fix: prevent NPE (#113)

* fix: prevent NPE
resolves #112

* chore: bump version

buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle

@@ -12,7 +12,7 @@ plugins {
 }
 
 group 'io.github.jeremylong'
-version = '5.1.0'
+version = '5.1.1'
 
 repositories {
     mavenCentral()

open-vulnerability-clients/README.md

@@ -39,14 +39,14 @@ See API usage examples in the [open-vulnerability-store](https://github.com/jere
 <dependency>
    <groupId>io.github.jeremylong</groupId>
    <artifactId>open-vulnerability-clients</artifactId>
-   <version>5.1.0</version>
+   <version>5.1.1</version>
 </dependency>
 ```
 
 ### gradle
 
 ```groovy
-implementation 'io.github.jeremylong:open-vulnerability-clients:5.1.0'
+implementation 'io.github.jeremylong:open-vulnerability-clients:5.1.1'
 ```
 
 ### api usage

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java

@@ -319,37 +319,43 @@ public Collection<DefCveItem> next() {
         RateLimitedCall call;
         try {
             call = getCompletedFuture();
-            SimpleHttpResponse response = call.getResponse();
-            if (response.getCode() == 200) {
-                LOG.debug("Content-Type Received: {}", response.getContentType());
-                json = response.getBodyText();
-                // resolve issue #20
-                if (json == null && response.getBody().isBytes()) {
-                    json = new String(response.getBodyBytes(), StandardCharsets.UTF_8);
-                }
-
-                CveApiJson20 current;
-                try {
-                    current = objectMapper.readValue(json, CveApiJson20.class);
-                    this.indexesToRetrieve.remove(call.getStartIndex());
-                } catch (JsonProcessingException e) {
+            if (call == null) {
+                if (hasNext()) {
                     return next();
                 }
-                this.totalAvailable = current.getTotalResults();
-                lastUpdated = findLastUpdated(lastUpdated, current.getVulnerabilities());
-                if (firstCall) {
-                    firstCall = false;
-                    queueCalls();
-                }
-                if (futures.isEmpty() && !indexesToRetrieve.isEmpty()) {
-                    queueUnsuccessful();
-                }
-                return current.getVulnerabilities();
             } else {
-                lastStatusCode = response.getCode();
-                LOG.debug("Status Code: {}", lastStatusCode);
-                LOG.debug("Response: {}", response.getBodyText());
-                throw new NvdApiException("NVD Returned Status Code: " + lastStatusCode);
+                SimpleHttpResponse response = call.getResponse();
+                if (response.getCode() == 200) {
+                    LOG.debug("Content-Type Received: {}", response.getContentType());
+                    json = response.getBodyText();
+                    // resolve issue #20
+                    if (json == null && response.getBody().isBytes()) {
+                        json = new String(response.getBodyBytes(), StandardCharsets.UTF_8);
+                    }
+
+                    CveApiJson20 current;
+                    try {
+                        current = objectMapper.readValue(json, CveApiJson20.class);
+                        this.indexesToRetrieve.remove(call.getStartIndex());
+                    } catch (JsonProcessingException e) {
+                        return next();
+                    }
+                    this.totalAvailable = current.getTotalResults();
+                    lastUpdated = findLastUpdated(lastUpdated, current.getVulnerabilities());
+                    if (firstCall) {
+                        firstCall = false;
+                        queueCalls();
+                    }
+                    if (futures.isEmpty() && !indexesToRetrieve.isEmpty()) {
+                        queueUnsuccessful();
+                    }
+                    return current.getVulnerabilities();
+                } else {
+                    lastStatusCode = response.getCode();
+                    LOG.debug("Status Code: {}", lastStatusCode);
+                    LOG.debug("Response: {}", response.getBodyText());
+                    throw new NvdApiException("NVD Returned Status Code: " + lastStatusCode);
+                }
             }
         } catch (InterruptedException e) {
             Thread.currentThread().interrupt();
@@ -362,8 +368,8 @@ public Collection<DefCveItem> next() {
                 return next();
             }
             close();
-            return null;
         }
+        return null;
     }
 
     /**
@@ -389,17 +395,17 @@ public ZonedDateTime getLastUpdated() {
     }
 
     private RateLimitedCall getCompletedFuture() throws InterruptedException, ExecutionException {
-        boolean notFound = futures.size() > 0;
         Future<RateLimitedCall> result = null;
-        while (notFound) {
+        while (result == null && !futures.isEmpty()) {
             for (Future<RateLimitedCall> future : futures) {
                 if (future.isDone()) {
                     result = future;
-                    notFound = false;
                     break;
                 }
             }
-            Thread.sleep(500);
+            if (result == null) {
+                Thread.sleep(500);
+            }
         }
         if (result != null) {
             futures.remove(result);

vulnz/README.md

@@ -72,7 +72,7 @@ export JAVA_OPTS="-Xmx2g"
 Alternatively, run the CLI using the `-Xmx2g` argument:
 
 ```bash
-java -Xmx2g -jar ./vulnz-5.1.0.jar
+java -Xmx2g -jar ./vulnz-5.1.1.jar
 ```
 
 ### Creating the Cache
@@ -89,7 +89,7 @@ for file in *.json; do gzip -k "${file}"; done
 Alternatively, without using the above install command:
 
 ```bash
-./vulnz-5.1.0.jar cve --cache --directory ./cache
+./vulnz-5.1.1.jar cve --cache --directory ./cache
 cd cache
 for file in *.json; do gzip -k "${file}"; done 
 ```