2020-36569'
	at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(CveDB.java:823)
	at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse(NvdCveParser.java:114)
	at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON(ProcessTask.java:141)
	at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles(ProcessTask.java:154)
	... 6 more
Caused by: org.h2.jdbc.JdbcBatchUpdateException: Value too long for column "VERSIONENDEXCLUDING CHARACTER VARYING(60)": "'0.0.0-20160722212129-ac0cc4484ad4_before_v0.0.0-20200131131040-063a3fb69896' (75)"; SQL statement:
INSERT INTO software (cveid, cpeEntryId, versionEndExcluding, versionEndIncluding, versionStartExcluding, versionStartIncluding, vulnerable) VALUES (?, ?, ?, ?, ?, ?, ?) [22001-214]
	at org.h2.jdbc.JdbcPreparedStatement.executeBatch(JdbcPreparedStatement.java:1[269](https://github.com/ben-manes/caffeine/actions/runs/3853202396/jobs/6565987231#step:5:279))
	at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:241)
	at org.apache.commons.dbcp2.DelegatingStatement.executeBatch(DelegatingStatement.java:241)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.executeBatch(CveDB.java:1248)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerabilityInsertSoftware(CveDB.java:1098)
	at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(CveDB.java:816)
	... 9 more
Unable to continue dependency-check analysis.
Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':dependencyCheckAggregate'.
> Analysis failed.
@KoheiMoroi
Copy link

I have encountered this exception using the latest version 7.4.3, too.

@whereispie
Copy link

whereispie commented Jan 6, 2023
edited

yeah, got the same problem now. 60 chars is small amount, need 75 + in software column (field: versionEndExcluding)

Caused by: org.h2.jdbc.JdbcBatchUpdateException: Value too long for column "VERSIONENDEXCLUDING CHARACTER VARYING(60)": "'0.0.0-20160722212129-ac0cc4484ad4_before_v0.0.0-20200131131040-063a3fb69896' (75)"; SQL statement:
INSERT INTO software (cveid, cpeEntryId, versionEndExcluding, versionEndIncluding, versionStartExcluding, versionStartIncluding, vulnerable) VALUES (?, ?, ?, ?, ?, ?, ?) [22001-214]

@mateuszbiela mateuszbiela mentioned this issue Jan 6, 2023
Merged
@bmarty bmarty mentioned this issue Jan 6, 2023
Merged
@aikebah
Copy link
Contributor

aikebah commented Jan 6, 2023

See also jeremylong/DependencyCheck#5220

A fix is being worked on; the base libraries have been released

@aikebah
Copy link
Contributor

aikebah commented Jan 6, 2023

Gradle plugin is also available for 7.4.4 (jeremylong/DependencyCheck#5220 (comment))

@jeremylong
Copy link
Collaborator

homebrew will be published shortly

ben-manes added a commit to ben-manes/caffeine that referenced this issue Jan 7, 2023
@ben-manes
upgrade dependency-analyze due to broken CVE database
44eefad 
dependency-check/dependency-check-gradle#300
ben-manes added a commit to ben-manes/caffeine that referenced this issue Jan 7, 2023
@ben-manes
upgrade dependency-check due to broken CVE database
5acabb6 
dependency-check/dependency-check-gradle#300
@bmarty bmarty mentioned this issue Jan 9, 2023
Merged
bmarty added a commit to element-hq/element-x-android that referenced this issue Jan 9, 2023
@bmarty
dependencycheck 7.4.4 (with fix for dependency-check/dependency-check…
e7ff60d 
…-gradle#300)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ben-manes @jeremylong @aikebah @whereispie @KoheiMoroi