Dependencycheck: [ERROR] Unable to connect to the dependency-check database

Created on 9 Sep 2020  路  12Comments  路  Source: jeremylong/DependencyCheck

I just upgraded dependency-check from 5.3.2 to 6.0.0 using brew. Afterwards I get the error from the bug title using the cli.

The errors in the log file are:
2020-09-09 12:46:25,262 org.owasp.dependencycheck.data.nvdcve.ConnectionFactory:191
DEBUG -
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Upgrade SQL file does not exist: data/upgrade_4.2.sql
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.updateSchema(ConnectionFactory.java:371)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.ensureSchemaVersion(ConnectionFactory.java:423)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:189)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection(ConnectionFactory.java:230)
at org.owasp.dependencycheck.data.nvdcve.CveDB.open(CveDB.java:266)
at org.owasp.dependencycheck.data.nvdcve.CveDB.(CveDB.java:236)
at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:1047)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:923)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:740)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:670)
at org.owasp.dependencycheck.App.runScan(App.java:254)
at org.owasp.dependencycheck.App.run(App.java:186)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: java.lang.IllegalArgumentException: resource data/upgrade_4.2.sql not found.
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:217)
at com.google.common.io.Resources.getResource(Resources.java:195)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.updateSchema(ConnectionFactory.java:358)
... 12 common frames omitted

And:
2020-09-09 12:46:27,959 org.owasp.dependencycheck.App:209
DEBUG - unexpected error
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to connect to the dependency-check database
at org.owasp.dependencycheck.Engine.throwFatalDatabaseException(Engine.java:780)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:747)
at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:670)
at org.owasp.dependencycheck.App.runScan(App.java:254)
at org.owasp.dependencycheck.App.run(App.java:186)
at org.owasp.dependencycheck.App.main(App.java:81)
Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Database schema does not match this version of dependency-check
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:192)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection(ConnectionFactory.java:230)
at org.owasp.dependencycheck.data.nvdcve.CveDB.open(CveDB.java:266)
at org.owasp.dependencycheck.data.nvdcve.CveDB.(CveDB.java:236)
at org.owasp.dependencycheck.Engine.openDatabase(Engine.java:1047)
at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:923)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:740)
... 4 common frames omitted
Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Upgrade SQL file does not exist: data/upgrade_4.2.sql
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.updateSchema(ConnectionFactory.java:371)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.ensureSchemaVersion(ConnectionFactory.java:423)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize(ConnectionFactory.java:189)
... 10 common frames omitted
Caused by: java.lang.IllegalArgumentException: resource data/upgrade_4.2.sql not found.
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:217)
at com.google.common.io.Resources.getResource(Resources.java:195)
at org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.updateSchema(ConnectionFactory.java:358)
... 12 common frames omitted
2020-09-09 12:46:27,959 org.owasp.dependencycheck.App:82
DEBUG - Exit code: -13

I was able to resolve the issue by deleting the contents of /usr/local/var/dependencycheck/ which meant I had to redownload all definitions.

bug
Source
picture brileyd

Most helpful comment

Warning messages have been updated in 6.0.2 for the CLI and updated paths in Ant and Gradle should resolve the actual bugs. However, 6.x did contain breaking changes and many may need to run purge.

picture jeremylong on 14 Sep 2020
👍3

All 12 comments

Same problem, solution for the moment is to delete data directory of before version.

mvits picture mvits on 9 Sep 2020
👍3

In case anyone has trouble finding the data directory, it is located at ~/.gradle/dependency-check-data so 

rm -r ~/.gradle/dependency-check-data

worked for me.

petergphillips picture petergphillips on 10 Sep 2020
👍2 😄1

Same problem here. I'm going to apply the workaround, but what's the ideal solution here? I can help with a PR if possible 馃槃

karuppiah7890 picture karuppiah7890 on 10 Sep 2020

@petergphillips you can also just run ./gradlew dependencyCheckPurge.

That being said - can you run ls ~/.gradle/dependency-check-data and post the results to show what is in the directory? There should be a 5.0 directory. With earlier versions there should have been a 4.0 directory.

jeremylong picture jeremylong on 11 Sep 2020

I just have a 4.0 directory I'm afraid, no matter whether I run 5.3.2.1 or 6.0.0. No other directories there. I'm running using Gradle 6.6.1 on ubuntu. Tried without the gradle daemon but didn't make any difference.

petergphillips picture petergphillips on 11 Sep 2020

Then something very odd is going on... Something very strange is going on - the plugin should be using a 5.0 data directory:

https://github.com/jeremylong/dependency-check-gradle/blob/0c560f74d4b6c358d6722f915bf23c4f7153c833/src/main/resources/task.properties#L2

Any chance that somehow the 5.x plugin is still on the path somehow and the wrong task.properties is being picked up?

jeremylong picture jeremylong on 11 Sep 2020

Isn't the value defined in https://github.com/jeremylong/dependency-check-gradle/blob/master/src/main/groovy/org/owasp/dependencycheck/gradle/extension/DataExtension.groovy#L29 instead?

petergphillips picture petergphillips on 11 Sep 2020

I've raised https://github.com/jeremylong/dependency-check-gradle/pull/197 to hopefully fix

petergphillips picture petergphillips on 11 Sep 2020

Sorry I missed the PR - I just implemented this and pushed 6.0.0.1.

Gradle users - please upgrade to 6.0.0.1.

jeremylong picture jeremylong on 11 Sep 2020
👍1

Does this correct the issue with the CLI version or just the gradle plugin as my issue was with the CLI version?

brileyd picture brileyd on 11 Sep 2020

@brileyd there was a bug in the gradle plugin. For the CLI if you run into the issue you just need to run dependency-check.sh --purge to remove the old database.

jeremylong picture jeremylong on 12 Sep 2020
👍2

Warning messages have been updated in 6.0.2 for the CLI and updated paths in Ant and Gradle should resolve the actual bugs. However, 6.x did contain breaking changes and many may need to run purge.

jeremylong picture jeremylong on 14 Sep 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

razeitona picture razeitona  路  15Comments
albuch picture albuch  路  16Comments
DanielRuf picture DanielRuf  路  16Comments
OrangeDog picture OrangeDog  路  14Comments
prabhu picture prabhu  路  37Comments