Describe the bug
dependency-check version: 8.1.2
internal Database schema version: 5.4
internal Database vendor: Oracle 19c, ojdbc8-21.9.0.0 driver
When the tool is attempting to run the lines in https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/data/dbEcosystemCacheUpdates.sql, Oracle is throwing a ORA-00933 because of the semicolons at then end of each statement. If I update the SQL script and remove the semicolons, rebuild the app, and run the CLI tool again, the statements are executed without error.
Version of dependency-check used
The problem occurs using version 8.1.2
Log file
[INFO] Checking for updates
[ERROR] Database Exception, unable to update the data to use the most current data.
org.owasp.dependencycheck.data.update.exception.UpdateException: Database Exception, unable to update the data to use the most current data.
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:160)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:900)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:705)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:631)
at org.owasp.dependencycheck.App.runScan(App.java:259)
at org.owasp.dependencycheck.App.run(App.java:191)
at org.owasp.dependencycheck.App.main(App.java:86)
Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to update the ecosystem cache
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateEcosystemCache(CveDB.java:153)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:144)
... 6 common frames omitted
Caused by: java.sql.SQLSyntaxErrorException: ORA-00933: SQL command not properly ended
at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:629)
at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:563)
at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1150)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:770)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:298)
at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:497)
at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:111)
at oracle.jdbc.driver.T4CStatement.executeForRows(T4CStatement.java:1010)
at oracle.jdbc.driver.OracleStatement.executeSQLStatement(OracleStatement.java:1530)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1310)
at oracle.jdbc.driver.OracleStatement.executeUpdateInternal(OracleStatement.java:2088)
at oracle.jdbc.driver.OracleStatement.executeLargeUpdate(OracleStatement.java:2053)
at oracle.jdbc.driver.OracleStatement.executeUpdate(OracleStatement.java:2041)
at oracle.jdbc.driver.OracleStatementWrapper.executeUpdate(OracleStatementWrapper.java:309)
at org.apache.commons.dbcp2.DelegatingStatement.executeUpdate(DelegatingStatement.java:341)
at org.apache.commons.dbcp2.DelegatingStatement.executeUpdate(DelegatingStatement.java:341)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateEcosystemCache(CveDB.java:149)
... 7 common frames omitted
Caused by: oracle.jdbc.OracleDatabaseException: ORA-00933: SQL command not properly ended
at oracle.jdbc.driver.T4CTTIoer11.processError(T4CTTIoer11.java:636)
... 23 common frames omitted
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[WARN] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[ERROR] One or more fatal errors occurred
[ERROR] Database Exception, unable to update the data to use the most current data.
[ERROR] No documents exist
To Reproduce
Run dependency-check.sh on an existing database.
Expected behavior
The tool should be able to complete updating the database without throwing an error.
Additional context
Running the statements manually is successful, just running them via the tool fails.
Describe the bug
dependency-check version: 8.1.2
internal Database schema version: 5.4
internal Database vendor: Oracle 19c, ojdbc8-21.9.0.0 driver
When the tool is attempting to run the lines in https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/data/dbEcosystemCacheUpdates.sql, Oracle is throwing a ORA-00933 because of the semicolons at then end of each statement. If I update the SQL script and remove the semicolons, rebuild the app, and run the CLI tool again, the statements are executed without error.
Version of dependency-check used
The problem occurs using version 8.1.2
Log file
To Reproduce
Run
dependency-check.shon an existing database.Expected behavior
The tool should be able to complete updating the database without throwing an error.
Additional context
Running the statements manually is successful, just running them via the tool fails.