Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues updating CVE database behind https proxy #39

Closed
budric opened this issue Apr 20, 2016 · 3 comments
Closed

Issues updating CVE database behind https proxy #39

budric opened this issue Apr 20, 2016 · 3 comments
Labels
bug

Comments

@budric
Copy link

budric commented Apr 20, 2016

Hi,

I have a firewall that blocks all outbound ports except port 80 (firewall can't be changed). For HTTPS there's a squid proxy available that allows HTTP tunnel using CONNECT method. Environment variables for http_proxy and https_proxy are set on the server/shell running vuls. When updating with go-cve-dictionary fetchnvd -last2y it stalls with timeout error:

[Apr 20 11:24:24]  INFO Fetching... http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz
 0 / 2 [-----------------------------------------------]   0.00%
[Apr 20 11:24:24]  INFO Fetching... http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml.gz
[Apr 20 11:26:31] ERROR Failed to fetch cve data from NVD. err: HTTP error. errs: [Get https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz: dial tcp 129.6.13.177:443: connection timed out], url: http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz

wget tool works:

$ wget http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml.gz
--2016-04-20 11:30:04--  http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml.gz
Resolving my.org.proxy.address (my.org.proxy.address)... x.x.x.x
Connecting to my.org.proxy.address (my.org.proxy.address)|x.x.x.x|:3128... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml.gz [following]
--2016-04-20 11:30:04--  https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2015.xml.gz
Connecting to my.org.proxy.address (my.org.proxy.address)|x.x.x.x|:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1505541 (1.4M) [application/x-gzip]
Saving to: ‘nvdcve-2.0-2015.xml.gz’

Not sure if it's a bug, or enhancement request to make vuls work behind proxy like wget/curl tools work on the system.

Also notice the HTTP 301 move from http://static.nvd.nist.gov address to https://static.nvd.nist.gov . Perhaps that's tripping up the vuls code somewhere. Sorry I'm not a go programmer I have no idea where to start looking.

Thank you.
@kotakanbe
Copy link
Member

kotakanbe commented Apr 20, 2016
edited
Loading

Hi, @budric
Thanks for reporting.
It's a bug.
I will fix it today.

@kotakanbe kotakanbe mentioned this issue Apr 21, 2016
Merged
@kotakanbe
Copy link
Member

kotakanbe commented Apr 21, 2016
edited
Loading

Hi, @budric

I Fixed the bug.
see vulsio/go-cve-dictionary#9

Update and build go-cve-dictionary and vuls

$ go get -u github.com/kotakanbe/go-cve-dictionary
$ go get -u github.com/future-architect/vuls

Then

$ go-cve-dictionary fetchnvd -last2y -http-proxy=http://your-proxy-server.com:80

OS Environment variable is not supported yet.

@kotakanbe kotakanbe added the bug label Apr 21, 2016
@budric
Copy link
Author

budric commented Apr 21, 2016

Thanks very much!
Works.

@budric budric closed this as completed Apr 21, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kotakanbe @budric