2023年12月18日 星期一

[研究]OWASP Dependency-Check 執行出錯 Failed to initialize the RetireJS repo

[研究]OWASP Dependency-Check 執行出錯 Failed to initialize the RetireJS repo

2023-12-18


********************************************************************************

Gitea 簽入程式碼後,Jenkins 呼叫 OWASP Dependency-Check,結果出錯

[ERROR] Failed to initialize the RetireJS repo
org.owasp.dependencycheck.data.update.exception.UpdateException: Failed to initialize the RetireJS repo
	at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:141)
	at org.owasp.dependencycheck.data.update.RetireJSDataSource.update(RetireJSDataSource.java:89)
	at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:902)
	at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:707)
	at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:633)
	at org.owasp.dependencycheck.App.runScan(App.java:259)
	at org.owasp.dependencycheck.App.run(App.java:191)
	at org.owasp.dependencycheck.App.main(App.java:86)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to copy 'https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json' to 'D:\dependency-check\data\jsrepository.json'; Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:135)
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:91)
	at org.owasp.dependencycheck.data.update.RetireJSDataSource.initializeRetireJsRepo(RetireJSDataSource.java:139)
	... 7 common frames omitted
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json; unable to connect.
	at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:267)
	at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:163)
	at org.owasp.dependencycheck.utils.Downloader.fetchFile(Downloader.java:130)
	... 9 common frames omitted
Caused by: java.net.ConnectException: Connection refused: no further information
	at java.base/sun.nio.ch.Net.pollConnect(Native Method)
	at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:672)
	at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:542)
	at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:597)
	at java.base/java.net.Socket.connect(Socket.java:633)
	at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:178)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:531)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:636)
	at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:266)
	at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:380)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:193)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1242)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1128)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:179)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142)
	at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:206)
	... 11 common frames omitted
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (6658 ms)
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Failed to initialize the RetireJS repo
[ERROR] No documents exist
ERROR: Mark build as failed because of exit code 13
Build step 'Invoke Dependency-Check' changed build result to FAILURE
[DependencyTrack] Publishing artifact to Dependency-Track - http://10.3.xxx.xxx:8081
[DependencyTrack] The artifact was successfully published. You may now navigate to http://10.3.xxx.xxx:8081/projects/xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx to view the results.
Sending e-mails to: 略@略.com
[Office365connector] Matched status 'FAILURE' for webhook with name 'nccstjenkins'.
No emails were triggered.
Finished: FAILURE


********************************************************************************

解決

[研究] OWASP Dependency-Check 9.0.6 元件依賴關係檢查工具https://shaurong.blogspot.com/2023/12/owasp-dependency-check-906.html

整個 Dependency-Check 目錄砍了,執行一次,雖然沒 NVD API Key,會下載。

第二次開始,都加上  -n  參數。

(完)

相關

Dependency Check Fails to Run (Failed to initialize the RetireJS repo) #6033
依賴項檢查無法運作(無法初始化 RetireJS 儲存庫) 第6033章
2023-11-01
https://github.com/jeremylong/DependencyCheck/issues/6033

Failed to initialize the RetireJS repo · Issue #2599 · jeremylong/DependencyCheck · GitHub
https://github.com/jeremylong/DependencyCheck/issues/2599


張貼者:
標籤: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)