Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability check reported failure on main - Wed Jul 20 00:36:39 UTC 2022 - Tool Failure #11

Closed
mhdawson opened this issue Jul 20, 2022 · 5 comments
Closed

Vulnerability check reported failure on main - Wed Jul 20 00:36:39 UTC 2022 - Tool Failure #11

mhdawson opened this issue Jul 20, 2022 · 5 comments

Comments

@mhdawson
Copy link
Member

https://github.com/nodejs/nodejs-dependency-vuln-assessments/actions/runs/2701477230
Invalid search criteria syntax: <Response [403]>
@facutuesca
Copy link
Contributor

I also get this error sometimes (randomly). It looks like either a problem with the NVD server, or the script making too many requests in a short amount of time (triggering the rate limit). If it's the second one, it should improve when we start using an API key (which increases the rate limit for queries). If it's the first one, we need to account for it in the script.

@mhdawson
Copy link
Member Author

@facutuesca it seems to be consistent today with all runs attempted hitting that error. I still get it after merging your PR to improve the captured message.

@mhdawson
Copy link
Member Author

This is the failure from recent failures:

Invalid search criteria syntax: <Response [403]>
Attempted search criteria: {'keyword': 'undici'}
Traceback (most recent call last):
  File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/node/tools/dep_checker/main.py", line 168, in <module>
    exit(main())
  File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/node/tools/dep_checker/main.py", line 151, in main
    nvd_vulnerabilities = query_nvd()
  File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/node/tools/dep_checker/main.py", line [12](https://github.com/nodejs/nodejs-dependency-vuln-assessments/runs/7420307944?check_suite_focus=true#step:5:13)4, in query_nvd
    for cve in searchCVE(cpeMatchString=dep.get_cpe(), keyword=dep.keyword)
  File "/opt/hostedtoolcache/Python/3.9.[13](https://github.com/nodejs/nodejs-dependency-vuln-assessments/runs/7420307944?check_suite_focus=true#step:5:14)/x64/lib/python3.9/site-packages/nvdlib/cve.py", line 307, in searchCVE
    raw = __get('cve', parameters, limit, key, verbose)
  File "/opt/hostedtoolcache/Python/3.9.13/x64/lib/python3.9/site-packages/nvdlib/get.py", line 41, in __get
    totalResults = raw['totalResults']
TypeError: 'Response' object is not subscriptable
Error: Process completed with exit code 1.

@mhdawson mhdawson changed the title Vulnerability check reported failure on main - Wed Jul 20 00:36:39 UTC 2022 Vulnerability check reported failure on main - Wed Jul 20 00:36:39 UTC 2022 - Tool Failure Jul 20, 2022
@facutuesca
Copy link
Contributor

@facutuesca it seems to be consistent today with all runs attempted hitting that error. I still get it after merging your PR to improve the captured message.

@mhdawson The merged PR was not related to this issue. This error should improve once we start using the NVD API key (PR: nodejs/node#43909)

@mhdawson
Copy link
Member Author

Resolved now that PR landed and we added the NVD api token, closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@facutuesca @mhdawson