NVD API sometimes returns gibberish

Question

NVD API sometimes returns gibberish

raboof opened this issue a year ago · comments

After a number of successful fetches I sometimes see:

ERROR
io.github.jeremylong.nvdlib.NvdApiException: Failed to parse JSON starting with: "??`I?%&/m?{J?J??t?`$??@???????iG#)?*??eVe]f@??????{????{????;?N'????\fdl??J???!?"
	at io.github.jeremylong.nvdlib.NvdCveApi.next(NvdCveApi.java:294)

I haven't verified whether the NVD API is really returning gibberish or that there's something going wrong on the application side. I did check that the response has an application/json content type as usual.

Jeremy Long · Answer 1 · Thu Mar 09 2023 07:15:17 GMT+0800 (China Standard Time)

I'm gong to bet we can do better here:

https://github.com/jeremylong/vuln-tools/blob/ee5de12fb479516db20529ec4a41d86d4a82a52b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java#L286-L288

Instead of just using the getBodyBytes() we should validate it is correct. In cases that I have seen the getBody() return null - there was actual JSON in the getBodyBytes()...

Arnout Engelen · Answer 2 · Thu Mar 09 2023 19:28:18 GMT+0800 (China Standard Time)

I added a log statement and when it happened again the jibberish came from getBodyText.

Jeremy Long · Answer 3 · Thu Mar 09 2023 19:34:34 GMT+0800 (China Standard Time)

so we'll need to put a retry if we get gibberish... love stable APIs.

meha · Answer 4 · Thu Apr 13 2023 21:26:42 GMT+0800 (China Standard Time)

I also faced this issue recently. Adding screenshot of the error with the nvd mirroring.

Would it be good to add some retry logic in the library to resolve it?
For now I was just thinking on the lines of retry based on JsonParseException. But we can add more conditions if needed

Jeremy Long · Answer 5 · Sun Apr 23 2023 02:47:06 GMT+0800 (China Standard Time)

while the underlying HTTP request will return garbage - the updated library will retry automatically.