Skip to content

Commit

Permalink
fix: add retry for failed NVD API requests (#6136)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeremylong
jeremylong authored Nov 26, 2023
1 parent daf8c98 commit 5601e55
Show file tree
Hide file tree
Showing 17 changed files with 162 additions and 90 deletions.
29 changes: 29 additions & 0 deletions ant/src/main/java/org/owasp/dependencycheck/taskdefs/Update.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ public class Update extends Purge {
* The NVD API Key.
*/
private String nvdApiKey;
/**
* The maximum number of retry requests for a single call to the NVD API.
*/
private Integer nvdMaxRetryCount;
/**
* The number of hours to wait before checking for new updates from the NVD.
*/
Expand Down Expand Up @@ -153,6 +157,24 @@ public void setNvdApiKey(String nvdApiKey) {
this.nvdApiKey = nvdApiKey;
}

/**
* Get the value of nvdMaxRetryCount.
*
* @return the value of nvdMaxRetryCount
*/
public int getNvdMaxRetryCounts() {
return nvdMaxRetryCount;
}

/**
* Set the value of nvdMaxRetryCount.
*
* @param nvdMaxRetryCount new value of nvdMaxRetryCount
*/
public void setNvdMaxRetryCount(int nvdMaxRetryCount) {
this.nvdMaxRetryCount = nvdMaxRetryCount;
}

/**
* Get the value of nvdValidForHours.
*
Expand Down Expand Up @@ -578,6 +600,13 @@ protected void populateSettings() throws BuildException {
getSettings().setStringIfNotEmpty(Settings.KEYS.NVD_API_DATAFEED_URL, nvdDatafeedUrl);
getSettings().setStringIfNotEmpty(Settings.KEYS.NVD_API_DATAFEED_USER, nvdUser);
getSettings().setStringIfNotEmpty(Settings.KEYS.NVD_API_DATAFEED_PASSWORD, nvdPassword);
if (nvdMaxRetryCount != null) {
if (nvdMaxRetryCount > 0) {
getSettings().setInt(Settings.KEYS.NVD_API_MAX_RETRY_COUNT, nvdMaxRetryCount);
} else {
throw new BuildException("Invalid setting: `nvdMaxRetryCount` must be greater than zero");
}
}
if (nvdValidForHours != null) {
if (nvdValidForHours >= 0) {
getSettings().setInt(Settings.KEYS.NVD_API_VALID_FOR_HOURS, nvdValidForHours);
Expand Down
1 change: 1 addition & 0 deletions ant/src/site/markdown/config-update.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ The following properties can be configured in the plugin. However, they are less
Property | Description | Default Value
---------------------|----------------------------------------------------------------------------------------------------------------------|------------------
nvdApiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |  
nvdMaxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key
nvdDatafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data - example value `https://internal.server/cache/nvdcve-{0}.json.gz` |  
nvdUser | Credentials used for basic authentication for the NVD API Data feed. |  
Expand Down
1 change: 1 addition & 0 deletions ant/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ The following properties can be configured in the plugin. However, they are less
Property | Description | Default Value
---------------------|--------------------------------------------------------------------------------------------------------------|------------------
nvdApiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |  
nvdMaxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key
nvdDatafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data - example value `https://internal.server/cache/nvdcve-{0}.json.gz` |  
nvdUser | Credentials used for basic authentication for the NVD API Data feed. |  
Expand Down
1 change: 1 addition & 0 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,7 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
settings.setStringIfNotEmpty(Settings.KEYS.NVD_API_DATAFEED_URL, cli.getStringArgument(CliParser.ARGUMENT.NVD_API_DATAFEED_URL));
settings.setStringIfNotEmpty(Settings.KEYS.NVD_API_DATAFEED_USER, cli.getStringArgument(CliParser.ARGUMENT.NVD_API_DATAFEED_USER));
settings.setStringIfNotEmpty(Settings.KEYS.NVD_API_DATAFEED_PASSWORD, cli.getStringArgument(CliParser.ARGUMENT.NVD_API_DATAFEED_PASSWORD));
settings.setIntIfNotNull(Settings.KEYS.NVD_API_MAX_RETRY_COUNT, cli.getIntegerValue(CliParser.ARGUMENT.NVD_API_MAX_RETRY_COUNT));
settings.setIntIfNotNull(Settings.KEYS.NVD_API_VALID_FOR_HOURS, cli.getIntegerValue(CliParser.ARGUMENT.NVD_API_VALID_FOR_HOURS));

settings.setStringIfNotNull(Settings.KEYS.HOSTED_SUPPRESSIONS_URL,
Expand Down
18 changes: 18 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ private CommandLine parseArgs(String[] args) throws ParseException {
*/
private void validateArgs() throws FileNotFoundException, ParseException {
if (isUpdateOnly() || isRunScan()) {

String value = line.getOptionValue(ARGUMENT.NVD_API_VALID_FOR_HOURS);
if (value != null) {
try {
Expand All @@ -125,6 +126,17 @@ private void validateArgs() throws FileNotFoundException, ParseException {
throw new ParseException("Invalid Setting: nvdValidForHours must be a number greater than or equal to 0.");
}
}
value = line.getOptionValue(ARGUMENT.NVD_API_MAX_RETRY_COUNT);
if (value != null) {
try {
final int i = Integer.parseInt(value);
if (i <= 0) {
throw new ParseException("Invalid Setting: nvdMaxRetryCount must be a number greater than 0.");
}
} catch (NumberFormatException ex) {
throw new ParseException("Invalid Setting: nvdMaxRetryCount must be a number greater than 0.");
}
}
value = line.getOptionValue(ARGUMENT.NVD_API_DELAY);
if (value != null) {
try {
Expand Down Expand Up @@ -347,6 +359,8 @@ private void addAdvancedOptions(final Options options) {
"Credentials for basic authentication to the NVD API Datafeed."))
.addOption(newOptionWithArg(ARGUMENT.NVD_API_DATAFEED_PASSWORD, "password",
"Credentials for basic authentication to the NVD API Datafeed."))
.addOption(newOptionWithArg(ARGUMENT.NVD_API_MAX_RETRY_COUNT,"count",
"The maximum number of retry requests for a single call to the NVD API."))
.addOption(newOptionWithArg(ARGUMENT.NVD_API_VALID_FOR_HOURS, "hours",
"The number of hours to wait before checking for new updates from the NVD."))
.addOption(newOptionWithArg(ARGUMENT.PROXY_PORT, "port",
Expand Down Expand Up @@ -1117,6 +1131,10 @@ public static class ARGUMENT {
* The CLI argument name for setting the URL for the CVE Data Files.
*/
public static final String NVD_API_KEY = "nvdApiKey";
/**
* The CLI argument name for setting the maximum number of retry requests for a single call to the NVD API.
*/
public static final String NVD_API_MAX_RETRY_COUNT = "nvdMaxRetryCount";
/**
* The CLI argument name for setting the number of hours to wait before
* checking for new updates from the NVD.
Expand Down
Loading

0 comments on commit 5601e55

Please sign in to comment.