Describe the bug
When the --log flag is provided during a database update, every single byte that is transfered from NVD over HTTPS is logged at DEBUG from the class org.apache.hc.client5.http.impl.async.LoggingIOSession. Not only does this generate unnecessarily large log files, it makes finding actual errors next to impossible. This is especially problematic, as this log is where local database connection issues are logged, and are hidden from the normal output.
Version of dependency-check used
Docker image docker.io/owasp/dependency-check:9.0.4
Log file
Log file is too large to gist, excerpt follows
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:321
25
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] 145 bytes written
24
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
23
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> GET /rest/json/c 47 45 54 20 2f 72 65 73 74 2f 6a 73 6f 6e 2f 63
22
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
21
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> ves/2.0?resultsP 76 65 73 2f 32 2e 30 3f 72 65 73 75 6c 74 73 50
20
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
19
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> erPage=2000&star 65 72 50 61 67 65 3d 32 30 30 30 26 73 74 61 72
18
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
17
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> tIndex=66000 HTT 74 49 6e 64 65 78 3d 36 36 30 30 30 20 48 54 54
16
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
15
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> P/1.1 User-Agen 50 2f 31 2e 31 0d 0a 55 73 65 72 2d 41 67 65 6e
14
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
13
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> t: vulnz Host: 74 3a 20 76 75 6c 6e 7a 0d 0a 48 6f 73 74 3a 20
12
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
11
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> services.nvd.nis 73 65 72 76 69 63 65 73 2e 6e 76 64 2e 6e 69 73
10
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
9
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> t.gov Connectio 74 2e 67 6f 76 0d 0a 43 6f 6e 6e 65 63 74 69 6f
8
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
7
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> n: keep-alive 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d
6
2023-12-11 20:28:43,968 org.apache.hc.client5.http.impl.async.LoggingIOSession:297
5
DEBUG - c-0000000001[ACTIVE][r:w][ACTIVE][r][NOT_HANDSHAKING][0][0][183] >> 0a
To Reproduce
Execute container image above with extra flags: --log=/dev/stderr --updateonly
Expected behavior
Actual meaningful debug information to be kept separate from bit-level tracing.
Additional context
N/A
Describe the bug
When the
--logflag is provided during a database update, every single byte that is transfered from NVD over HTTPS is logged at DEBUG from the classorg.apache.hc.client5.http.impl.async.LoggingIOSession. Not only does this generate unnecessarily large log files, it makes finding actual errors next to impossible. This is especially problematic, as this log is where local database connection issues are logged, and are hidden from the normal output.Version of dependency-check used
Docker image
docker.io/owasp/dependency-check:9.0.4Log file
Log file is too large to gist, excerpt follows
To Reproduce
Execute container image above with extra flags:
--log=/dev/stderr --updateonlyExpected behavior
Actual meaningful debug information to be kept separate from bit-level tracing.
Additional context
N/A