Describe the bug
I cached the NVD data feed using vulnz API and uploaded all downloaded *json.gz files into a RAW Nexus repository. When executing OWAP dependency check I reference the cached NVD data using --nvdDatafeed command line option. Result is a NPE
Exception in thread "main" java.lang.NullPointerException
at java.base/java.time.ZoneId.from(Unknown Source)
at java.base/java.time.ZonedDateTime.from(Unknown Source)
at java.base/java.time.ZonedDateTime.until(Unknown Source)
at java.base/java.time.Duration.between(Unknown Source)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.checkUpdate(NvdApiDataSource.java:443)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processDatafeed(NvdApiDataSource.java:117)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:108)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637)
at org.owasp.dependencycheck.App.runScan(App.java:262)
at org.owasp.dependencycheck.App.run(App.java:194)
at org.owasp.dependencycheck.App.main(App.java:89)
Version of dependency-check used
The problem occurs using version X9.0.2 of the cli
To Reproduce
Steps to reproduce the behavior:
Call dependency check with --nvdDatafeed option
dependency-check.sh --nvdDatafeed 'https://host/nexus3/repository/NVDApiCache/nvdcve-{0}.json.gz' -o '...' -f HTML -f XML -s '...' --nvdApiKey '...' --disableRetireJS --disableAssembly
Expected behavior
No NPE
Regards
Ulrich
Describe the bug
I cached the NVD data feed using vulnz API and uploaded all downloaded *json.gz files into a RAW Nexus repository. When executing OWAP dependency check I reference the cached NVD data using --nvdDatafeed command line option. Result is a NPE
Exception in thread "main" java.lang.NullPointerException
at java.base/java.time.ZoneId.from(Unknown Source)
at java.base/java.time.ZonedDateTime.from(Unknown Source)
at java.base/java.time.ZonedDateTime.until(Unknown Source)
at java.base/java.time.Duration.between(Unknown Source)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.checkUpdate(NvdApiDataSource.java:443)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processDatafeed(NvdApiDataSource.java:117)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update(NvdApiDataSource.java:108)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:637)
at org.owasp.dependencycheck.App.runScan(App.java:262)
at org.owasp.dependencycheck.App.run(App.java:194)
at org.owasp.dependencycheck.App.main(App.java:89)
Version of dependency-check used
The problem occurs using version X9.0.2 of the cli
To Reproduce
Steps to reproduce the behavior:
Call dependency check with --nvdDatafeed option
dependency-check.sh --nvdDatafeed 'https://host/nexus3/repository/NVDApiCache/nvdcve-{0}.json.gz' -o '...' -f HTML -f XML -s '...' --nvdApiKey '...' --disableRetireJS --disableAssembly
Expected behavior
No NPE
Regards
Ulrich