Skip to content

Commit

Permalink
fix: reduce chance NVD API block updates due to rate limit
Browse files Browse the repository at this point in the history 
- increase default delay from 2000 to 3500
- resolves #6195
  • Loading branch information
@jeremylong
jeremylong committed Dec 20, 2023
1 parent 006684b commit 4f30695
Show file tree
Hide file tree
Showing 8 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion ant/src/site/markdown/config-update.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ Property | Description
nvdApiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |  
nvdApiEndpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0
nvdMaxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key
nvdDatafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data - example value `https://internal.server/cache/nvdcve-{0}.json.gz` |  
nvdUser | Credentials used for basic authentication for the NVD API Data feed. |  
nvdPassword | Credentials used for basic authentication for the NVD API Data feed. |  
Expand Down
2 changes: 1 addition & 1 deletion ant/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ Property | Description
nvdApiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |  
nvdApiEndpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0
nvdMaxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key
nvdDatafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data - example value `https://internal.server/cache/nvdcve-{0}.json.gz` |  
nvdUser | Credentials used for basic authentication for the NVD API Data feed. |  
nvdPassword | Credentials used for basic authentication for the NVD API Data feed. |  
Expand Down
2 changes: 1 addition & 1 deletion cli/src/site/markdown/arguments.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Advanced Options
| | \-\-nvdApiKey | \<apiKey\> | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key | &nbsp; |
| | \-\-nvdApiEndpoint | \<endpoint\> | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 |
| | \-\-nvdMaxRetryCount | \<count\> | The maximum number of retry requests for a single call to the NVD API. | 10 |
| | \-\-nvdApiDelay | \<milliseconds\>| The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key |
| | \-\-nvdApiDelay | \<milliseconds\>| The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key |
| | \-\-nvdDatafeed | \<url\> | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data - example value `https://internal.server/cache/nvdcve-{0}.json.gz` | &nbsp; |
| | \-\-nvdUser | \<username\> | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
| | \-\-nvdPassword | \<password\> | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/org/owasp/dependencycheck/data/update/NvdApiDataSource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ private boolean processApi() throws UpdateException {
if (key != null) {
//using a higher delay as the system may not be able to process these faster.
builder.withApiKey(key)
.withDelay(2000)
.withDelay(3500)
.withThreadCount(4);
} else {
LOGGER.warn("An NVD API Key was not provided - it is highly recommended to use "
Expand Down
2 changes: 1 addition & 1 deletion maven/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ nvdApiKey | The API Key to access the NVD API; obtained from http
nvdApiEndpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 |
nvdApiServerId | The id of a server defined in the settings.xml that configures the credentials (password is used as ApiKey) for accessing the NVD API. | &nbsp; |
nvdMaxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 |
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key . |
nvdApiDelay | The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key . |
nvdDatafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data - example value `https://internal.server/cache/nvdcve-{0}.json.gz` | &nbsp; |
nvdDatafeedServerId | The id of a server defined in the settings.xml that configures the credentials (username and password) for accessing the NVD API Data feed.| &nbsp; |
nvdUser | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
Expand Down
2 changes: 1 addition & 1 deletion src/site/markdown/dependency-check-gradle/configuration-aggregate.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ Config Group | Property | Description
nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key | &nbsp; |
nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 |
nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 |
nvd | delay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key |
nvd | delay | The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key |
nvd | datafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data | &nbsp; |
nvd | datafeedUser | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
nvd | datafeedPassword | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
Expand Down
2 changes: 1 addition & 1 deletion src/site/markdown/dependency-check-gradle/configuration-update.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ Config Group | Property | Description
nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key | &nbsp; |
nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 |
nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 |
nvd | delay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key . |
nvd | delay | The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key . |
nvd | datafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data | &nbsp; |
nvd | datafeedUser | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
nvd | datafeedPassword | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
Expand Down
2 changes: 1 addition & 1 deletion src/site/markdown/dependency-check-gradle/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ Config Group | Property | Description
nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key | &nbsp; |
nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 |
nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 |
nvd | delay | The number of milliseconds to wait between calls to the NVD API. | 2000 with an NVD API Key or 8000 without an API Key |
nvd | delay | The number of milliseconds to wait between calls to the NVD API. | 3500 with an NVD API Key or 8000 without an API Key |
nvd | datafeedUrl | The URL for the NVD API Data feed that can be generated using https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data | &nbsp; |
nvd | datafeedUser | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
nvd | datafeedPassword | Credentials used for basic authentication for the NVD API Data feed. | &nbsp; |
Expand Down

0 comments on commit 4f30695

Please sign in to comment.