From @OrangeDog originally.
Precondition
Describe the bug
Often triggered by repeated NVD failures, but appears to have revealed a number of bugs in the code, including:
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Error updating 'CVE-1999-1186'; General error: "org.h2.mvstore.MVStoreException: Reading from file sun.nio.ch.FileChannelImpl@47993bef failed at 249080802 (length -1), read 0, remaining 512 [2.4.240/1]"; SQL statement:
SELECT id, ecosystem FROM cpeEntry WHERE part=? AND vendor=? AND product=? AND version=? AND update_version=? AND edition=? AND lang=? AND sw_edition=? AND target_sw=? AND target_hw=? AND other=? [50000-240]
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:1104)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.updateCveDb (NvdApiProcessor.java:119)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:96)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:328)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1090)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:614)
at java.lang.Thread.run (Thread.java:1474)
java.lang.NullPointerException: Cannot invoke "org.apache.commons.dbcp2.BasicDataSource.getConnection()" because "this.connectionPool" is null
at org.owasp.dependencycheck.data.nvdcve.DatabaseManager.getConnection (DatabaseManager.java:576)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateOrInsertVulnerability (CveDB.java:1168)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability (CveDB.java:1093)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.updateCveDb (NvdApiProcessor.java:119)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:96)
at org.owasp.dependencycheck.data.update.nvd.api.NvdApiProcessor.call (NvdApiProcessor.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:328)
at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1090)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:614)
at java.lang.Thread.run (Thread.java:1474)
Version of dependency-check used
The problem occurs using version 12.2.2 of the maven plugin.
Log file
https://gist.github.com/OrangeDog/ab9ce4715fb37d5fa9d38b09dee02d83
Expected behavior
Graceful handling of HTTP errors and no database issues.
From @chadlwilson
This is just because the shutdown of ODC and all its threads and connection pools is not sequenced or clean.
The database is closed while there are still active threads and connections. What should happen is it should make a "fatal" decision, then interrurpt all pools/hreads/connections/workers, wait for them to complete and then close the database and exit, but it does not.
There is probably some duplicate issue here somewhere as I had some WIP to fix it. Can't find it right now. Related to #6535 though.
From @OrangeDog originally.
Precondition
Describe the bug
Often triggered by repeated NVD failures, but appears to have revealed a number of bugs in the code, including:
Version of dependency-check used
The problem occurs using version 12.2.2 of the maven plugin.
Log file
https://gist.github.com/OrangeDog/ab9ce4715fb37d5fa9d38b09dee02d83
Expected behavior
Graceful handling of HTTP errors and no database issues.
From @chadlwilson
This is just because the shutdown of ODC and all its threads and connection pools is not sequenced or clean.
The database is closed while there are still active threads and connections. What should happen is it should make a "fatal" decision, then interrurpt all pools/hreads/connections/workers, wait for them to complete and then close the database and exit, but it does not.
There is probably some duplicate issue here somewhere as I had some WIP to fix it. Can't find it right now. Related to #6535 though.